Vulnerability Description
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advancedcustomfields | Advanced Custom Fields | < 5.11 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN09136401/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Third Party Advisory
- https://www.advancedcustomfields.com/Vendor Advisory
- https://jvn.jp/en/jp/JVN09136401/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Third Party Advisory
- https://www.advancedcustomfields.com/Vendor Advisory
FAQ
What is CVE-2021-20865?
CVE-2021-20865 is a vulnerability with a CVSS score of 7.5 (HIGH). Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse ...
How severe is CVE-2021-20865?
CVE-2021-20865 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20865?
Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.