Podatność CVE-2023-7286
Publikacja: 2024-10-16

Opis:
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

Typ:

CWE-639

 (Authorization Bypass Through User-Controlled Key)

 Referencje:
https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve
https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89
https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136
Copyright 2024, cxsecurity.com

 

Back to Top