Vulnerability Description
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advancedcustomfields | Advanced Custom Fields | < 5.12.1 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN42543427/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/ProductThird Party Advisory
- https://www.advancedcustomfields.com/ProductVendor Advisory
- https://jvn.jp/en/jp/JVN42543427/index.htmlThird Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/ProductThird Party Advisory
- https://www.advancedcustomfields.com/ProductVendor Advisory
FAQ
What is CVE-2022-23183?
CVE-2022-23183 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the inform...
How severe is CVE-2022-23183?
CVE-2022-23183 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23183?
Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.