The vulnerability identified as CVE-2024-37542 is a missing authorization issue (CWE-862) in the WpDevArt Responsive Image Gallery, Gallery Album plugin for WordPress, affecting versions up to 2.0.3. This means that certain actions within the plugin can be performed by users without the necessary permissions, potentially allowing unauthorized modification or disruption of the plugin's functionality. The CVSS v3.1 base score is 5.4, reflecting network attack vector, low attack complexity, required privileges of low, no user interaction, unchanged scope, no confidentiality impact, limited integrity impact, and limited availability impact. No vendor advisory or patch is currently available, and the vulnerability is not related to a cloud service.

The impact of this vulnerability is limited to integrity and availability, meaning an attacker with low privileges could potentially perform unauthorized actions that alter data or disrupt service availability within the plugin. There is no confidentiality impact reported. Since no known exploits are in the wild, the immediate risk is moderate but should be monitored.

No official patch or remediation guidance is currently available from the vendor. Users should monitor the vendor's communications for updates and apply any future patches promptly. Until a fix is released, restricting user privileges and limiting access to trusted users may reduce risk. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.