← volver
CVE-2024-1121

Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export

CVSS 5.3 MEDIUMEPSS 0.6%CWE-862
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
05 feb 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
philkurth · Advanced Forms for ACF

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve