CVE-2024-56227: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2024-56227) was identified in WP Royal Royal Elementor Addons plugin versions through 1.7.1001. The vulnerability was discovered by Rafie Muhammad and publicly disclosed on December 19, 2024. This security issue affects the WordPress plugin Royal Elementor Addons and is related to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, with no user interaction needed. The scope is unchanged, and it primarily affects integrity with low impact (Patchstack).

The vulnerability is categorized as a broken access control issue, which could potentially allow an unprivileged user to execute certain higher privileged actions. The severity is considered low, with primarily integrity-related impacts (Patchstack).

The vulnerability has been fixed in version 1.7.1002 of the Royal Elementor Addons plugin. Users are advised to update to version 1.7.1002 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).