Description
WordPress Plugin Advanced Custom Fields is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently browse unauthorized data on the database, or move field groups. WordPress Plugin Advanced Custom Fields version 5.10.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.11 or latest
References
https://jvn.jp/en/jp/JVN09136401/index.html
https://plugins.svn.wordpress.org/advanced-custom-fields/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)
WordPress Plugin WP-StarsRateBox 'j' Parameter SQL Injection (1.1)
WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)
WordPress Plugin Ultimate Membership Pro Cross-Site Request Forgery (8.6.2)
WordPress Plugin Add-on SweetAlert Contact Form 7 Unspecified Vulnerability (1.0.7)