WordPress Advanced Custom Fields Plugin <= 5.9.9 is vulnerable to Broken Authentication

Patch priority: low
Resolve by 24 September, 2021 Low priority
5.4
Medium severity CVSS 3.1 score

Prevent exploits against this and future vulnerabilities!

Protect now

Solution

Fixed Update to fix

Update the WordPress Advanced Custom Fields plugin to the latest available version (at least 5.10).

Keitaro Yamazaki discovered and reported this Broken Authentication vulnerability in WordPress Advanced Custom Fields Plugin. This can be abused by a malicious actor to perform action which normally should only be able to be executed by higher privileged users. These actions might allow the malicious actor to gain admin access to the website. This vulnerability has been fixed in version 5.10.

Have additional information or questions about this entry? Get in touch.

Other vulnerabilities in this plugin

0 present
13 fixed
View all
Mobile Menu

Let us know if we have missed a vulnerability reported elsewhere

Mobile Menu Close

Thank you for contributing!

Close Mobile Menu