The vulnerability identified as CVE-2024-30464 affects the WPZOOM Social Icons Widget & Block plugin for WordPress. It is classified as CWE-862 (Missing Authorization), meaning the plugin fails to properly verify that a user is authorized to perform certain actions. This can allow users with limited privileges to execute unauthorized operations, impacting the integrity and availability of the affected system. The issue affects all versions up to 4.2.15. The CVSS 3.1 base score is 5.4, with vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network attack vector, low attack complexity, requires low privileges, no user interaction, unchanged scope, no confidentiality impact, but partial integrity and availability impacts. No patch or official remediation level has been published, and no known exploits have been reported.

An attacker with low privileges can exploit this missing authorization vulnerability to perform unauthorized actions within the affected plugin. This can lead to partial integrity and availability impacts on the WordPress site using the plugin. There is no confidentiality impact reported. No known exploitation in the wild has been observed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict plugin usage to trusted users with appropriate privileges and monitor for unusual activity related to the plugin. Avoid granting unnecessary privileges to users who can interact with the plugin.