CVE-2023-1196 – Advanced Custom Fields - Contributor+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. The Advanced Custom Fields plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 6.0.7 via deserialization of untrusted input in custom field values. This makes it possible for authenticated attackers, with contributor-level permissions, and above to inject a PHP Object. No POP chain appears to be present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. • https://wpscan.com/vulnerability/8e5ec88e-0e66-44e4-bbf2-74155d849ede https://wpscan.com/vulnerability/cf376ca2-92f6-44ff-929a-ace809460a33 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-40696 – WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WP Engine Advanced Custom Fields (ACF). Este problema afecta a Advanced Custom Fields (ACF): desde 3.1.1 hasta 6.0.2. The Advanced Custom Fields plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 6.0.2. While the ACF shortcode ensures that the ACF data being accessed is valid data that has been entered into ACF fields, it may be possible with certain site configurations, that contributor-level users may extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-3-1-1-6-0-2-custom-field-value-exposure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-2594 – Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
https://notcve.org/view.php?id=CVE-2022-2594
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. El plugin Advanced Custom Fields de WordPress versiones anteriores a 5.12.3, Advanced Custom Fields Pro WordPress plugin versiones anteriores a 5.12.3 permite a usuarios no autenticados subir archivos permitidos en una configuración predeterminada de WP (por lo que no es posible PHP) si se presenta un formulario de frontend disponible. Esta vulnerabilidad fue introducida en la reescritura 5.0 y no existía antes de esa versión. The Advanced Custom Fields plugin for WordPress has a file upload vulnerability in versions up to, and including, 5.12.2. • https://wpscan.com/vulnerability/3fde5336-552c-4861-8b4d-89a16735c0e2 https://www.pritect.net/blog/advanced-custom-fields-5-12-3-can-allow-unauthenticated-users-to-upload-arbitrary-files • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •
CVE-2022-23183 – Advanced Custom Fields <= 5.12 - Authenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. Una vulnerabilidad de falta de autorización en Advanced Custom Fields versiones anteriores a 5.12.1 y en Advanced Custom Fields Pro versiones anteriores a 5.12.1, permite a un atacante remoto autenticado visualizar la información de la base de datos sin el permiso de acceso The Advanced Custom Fields plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 5.12. This makes it possible for authenticated attackers with editor access, such as Contributors and above, to view information in the database without the appropriate authorization. • https://jvn.jp/en/jp/JVN42543427/index.html https://wordpress.org/plugins/advanced-custom-fields https://www.advancedcustomfields.com • CWE-862: Missing Authorization •
CVE-2021-20867 – Advanced Custom Fields <= 5.10 - Missing Authorization on Option Changes
https://notcve.org/view.php?id=CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. Advanced Custom Fields versiones anteriores a 5.11 y Advanced Custom Fields Pro versiones anteriores a 5.11, contienen una vulnerabilidad de falta de autorización al mover el grupo de campos que puede permitir a un usuario mover el grupo de campos no autorizado por medio de vectores no especificados • https://jvn.jp/en/jp/JVN09136401/index.html https://wordpress.org/plugins/advanced-custom-fields https://www.advancedcustomfields.com • CWE-862: Missing Authorization •