CVE-2024-9364: 
NixOS vulnerability analysis and mitigation

The SendGrid for WordPress plugin is affected by a vulnerability (CVE-2024-9364) due to a missing capability check on the 'wpmailplusclear_logs' function in versions up to and including 1.4. This security flaw allows authenticated attackers with Subscriber-level access or higher to delete the plugin's log files without proper authorization (NVD).

The vulnerability stems from improper authorization controls (CWE-862) in the plugin's log management functionality. The issue has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating that it requires low attack complexity and can be exploited remotely by an authenticated user (NVD).

When exploited, this vulnerability allows authenticated users with Subscriber-level privileges to delete the plugin's log files, potentially destroying important email tracking and debugging information. This could impact the administrator's ability to monitor and troubleshoot email operations (NVD).

Users of the SendGrid for WordPress plugin should upgrade to a version newer than 1.4 when available, or implement additional access controls to restrict access to the log clearing functionality (NVD).