Vulnerability Description
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advancedcustomfields | Advanced Custom Fields | < 5.11 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN09136401/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Third Party Advisory
- https://www.advancedcustomfields.com/Vendor Advisory
- https://jvn.jp/en/jp/JVN09136401/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Third Party Advisory
- https://www.advancedcustomfields.com/Vendor Advisory
FAQ
What is CVE-2021-20866?
CVE-2021-20866 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to o...
How severe is CVE-2021-20866?
CVE-2021-20866 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20866?
Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.