CVE-2024-54227: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in theDotstore's Minimum and Maximum Quantity for WooCommerce plugin, affecting versions up to 2.0.0. The vulnerability was discovered by Abdi Pranata and was publicly disclosed on December 5, 2024. This security issue has been assigned CVE-2024-54227 and is classified as a broken access control vulnerability (Patchstack).

The vulnerability is categorized as CWE-862 (Missing Authorization) and received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and can potentially impact integrity while having no effect on confidentiality or availability (NVD, Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks in specific functions. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

The vulnerability has been patched in version 2.1.0 of the Minimum and Maximum Quantity for WooCommerce plugin. Users are advised to update to version 2.1.0 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).