A critical vulnerability in the Advanced Custom Fields: Extended plugin for WordPress could allow attackers to take full control of affected websites without authentication. This flaw, assigned a severity of 9.8, is primarily a privilege escalation issue involving improper user role validation during registration. #WordPress #AdvancedCustomFields
Keypoints
- The vulnerability affects the Advanced Custom Fields: Extended plugin, impacting up to 100,000 websites.
- Attackers can register new administrator-level accounts without requiring login credentials.
- The flaw results from missing role restrictions during user registration, especially in front-end forms.
- Recent updates in version 0.9.2.2 have implemented validation measures to prevent exploitation.
- Site owners are advised to update to the latest version or disable the plugin to prevent site takeover.
Read More: https://thecyberexpress.com/acf-add-on-vulnerability-wordpress/