CVE-2023-7286

CVSS V2 None CVSS V3 None

Description

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

Overview

CVE ID
CVE-2023-7286

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-10-16T06:43:32.686Z

Last Modified Date
2024-10-16T18:05:43.218Z

Weakness Enumerations

CWE	URL
CWE-639	http://cwe.mitre.org/data/definitions/639.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve
https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89
https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-7286
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7286

History

Created	Old Value	New Value	Data Type	Notes
2024-10-17 13:03:27				Added to TrackCVE