CVE-2022-23183
First published: Thu Mar 31 2022(Updated: )
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advanced Custom Fields | <5.12.1 | |
| Advanced Custom Fields | <5.12.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-23183?
CVE-2022-23183 is a vulnerability that allows a remote authenticated attacker to view the information on the database without the access permission in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1.
How severe is CVE-2022-23183?
CVE-2022-23183 has a severity rating of 6.5 (medium).
What software versions are affected by CVE-2022-23183?
Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 are affected by CVE-2022-23183.
How can I fix CVE-2022-23183?
To fix CVE-2022-23183, update to Advanced Custom Fields version 5.12.1 or later and Advanced Custom Fields Pro version 5.12.1 or later.
Where can I find more information about CVE-2022-23183?
You can find more information about CVE-2022-23183 on the official vulnerability database (JVN) website and the official websites of Advanced Custom Fields.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advancedcustomfields
- canonical/advanced custom fields