Advanced Custom Fields Acf

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4812 MEDIUM This Month

Unauthenticated attackers can bypass field-level authorization in Advanced Custom Fields (ACF) plugin versions up to 6.7.0 via AJAX endpoints that process user-supplied filter parameters without proper privilege checks, enabling disclosure of draft, private, and restricted post/page content that should be hidden by field configuration. The vulnerability affects any WordPress site with ACF installed and frontend forms exposed, requiring only network access and no user interaction. CVSS 5.3 reflects confidentiality impact with low attack complexity; no KEV status or public POC confirmed at analysis time.

Authentication Bypass WordPress Advanced Custom Fields Acf
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4812
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated attackers can bypass field-level authorization in Advanced Custom Fields (ACF) plugin versions up to 6.7.0 via AJAX endpoints that process user-supplied filter parameters without proper privilege checks, enabling disclosure of draft, private, and restricted post/page content that should be hidden by field configuration. The vulnerability affects any WordPress site with ACF installed and frontend forms exposed, requiring only network access and no user interaction. CVSS 5.3 reflects confidentiality impact with low attack complexity; no KEV status or public POC confirmed at analysis time.

Authentication Bypass WordPress Advanced Custom Fields Acf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy