← back
CVE-2021-20866

CVE-2021-20866

EPSS 1.7%
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
Affected products
Delicious Brains · Advanced Custom Fields and Advanced Custom Fields Pro

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jvn.jp/en/jp/JVN09136401/index.htmlhttps://wordpress.org/plugins/advanced-custom-fields/https://www.advancedcustomfields.com/