CVE-2024-3072

by Fred · 30/04/2024

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data.

More information : https://plugins.trac.wordpress.org/browser/acf-front-end-editor/trunk/public/class-acf-front-end-editor-public.php#L225

CVE-2024-3072

Similar

Recent Posts

Categories

CVE-2024-3072

Share this:

Similar

Recent Posts

Categories

Tags