CVE-2024-4565

2024-06-2006:15:09

WPScan

web.nvd.nist.gov

acf plugin

unauthorized access

shortcode vulnerability

cve-2024-4565

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

16.5%

JSON

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

Affected configurations

Nvd

Vulners

Vulnrichment

Node

advancedcustomfieldsadvanced_custom_fieldsRange<6.3-wordpress

advancedcustomfieldsadvanced_custom_fieldsRange<6.3prowordpress

VendorProductVersionCPE
advancedcustomfieldsadvanced_custom_fields*cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*
advancedcustomfieldsadvanced_custom_fields*cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*

Vendor	Product	Version	CPE
advancedcustomfields	advanced_custom_fields	*	cpe:2.3:a:advancedcustomfields:advanced_custom_fields:::::-:wordpress::
advancedcustomfields	advanced_custom_fields	*	cpe:2.3:a:advancedcustomfields:advanced_custom_fields:::::pro:wordpress::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Advanced Custom Fields (ACF)",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.3"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "Advanced Custom Fields Pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.3"
      }
    ],
    "defaultStatus": "unaffected"
  }
]