VYPR
Unrated severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

CVE-2022-2594

Description

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.