Advancedcustomfields: >> Advanced Custom Fields >> 5.12.4 Security Vulnerabilities
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.
CVSS Score
3.7
EPSS Score
0.005
Published
2024-01-08
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-05-02