Back to search
CVE-2022-2594
Published: Aug 22, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
| Vendor | Product | Versions |
|---|---|---|
TODO | Advanced Custom Fields | affected 5.0 - < 5.0*affected 5.12.3 - < 5.12.3 |
TODO | Advanced Custom Fields Pro | affected 5.0 - < 5.0*affected 5.12.3 - < 5.12.3 |
Weaknesses (CWE)
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now