Lucene search

K
cvelistPatchstackCVELIST:CVE-2022-40696
HistoryJan 08, 2024 - 10:02 p.m.

CVE-2022-40696 WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure

2024-01-0822:02:53
CWE-200
Patchstack
www.cve.org
cve-2022-40696
sensitive data exposure
unauthorized actor

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

37.2%

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "advanced-custom-fields",
    "product": "Advanced Custom Fields (ACF)",
    "vendor": "WP Engine",
    "versions": [
      {
        "changes": [
          {
            "at": "6.0.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.0.2",
        "status": "affected",
        "version": "3.1.1",
        "versionType": "custom"
      }
    ]
  }
]

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

37.2%

Related for CVELIST:CVE-2022-40696