CVE-2024-4565

Summary

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

Affected Software

VendorProductVersion RangeStatus
UnknownAdvanced Custom Fields (ACF)0 < 6.3affected
UnknownAdvanced Custom Fields Pro0 < 6.3affected

Weaknesses

  • CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References