Rewterz Threat Advisory – CVE-2022-23183 – WordPress Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-23183

Advanced Custom Fields plugin for WordPress and Advanced Custom Fields Pro plugin for WordPress could allow a remote authenticated attacker to obtain sensitive information, caused by missing authorization. An attacker could exploit this vulnerability to obtain sensitive information from the database and use this information to launch further attacks against the affected system.

Impact

• Information Disclosure

Affected Vendors

WordPress

Affected Products

• WordPress Advanced Custom Fields plugin for WordPress 3.5.1
• WordPress Advanced Custom Fields plugin for WordPress 4.4.7
• WordPress Advanced Custom Fields Pro Plugin for WordPress 5.7.10
• WordPress Advanced Custom Fields Pro Plugin for WordPress 5.10

Remediation

Upgrade to the latest plugin released by the developer:

• Advanced Custom Fields 5.12.1
• Advanced Custom Fields Pro 5.12.1