CVE-2024-50417: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in BoldThemes Bold Page Builder WordPress plugin, tracked as CVE-2024-50417. The vulnerability affects versions through 5.1.3 and involves incorrectly configured access control security levels. The issue was initially reported on October 7, 2024, and was publicly disclosed on October 24, 2024 (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) and has received varying CVSS v3.1 severity ratings. NIST assessed it with a High severity score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), while Patchstack rated it as Medium severity with a score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) (NVD).

The vulnerability represents a broken access control issue that could allow an unprivileged user to execute certain higher privileged actions. The specific impact varies case by case, though Patchstack has classified it as having a low severity impact (Patchstack).

The vulnerability has been fixed in version 5.1.4 of the Bold Page Builder plugin. Users are advised to update to version 5.1.4 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).