CVE-2025-24691: 
WordPress vulnerability analysis and mitigation

The People Lists WordPress plugin versions 1.3.10 and below contains a Missing Authorization vulnerability (CVE-2025-24691) that was disclosed on January 24, 2025. This security issue affects the authorization mechanisms in the plugin, potentially allowing unauthorized access to restricted functionality (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS score of 4.3 (Low severity). The security flaw stems from missing authorization, authentication, or nonce token checks in certain functions, which could enable unprivileged users to execute actions intended for users with higher privileges (Patchstack).

The vulnerability has been assessed to have a low severity impact and is considered unlikely to be exploited. However, it could potentially allow users with Subscriber-level access to perform unauthorized actions that should be restricted to users with higher privilege levels (Patchstack).

The vulnerability has been fixed in version 2.0.0 of the People Lists plugin. Users are advised to update to version 2.0.0 or later to remediate the security issue. Those using the Patchstack security solution can enable auto-updates for vulnerable plugins (Patchstack).