CVE-2024-6621 identifies a missing authorization vulnerability (CWE-862) in the WordPress plugin 'RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging' developed by jeangalea. The vulnerability exists because the plugin fails to perform proper capability checks in the 'wprss_activate_feed_source' and 'wprss_pause_feed_source' functions, which control the activation and pausing of RSS feed sources. This flaw allows any authenticated user with at least Subscriber-level privileges to manipulate the state of RSS feeds by activating or pausing them without the necessary permissions. Since Subscriber-level access is commonly granted to registered users with minimal privileges, this vulnerability broadens the attack surface significantly. The impact is limited to integrity, as attackers can alter the operational state of feeds, potentially disrupting automated content aggregation or autoblogging workflows. Confidentiality and availability are not directly affected. The vulnerability is remotely exploitable over the network without user interaction beyond authentication. All plugin versions up to and including 4.23.11 are affected. No patches were linked at the time of disclosure, and no known exploits have been reported in the wild. The CVSS v3.1 base score is 4.3, indicating medium severity, with an attack vector of network, low attack complexity, low privileges required, no user interaction, and unchanged scope.

The primary impact of CVE-2024-6621 is unauthorized modification of RSS feed states within WordPress sites using the vulnerable plugin. Attackers with Subscriber-level access can pause or activate feeds, potentially disrupting content syndication, automated posting, or news aggregation processes. This can lead to inconsistent or manipulated content presentation, undermining site reliability and user trust. While the vulnerability does not expose sensitive data or cause denial of service, it can be leveraged as part of a broader attack chain to degrade content integrity or facilitate misinformation. Organizations relying heavily on automated content feeds or autoblogging features are particularly vulnerable to operational disruptions. Since Subscriber-level access is relatively easy to obtain (e.g., via user registration), the risk of exploitation is non-negligible. The vulnerability affects a wide range of WordPress sites globally, especially those using this popular plugin for content aggregation.

To mitigate CVE-2024-6621, organizations should immediately update the RSS Aggregator plugin to a patched version once available from the vendor. In the absence of an official patch, administrators should restrict Subscriber-level user capabilities by disabling or limiting user registrations or by employing role management plugins to remove unnecessary permissions. Implementing Web Application Firewall (WAF) rules to monitor and block unauthorized calls to 'wprss_activate_feed_source' and 'wprss_pause_feed_source' endpoints can provide temporary protection. Site owners should audit user roles and permissions to ensure minimal privilege principles are enforced. Additionally, monitoring logs for unusual feed activation or pausing activity can help detect exploitation attempts. Regular security assessments and plugin updates are critical to prevent exploitation of such authorization flaws.