ACF 5.12.1 Patches Missing Authorization Vulnerability

ACF 5.12.1 Patches Missing Authorization Vulnerability

Posted by WP Tavern on April 8, 2022 at 1:22 pm
kitty kitty CATegory News
Advanced Custom Fields (ACF) recently patched a missing authorization vulnerability in version 5.12.1 that potentially affects more than a million users. The security issue was discovered by Keitaro Yamazaki of Ierae Security, Inc, who reported it to the Information-technology Promotion Agency (IPA). According to the CVE record information, the vulnerability affects all free versions of ACF prior to 5.12.1 and ACF Pro versions prior to 5.12.1. It allows a remote authenticated attacker to view the information on the database without the correct access permission. The National Vulnerability Database gives this particular vulnerability a 6.5 Medium score. ACF product manager Iain Poulson explained that there are certain conditions necessary to make an attack possible. “In particular, the attacker would have to already possess an account on the site at contributor-level or higher, so they’d likely be someone known to the site’s owners,” Poulson said. “There are a number of other conditions that would all have to be present for the attack to be successful. I’d rather not go into detail about exactly what those conditions are, as providing that information just increases the chances that someone will go looking for one of the few sites that matches those specifications.” ACF released the…

…Full post on WP Tavern
Read Full

Similar Posts

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments