CVE Details: CVE-2023-7286

Description

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.

Published Date: 2024-10-16
Last Modified Date: 2024-10-16
Severity: MEDIUM
CVSS v3 Score: 6.5
CWE ID: CWE-639
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
User Interaction: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

Back to CVE List