CVE-2022-23183 has been recently disclosed which affects a very popular WordPress plugin “Advanced Custom Fields” or “ACF”. This plugin is used in over two million websites and this vulnerability would allow any user to access database information regardless of whether they have designated access. This could be used to gain access to critical data or gain privilege escalation on the website. The exploit code has not been made public and the only remedy is to update this plugin, both standard and pro versions to at least version 5.12.1.
April 01, 2022