Description
WordPress Plugin Advanced Custom Fields (ACF) is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently browse unauthorized data on the database, or move field groups. WordPress Plugin Advanced Custom Fields (ACF) version 5.10.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.11 or latest
References
https://jvn.jp/en/jp/JVN09136401/index.html
https://plugins.svn.wordpress.org/advanced-custom-fields/trunk/readme.txt
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2015-1808)
MediaWiki Improper Input Validation Vulnerability (CVE-2017-0366)
Envoy Wrong DOWNSTREAM_REMOTE_ADDRESS logged Issue (CVE-2020-35470)
WordPress Plugin Easy Accept Payments for PayPal Cross-Site Scripting (4.9.9)
WordPress Plugin Lazyest Backup 'xml_or_all' Parameter Cross-Site Scripting (0.2.1)