WordPress Advanced Custom Fields PRO premium plugin <= 5.12.2 - Unauthenticated File Upload vulnerability
Software
Advanced Custom Fields PRO
Vulnerable versions
<= 5.12.2
PSID
268d25659413
Classification
Other Vulnerability Type
OWASP Top 10
A1: Injection
Required privilege
Can be exploited remotely without any authentication.
Publicly disclosed
2022-08-01
Patchstack vPatch available since
09.12.2021
Details
Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields PRO premium plugin (versions <= 5.12.2).
Solution
Update the WordPress Advanced Custom Fields PRO plugin to the latest available version (at least 5.12.3).
References
Vulnerability details