The vulnerability identified as CVE-2024-28004 in ExtendThemes Colibri Page Builder is classified as CWE-862 (Missing Authorization). It affects versions up to 1.0.248 and allows users with low privileges to bypass authorization controls. According to the CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L), the attack can be performed remotely over the network with low attack complexity, requiring some privileges but no user interaction. The impact is limited to integrity and availability, with no confidentiality loss. No vendor advisory or patch information is currently available, and the product is not a cloud service.

The vulnerability may allow an attacker with limited privileges to perform unauthorized actions that could alter data or disrupt service availability within the affected Colibri Page Builder environment. There is no indication of confidentiality compromise. No known exploits have been reported, and the impact is considered medium severity based on the CVSS score.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should restrict access to trusted users only and monitor for unusual activity related to privilege misuse. No official mitigation or temporary fix has been provided by the vendor at this time.