PT-2024-31718 · WordPress · Advanced Custom Fields Pro
Scott Kingsley Clark
·
Published
2024-06-20
·
Updated
2024-07-17
·
CVE-2024-4565
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Advanced Custom Fields (ACF) WordPress plugin versions prior to 6.3
Advanced Custom Fields Pro WordPress plugin versions prior to 6.3
Description:
The issue allows displaying custom field values for any post via shortcode without checking for the correct access. This could potentially lead to unauthorized access to sensitive information.
Recommendations:
For Advanced Custom Fields (ACF) WordPress plugin versions prior to 6.3, update to version 6.3 or later.
For Advanced Custom Fields Pro WordPress plugin versions prior to 6.3, update to version 6.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advanced Custom Fields Pro