CVE-2024-52395: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2024-52395) was discovered in QunatumCloud Floating Buttons for WooCommerce plugin affecting versions through 2.8.8. The vulnerability was reported on October 21, 2024, by researcher Kévin Mosbahi (Mika) and was publicly disclosed on November 11, 2024 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and has a potential impact on availability (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. This broken access control issue could potentially affect the availability of the system (Patchstack).

The vulnerability has been patched in version 2.9.2 of the Floating Buttons for WooCommerce plugin. Users are advised to update to version 2.9.2 or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).