← volver
CVE-2022-2594

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

EPSS 1.3%CWE-434
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
Productos afectados
TODO · Advanced Custom FieldsTODO · Advanced Custom Fields Pro

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wpscan.com/vulnerability/3fde5336-552c-4861-8b4d-89a16735c0e2https://www.pritect.net/blog/advanced-custom-fields-5-12-3-can-allow-unauthenticated-users-to-upload-arbitrary-files