WordPress StyleAI Plugin Broken Access Control Vulnerability

A broken access control vulnerability has been identified in the WordPress StyleAI plugin, specifically in versions through 1.0.4. This vulnerability allows users to access functionalities that are not properly restricted by access control lists (ACLs), potentially leading to unauthorized actions or data exposure.

Impact

Exploitation of this vulnerability could allow an unprivileged user to perform actions or access data that should be restricted, potentially leading to unauthorized changes or information disclosure.

Remediation

Users of the WordPress StyleAI plugin are advised to update to a version later than 1.0.4, as no official fix is currently available. However, Patchstack has issued a virtual patch that can be applied to mitigate this vulnerability.