This vulnerability (CVE-2024-32687) involves a missing authorization check (CWE-862) in the WPClever WPC Frequently Bought Together plugin for WooCommerce, versions up to 7.0.3. It allows an attacker with limited privileges to bypass authorization controls, potentially enabling unauthorized actions within the plugin's functionality. The CVSS 3.1 base score is 4.3, indicating a medium severity with network attack vector, low attack complexity, requiring privileges, no user interaction, and limited confidentiality impact. No vendor advisory or patch information is currently available.

The vulnerability could allow a user with some level of privileges to perform actions that should be restricted, potentially leading to unauthorized access or modification of plugin-related data. The impact is limited to confidentiality with no integrity or availability impact reported. There are no known active exploits, reducing immediate risk.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review user privileges carefully and restrict access to trusted users only. Monitor for updates from WPClever regarding patches or official mitigations.