CVE-2024-52500: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2024-52500) was discovered in the Monetag Official Plugin for WordPress, affecting versions up to 1.1.3. The vulnerability was disclosed on January 29, 2025, and allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L. The issue is classified as CWE-862 (Missing Authorization) and requires no authentication to exploit. The vulnerability stems from broken access control mechanisms that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability allows unauthenticated attackers to perform unauthorized actions through broken access control mechanisms. The CVSS scoring indicates potential low-level impacts on both integrity and availability of the affected system, while there is no direct impact on confidentiality (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately (Patchstack).