Unrated severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024
Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
CVE-2022-2594
Description
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <5.12.3
- Range: <5.12.3
- TODO/Advanced Custom Fieldsv5Range: 5.0
- TODO/Advanced Custom Fields Prov5Range: 5.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.