CVE-2021-20867

Publication date

2021-12-13 06:40:16

Family

jpcert

State

PUBLISHED

Description

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.