Lucene search
K

4 matches found

NVD
NVD
added 2023/07/27 7:15 a.m.9 views

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4.3CVSS4.3AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 2023/07/27 6:54 a.m.39 views

CVE-2023-3957

CVE-2023-3957 concerns the ACF Photo Gallery Field plugin for WordPress. The vulnerability arises from insufficient restrictions in the apg_profile_update function, allowing authenticated users with subscriber-level permissions or higher to modify other users' metas arbitrarily (the meta value is...

4.3CVSS4.6AI score0.0041EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/27 6:54 a.m.5 views

CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4.3CVSS6.6AI score0.0041EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/07/27 12:0 a.m.9 views

WordPress ACF Photo Gallery Field Plugin <= 1.9 is vulnerable to Broken Access Control

Software ACF Photo Gallery Field Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3957 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d9af03e0961b Credits Lana Codes Required...

4.3CVSS6.9AI score0.0041EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder