PT-2024-26169 · Unknown · Advanced Custom Fields Pro

Patchstack

Published

2024-06-10

Updated

2024-06-10

CVE-2024-34761

CVSS v3.1

8.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields PRO versions prior to 6.2.10

Description A Code Injection vulnerability was discovered in Advanced Custom Fields PRO due to improper control of code generation. This issue was identified during a planned security audit.

Recommendations For versions prior to 6.2.10, update to version 6.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2024-34761

Affected Products

Advanced Custom Fields Pro

PT-2024-26169 · Unknown · Advanced Custom Fields Pro

CVE-2024-34761

Weakness Enumeration

Related Identifiers

Affected Products

References · 5