Description
WordPress Plugin Advanced Custom Fields PRO is prone to multiple security bypass vulnerabilities. Exploiting these issues may allow attackers to perform otherwise restricted actions and subsequently browse unauthorized data on the database, or move field groups. WordPress Plugin Advanced Custom Fields PRO version 5.10 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.11 or latest
References
https://jvn.jp/en/jp/JVN09136401/index.html
https://www.advancedcustomfields.com/blog/acf-5-11-release-rest-api/
Related Vulnerabilities
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2)
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2023-22622)
WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)
WordPress Plugin Real WYSIWYG Cross-Site Scripting (0.0.2)
WordPress Plugin Photoswipe Masonry Gallery Cross-Site Scripting (1.2.14)