CVE-2024-6709: 
WordPress vulnerability analysis and mitigation

The Sync Post With Other Site plugin for WordPress (CVE-2024-6709) contains a vulnerability related to unauthorized modification of data, discovered and disclosed on August 3, 2024. The vulnerability affects all versions up to and including 1.6 of the plugin. The issue stems from a missing capability check on the 'spsaddupdate_post' function (Wordfence Advisory).

The vulnerability is classified as CWE-862 (Missing Authorization) with a CVSS v3.1 base score of 4.3 (MEDIUM). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and affecting only the unauthorized scope (S:U). The impact primarily concerns integrity (I:L), with no effect on confidentiality (C:N) or availability (A:N) (NVD).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to create new draft posts and update existing posts without proper authorization. This could lead to unauthorized content modification on affected WordPress sites (NVD).

Users should upgrade to version 1.7 or later of the Sync Post With Other Site plugin, which includes the security fix for this vulnerability (WordPress Plugin).