CVE-2024-56004: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Easy Site Importer WordPress plugin, affecting versions through 1.0.1. The vulnerability was discovered by researcher Kévin Mosbahi (Mika) and was disclosed on December 14, 2024. The issue allows for exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned CVE-2024-56004 and received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability is classified under CWE-862 (Missing Authorization) and requires subscriber-level privileges to exploit (Patchstack).

The vulnerability is categorized as a Settings Change type issue, which could potentially allow authenticated users with subscriber-level access to modify plugin settings. The severity is considered low, with limited impact on integrity and availability of the system (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue was reported on November 29, 2024, and an early warning was sent to Patchstack customers on December 14, 2024 (Patchstack).