CVE-2024-6489: 
WordPress vulnerability analysis and mitigation

The Getwid – Gutenberg Blocks plugin for WordPress (CVE-2024-6489) contains a vulnerability related to unauthorized modification of data, discovered in July 2024. The vulnerability affects all versions up to and including 2.0.10, stemming from a missing capability check on the getgoogleapi_key function. This security flaw has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Wordfence).

The vulnerability is classified as CWE-862 (Missing Authorization) and stems from inadequate capability checks in the getgoogleapi_key function. The security issue allows authenticated attackers with Contributor-level access or higher to modify system data by setting the MailChimp API key. The vulnerability has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (NVD).

The vulnerability enables authenticated attackers with Contributor-level privileges or higher to manipulate system data by modifying the MailChimp API key settings. This unauthorized access to API key configuration could potentially lead to service misuse or integration disruptions (Wordfence).

A patch has been released to address this vulnerability. Website administrators running affected versions of the Getwid – Gutenberg Blocks plugin should update to a version newer than 2.0.10 (WordPress).