WordPress Plugin Vulnerabilities

Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access

Description

The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission

Affects Plugins

advanced-custom-fields

Fixed in version 5.12.1

advanced-custom-fields-pro

Fixed in version 5.12.1

References

CVE

CVE-2022-23183

URL

https://jvn.jp/en/jp/JVN42543427/

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

Miscellaneous

Original Researcher

Keitaro Yamazaki of Ierae Security, Inc

Verified

WPVDB ID

413576a8-0f20-465e-80cf-7cb0cb22bded

Timeline

Publicly Published

2022-03-30 (about 6 months ago)

Added

2022-03-30 (about 6 months ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin