WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access

Description

The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission

Affects Plugins

advanced-custom-fields
Fixed in version 5.12.1
advanced-custom-fields-pro
Fixed in version 5.12.1

References

CVE
CVE-2022-23183
URL
https://jvn.jp/en/jp/JVN42543427/

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Keitaro Yamazaki of Ierae Security, Inc

Verified

No

WPVDB ID
413576a8-0f20-465e-80cf-7cb0cb22bded

Timeline

Publicly Published

2022-03-30 (about 1 years ago)

Added

2022-03-30 (about 1 years ago)

Last Updated

2022-04-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin