Rewterz Threat Alert – Remcos RAT – Active IOCs
March 31, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
March 31, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
March 31, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
March 31, 2022Severity
Medium
Analysis Summary
CVE-2022-23183
Advanced Custom Fields plugin for WordPress and Advanced Custom Fields Pro plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorization. An attacker could exploit this vulnerability to obtain sensitive information from the database and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Affected Vendors
WordPress
Affected Products
- WordPress Advanced Custom Fields plugin for WordPress 3.5.1
- WordPress Advanced Custom Fields plugin for WordPress 4.4.7
- WordPress Advanced Custom Fields Pro Plugin for WordPress 5.7.10
- WordPress Advanced Custom Fields Pro Plugin for WordPress 5.10
Remediation
Upgrade to the latest plugin released by the developer: