6 matches found
CVE-2024-3072
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072
CVE-2024-3072 affects the ACF Front End Editor WordPress plugin. Root cause: a missing capability check in update_texts() across all versions up to 2.0.2, enabling authenticated subscribers and above to modify arbitrary post titles, content, and ACF data. Impact is unauthorized data modification ...
WordPress ACF Front End Editor Plugin <= 2.0.2 is vulnerable to Broken Access Control
Software ACF Front End Editor Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3072 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5c576884eef4 Credits Francesco Carlucci Required...
ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...