5 matches found
CVE-2026-3243
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2026-3243 Advanced Members for ACF <= 1.2.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Path Traversal
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the createcrop function in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
CVE-2026-3243
The CVE-2026-3243 entry concerns the WordPress plugin Advanced Members for ACF. It states that all versions up to and including 1.2.5 are vulnerable due to insufficient file path validation in the create_crop function, enabling an authenticated user with Subscriber-level access or higher to delet...
PT-2026-31295
Name of the Vulnerable Software and Affected Versions Advanced Members for ACF plugin for WordPress versions up to and including 1.2.5 Description The Advanced Members for ACF plugin for WordPress has a flaw that allows authenticated attackers with Subscriber-level access or higher to delete...