2 matches found
CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
WordPress ACF On-The-Go Plugin <= 1.0.1 is vulnerable to Broken Access Control
Software ACF On-The-Go Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3071 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d532a3fc713 Credits Francesco Carlucci Required...