Vulnerability CVE-2023-7286


Published: 2024-10-16

Description:
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

Type:

CWE-639

(Authorization Bypass Through User-Controlled Key)

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve
https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89
https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136

Copyright 2024, cxsecurity.com

 

Back to Top