Security Advisory

CVE-2022-2594

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-22 15:05:03

Last updated 2024-08-03 00:39:08

Assigner WPScan

State PUBLISHED

Description

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.

← Browse all CVEs View on cve.org ↗