CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/430224c4-d6e3-4ca8-b1bc-b2229a9bcf12/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:advancedcustomfields:advanced_custom_fields:::::-:wordpress::
	cpe:2.3:a:advancedcustomfields:advanced_custom_fields:::::pro:wordpress::

History

No history.

Information

Published : 2024-06-20 06:15

Updated : 2024-07-17 14:14

NVD link : CVE-2024-4565

Mitre link : CVE-2024-4565

CVE.ORG link : CVE-2024-4565

JSON object : View

Products Affected

advancedcustomfields

advanced_custom_fields

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-4565", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-06-20T06:15:09.950", "references": [{"url": "https://wpscan.com/vulnerability/430224c4-d6e3-4ca8-b1bc-b2229a9bcf12/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access"}, {"lang": "es", "value": "El complemento Advanced Custom Fields (ACF) WordPress anterior a 6.3, el complemento de Advanced Custom Fields Pro WordPress anterior a 6.3 le permite mostrar valores de campo personalizados para cualquier publicaci\u00f3n mediante un c\u00f3digo corto sin verificar el acceso correcto"}], "lastModified": "2024-07-17T14:14:08.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DD0ABF4C-D6BF-4285-AE5F-634CF79D0F12", "versionEndExcluding": "6.3"}, {"criteria": "cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C1979FB6-71EA-4937-BEC6-B16B61D3D3AB", "versionEndExcluding": "6.3"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}