7.5
CVE-2024-4565
- EPSS 0.43%
- Veröffentlicht 20.06.2024 06:15:09
- Zuletzt bearbeitet 21.11.2024 09:43:07
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdvanced Custom Fields < 6.3 - Contributor+ Custom Field Access
Advanced Custom Fields <= 6.2.10 - Authenticated (Contributor+) Arbitrary Custom Field Access
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
Mögliche Gegenmaßnahme
Advanced Custom Fields (ACF®): Update to version 6.3.0, or a newer patched version
Advanced Custom Fields Pro: Update to version 6.3.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advancedcustomfields ≫ Advanced Custom Fields SwEdition- SwPlatformwordpress Version < 6.3
Advancedcustomfields ≫ Advanced Custom Fields SwEditionpro SwPlatformwordpress Version < 6.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Custom Fields (ACF®)
Version
*-6.2.10
SystemWordPress Plugin
≫
Produkt
Advanced Custom Fields Pro
Version
*-6.2.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.341 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
https://wpscan.com/vulnerability/430224c4-d6e3-4ca8-b1bc-b2229a9bcf12/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b93e9e84-1675-4128-a018-03833ff75943