Lucene search
WPScanCVELIST:CVE-2022-2594HistoryAug 22, 2022 - 3:05 p.m.
CVE-2022-2594 Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
2022-08-2215:05:03
CWE-434
WPScan
www.cve.org
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
CNA Affected
[
{
"product": "Advanced Custom Fields",
"vendor": "TODO",
"versions": [
{
"lessThan": "5.0*",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.12.3",
"status": "affected",
"version": "5.12.3",
"versionType": "custom"
}
]
},
{
"product": "Advanced Custom Fields Pro",
"vendor": "TODO",
"versions": [
{
"lessThan": "5.0*",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.12.3",
"status": "affected",
"version": "5.12.3",
"versionType": "custom"
}
]
}
]Related
openvas
openvas
patchstack
patchstack
cve
cve
CVE-2022-2594
2022-08-22 15:15:15
wpvulndb
wpvulndb
Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
2022-08-01 00:00:00
wpexploit
wpexploit
Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
2022-08-01 00:00:00
prion
prion
Design/Logic Flaw
2022-08-22 15:15:00
nvd
nvd
CVE-2022-2594
2022-08-22 15:15:15