CVE-2024-56003: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in David Cramer's Caldera SMTP Mailer WordPress plugin, affecting versions up to 1.0.1. The vulnerability was discovered by researcher Kévin Mosbahi (Mika) and was publicly disclosed on December 14, 2024. The issue has been assigned CVE-2024-56003 and received a CVSS v3.1 score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) where there is a missing authorization check. The vulnerability requires a subscriber-level privilege for exploitation. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, and potential impact on integrity (Patchstack).

The vulnerability has been assessed with a low severity impact. It could potentially allow an unprivileged user to execute certain higher privileged actions due to the broken access control issue (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue was initially reported on November 29, 2024, and an early warning was sent to Patchstack customers on December 14, 2024 (Patchstack).