CVE-2024-49687: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in StoreApps Smart Manager WordPress plugin affecting versions through 8.45.0. The vulnerability was discovered by Ananda Dhakal and was publicly disclosed on October 21, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 score of 4.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The issue stems from missing authorization checks that could allow unprivileged users to execute certain higher privileged actions (Patchstack).

The vulnerability has been assessed as having a low severity impact and is considered unlikely to be exploited. The broken access control issue could potentially allow unauthorized users to perform actions that should be restricted to users with higher privileges (Patchstack).

The vulnerability has been fixed in version 8.46.0 of the Smart Manager plugin. Users are advised to update to version 8.46.0 or later to remediate the issue. Patchstack has also issued a virtual patch to mitigate this vulnerability by blocking potential attacks until users can update to the fixed version (Patchstack).