CVE-2024-49698: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Best Restaurant Menu WordPress plugin by PriceListo, affecting versions through 1.4.2. The vulnerability was discovered by Trương Hữu Phúc and was officially assigned CVE-2024-49698 on October 17, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and required low privileges for exploitation (NVD).

The vulnerability stems from a missing authorization, authentication, or nonce token check in a function that could allow an unprivileged user to execute certain higher privileged actions. The severity is considered low, with potential impact limited to integrity-related concerns (Patchstack).

The vulnerability has been fixed in version 1.4.3 of the Best Restaurant Menu plugin. Users are advised to update to version 1.4.3 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).