CVE-2024-32719
Description
Missing Authorization vulnerability in WP Club Manager WP Club Manager wp-club-manager.This issue affects WP Club Manager: from n/a through <= 2.2.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=2.2.11
- Range: <= 2.2.11
Patches
Vulnerability mechanics
Root cause
"Missing authorization check allows unauthenticated access to a resource or action."
Attack vector
An unauthenticated attacker can exploit the missing authorization vulnerability by sending crafted HTTP requests to the WordPress site running WP Club Manager. Because the plugin fails to verify the user's capabilities before allowing access to certain resources or actions, any remote attacker with network access can trigger the unauthorized operation. The CVSS vector confirms the attack is network-based, requires no authentication, and no user interaction.
Affected code
The WP Club Manager plugin (wp-club-manager) versions through 2.2.11 are affected. The vulnerability is a missing authorization check — the product does not perform an authorization check when an actor attempts to access a resource or perform an action.
What the fix does
The advisory does not include a published patch diff. The changelog for version 2.2.11 notes a security fix: "Permalink settings save now protected with a capability and nonce check" [ref_id=1], which suggests the fix adds proper capability checks and nonce verification to the affected endpoint. Without the full patch, the remediation guidance is to update to version 2.2.11 or later, which introduces authorization checks where they were previously missing.
Preconditions
- networkThe attacker must have network access to the WordPress site running WP Club Manager <= 2.2.11
- authNo authentication is required (CVSS PR:N)
Generated on Jun 18, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.