Approved changes feed: RSS · Atom

cpe:2.3:a:todo:advanced_custom_fields_pro:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorTodo (dfcacd44-d8ba-595a-9801-f5a942535ec2)
ProductAdvanced Custom Fields Pro (ffdbeb7e-16b0-5177-901a-14513276bfbd)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-2594 vulnerable 2026-06-08 05:43:35.866683 Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
Published: 2022-08-22T15:05:03.000Z
Updated: 2024-08-03T00:39:08.043Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.