CVE-2022-23183

Published: Mar 31, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.

Affected (2)

Products: Advancedcustomfields: Advanced Custom Fields

Advancedcustomfields

1 product

Advanced Custom Fields

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Advancedcustomfields Advanced Custom Fields	Before 5.12.1
Advancedcustomfields Advanced Custom Fields	Before 5.12.1

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (6)

https://jvn.jp/en/jp/JVN42543427/index.html

Source: vultures@jpcert.or.jp

Third Party Advisory

https://wordpress.org/plugins/advanced-custom-fields/

Source: vultures@jpcert.or.jp

ProductThird Party Advisory

https://www.advancedcustomfields.com/

Source: vultures@jpcert.or.jp

ProductVendor Advisory

https://jvn.jp/en/jp/JVN42543427/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wordpress.org/plugins/advanced-custom-fields/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

https://www.advancedcustomfields.com/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.