7.5

CVE-2024-4565

Exploit

Advanced Custom Fields <= 6.2.10 - Authenticated (Contributor+) Arbitrary Custom Field Access

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
Mögliche Gegenmaßnahme
Advanced Custom Fields (ACF®): Update to version 6.3.0, or a newer patched version
Advanced Custom Fields Pro: Update to version 6.3.0, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Advanced Custom Fields (ACF®)
Version * - 6.2.10
SystemWordPress Plugin
Produkt Advanced Custom Fields Pro
Version * - 6.2.10
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdvancedcustomfieldsAdvanced Custom Fields SwEdition- SwPlatformwordpress Version < 6.3
AdvancedcustomfieldsAdvanced Custom Fields SwEditionpro SwPlatformwordpress Version < 6.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.479
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N