VYPR

Acf To REST API

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-62979MedOct 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.

  • CVE-2025-12030MedJan 7, 2026
    risk 0.28cvss 4.3epss 0.00

    The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to insufficient capability checks in the update_item_permissions_check() method, which only verifies that the current user has the…