CVE-2024-54369: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability has been identified in ThemeHunk's Zita Site Builder WordPress plugin affecting versions through 1.0.2. The vulnerability was disclosed on December 16, 2024, and is tracked as CVE-2024-54369. The issue allows unauthorized access to functionality that should be properly constrained by Access Control Lists (ACLs) (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 9.1 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H. The issue is classified under CWE-862 (Missing Authorization). The vulnerability allows unauthenticated access to functionality that should be restricted by proper access controls (NVD).

The vulnerability is considered highly dangerous and is expected to become mass exploited. With a Critical CVSS score of 9.1, it poses significant risks to affected installations, particularly concerning integrity and availability of the system (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Users are advised to implement mitigation measures immediately (Patchstack).