CVE-2022-2594
Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
El plugin Advanced Custom Fields de WordPress versiones anteriores a 5.12.3, Advanced Custom Fields Pro WordPress plugin versiones anteriores a 5.12.3 permite a usuarios no autenticados subir archivos permitidos en una configuración predeterminada de WP (por lo que no es posible PHP) si se presenta un formulario de frontend disponible. Esta vulnerabilidad fue introducida en la reescritura 5.0 y no existía antes de esa versión.
The Advanced Custom Fields plugin for WordPress has a file upload vulnerability in versions up to, and including, 5.12.2. This allows users without the upload_files capability, such as contributors, or unauthenticated users in cases where a frontend form is added to the site, to upload allowed file types. The upload is handled by WordPress so file type and extension checks still occur, though this could potentially be used by high-privileged users in certain locked-down configurations to bypass other security mechanisms and upload dangerous file types.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-14 CVE Published
- 2022-08-01 CVE Reserved
- 2024-03-14 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
- CWE-862: Missing Authorization
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.pritect.net/blog/advanced-custom-fields-5-12-3-can-allow-unauthenticated-users-to-upload-arbitrary-files | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/3fde5336-552c-4861-8b4d-89a16735c0e2 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Advancedcustomfields Search vendor "Advancedcustomfields" | Advanced Custom Fields Search vendor "Advancedcustomfields" for product "Advanced Custom Fields" | >= 5.0.0 < 5.12.3 Search vendor "Advancedcustomfields" for product "Advanced Custom Fields" and version " >= 5.0.0 < 5.12.3" | wordpress |
Affected
| ||||||
Advancedcustomfields Search vendor "Advancedcustomfields" | Advanced Custom Fields Search vendor "Advancedcustomfields" for product "Advanced Custom Fields" | >= 5.0.0 < 5.12.3 Search vendor "Advancedcustomfields" for product "Advanced Custom Fields" and version " >= 5.0.0 < 5.12.3" | pro, wordpress |
Affected
|