Description
WordPress Plugin Advanced Custom Fields PRO is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently view the information on the database. WordPress Plugin Advanced Custom Fields PRO version 5.12 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 5.12.1 or latest
References
Related Vulnerabilities
OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)
Claroline Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3262)
WordPress Plugin All-in-One WP Migration Security Bypass (7.14)
WordPress Plugin Amelia-Events & Appointments Booking Calendar Multiple Vulnerabilities (1.0.45)
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)