CVE-2024-6754: 
WordPress vulnerability analysis and mitigation

The Social Auto Poster plugin for WordPress (CVE-2024-6754) contains a vulnerability related to unauthorized modification of data due to a missing capability check in the 'wpwautoposterupdatetweet_template' function in versions up to and including 5.3.14. This vulnerability was discovered and reported by Wordfence in July 2024 (NVD Database).

The vulnerability stems from a missing capability check in the 'wpwautoposterupdatetweet_template' function, which allows authenticated attackers with Subscriber-level access or higher to update arbitrary post metadata. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, while Wordfence assessed it at 5.4 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L (NVD Database).

The vulnerability allows authenticated attackers with Subscriber-level access or higher to modify arbitrary post metadata, potentially compromising the integrity of the website's content (NVD Database).

Website administrators should update the Social Auto Poster plugin to a version newer than 5.3.14 when available. The vulnerability affects all versions up to and including 5.3.14 (NVD Database).