#VU61724 Missing Authorization in Advanced Custom Fields and Advanced Custom Fields Pro


Published: 2022-03-30

Vulnerability identifier: #VU61724

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23183

CWE-ID: CWE-862

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Advanced Custom Fields
Web applications / Modules and components for CMS
Advanced Custom Fields Pro
Web applications / Modules and components for CMS

Vendor: Delicious Brains
Elliot Condon

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. A remote user can view the information on the database without the access permission.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Advanced Custom Fields: 5.12

Advanced Custom Fields Pro: 5.12

External links
http://jvn.jp/en/jp/JVN42543427/index.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Missing Authorization in Advanced Custom Fields plugin for WordPress