CVE-2024-54359: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the Saul Morales Pacheco Banner System WordPress plugin, affecting versions through 1.0.0. The vulnerability was initially reported on October 29, 2024, by researcher ghsinfosec and was publicly disclosed on December 12, 2024. The vulnerability has been assigned CVE-2024-54359 and is related to broken access control security levels (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that allows exploiting incorrectly configured access control security levels. It has received a CVSS v3.1 Base Score of 8.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (NVD).

The vulnerability is considered highly dangerous and is expected to become mass exploited. The CVSS scoring indicates high impact on integrity (I:H) and low impact on availability (A:L), with no direct impact on confidentiality (C:N) (Patchstack).

Currently, there is no official fix available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website owners are advised to implement immediate mitigation measures (Patchstack).