CVE-2024-56244: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the WordPress plugin WP Royal Ashe Extra, affecting versions up to 1.2.92. The vulnerability was discovered by researcher Kévin Mosbahi (Mika) and was publicly disclosed on December 30, 2024. The issue has been assigned CVE-2024-56244 and relates to broken access control security levels (Patchstack).

The vulnerability has been classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability vector is described as CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges for exploitation (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The specific impact varies case by case, though it has been assessed as having a low severity impact (Patchstack).

The vulnerability has been fixed in version 1.3 of the Ashe Extra plugin. Users are advised to update to version 1.3 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).