CVE-2024-50486: 
WordPress vulnerability analysis and mitigation

The Acnoo Flutter API WordPress plugin, versions up to 1.0.5, contains an Authentication Bypass vulnerability (CVE-2024-50486) that was discovered and reported on October 18, 2024. The vulnerability was publicly disclosed on October 25, 2024, and affects the authentication mechanism of the plugin (Patchstack).

The vulnerability is classified as an Authentication Bypass Using an Alternate Path or Channel (CWE-288) and Missing Authentication for Critical Function (CWE-306). It has received a Critical CVSS v3.1 base score of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating remote exploitability with no privileges or user interaction required (NVD).

The vulnerability allows unauthenticated attackers to bypass authentication mechanisms, potentially leading to account takeover and privilege escalation. If successfully exploited, attackers could gain unauthorized access to higher privileges and potentially take full control of the affected website (Patchstack).

Currently, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to implement immediate mitigation measures (Patchstack).