CVE-2024-6590: 
WordPress vulnerability analysis and mitigation

The Spreadsheet Integration plugin for WordPress (versions up to 3.7.9) contains a vulnerability identified as CVE-2024-6590, discovered and reported by Wordfence. The vulnerability stems from missing authorization checks in several functions, affecting the plugin's ability to properly control access to Google Sheets integration features (NVD).

The vulnerability is classified as a Missing Authorization (CWE-862) issue. It has received a CVSS v3.1 base score of 6.3 (Medium) from Wordfence and 4.3 (Medium) from NIST, with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L. The vulnerability exists due to insufficient capability checks in multiple functions within the plugin's admin class (NVD).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to perform unauthorized actions including editing post status, modifying existing Google sheet integrations, and creating new Google sheet integrations. This represents a significant elevation of privileges beyond intended functionality (NVD).

Users should update their Spreadsheet Integration plugin to a version newer than 3.7.9 to address this vulnerability. No specific workarounds have been published for those unable to update immediately (NVD).