The vulnerability identified as CVE-2024-33543 in the CodePeople WP Time Slots Booking Form plugin is due to missing authorization controls (CWE-862). This flaw allows unauthenticated remote attackers to perform unauthorized actions that could alter data or functionality, impacting the integrity of the system. The affected versions include all versions up to 1.2.06. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) indicates network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, no confidentiality impact, high integrity impact, and no availability impact. No patch or official fix has been published yet.

The vulnerability allows unauthorized remote attackers to perform actions that compromise the integrity of the affected system. There is no impact on confidentiality or availability. Because the flaw involves missing authorization, attackers could potentially manipulate booking data or related functionality without proper permissions. No known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider restricting access to the affected plugin's functionality or disabling it if feasible. Monitor vendor communications for updates on patches or mitigations. Avoid relying on generic mitigations as this vulnerability specifically involves missing authorization checks.