CVE-2024-52391: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Genetech's Pie Register Premium WordPress plugin affecting versions before 3.8.3.3. The vulnerability was discovered by Ananda Dhakal and was publicly disclosed on November 11, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it can be exploited over the network, requires low attack complexity, and needs no privileges or user interaction (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks in specific functions. The impact is considered to have low severity and is unlikely to be exploited (Patchstack).

Users are advised to update to Pie Register Premium version 3.8.3.3 or later to resolve the vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).