4 matches found
CVE-2023-3957
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...
CVE-2023-3957
CVE-2023-3957 concerns the ACF Photo Gallery Field plugin for WordPress. The vulnerability arises from insufficient restrictions in the apg_profile_update function, allowing authenticated users with subscriber-level permissions or higher to modify other users' metas arbitrarily (the meta value is...
CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...
WordPress ACF Photo Gallery Field Plugin <= 1.9 is vulnerable to Broken Access Control
Software ACF Photo Gallery Field Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-3957 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d9af03e0961b Credits Lana Codes Required...