CVE-2022-40696

CWE-200Information Exposure3 documents3 sources
Severity
7.5HIGH
EPSS
0.5%
top 34.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WP Engine Advanced Custom Fields (acf)Advancedcustomfields Advanced Custom Fields
Timeline
PublishedJan 8
Latest updateJan 9

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5wp_engine/advanced_custom_fields_(acf)3.1.16.0.2

🔴Vulnerability Details

2
GHSA
GHSA-vxh3-27qh-7gv3: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF)2024-01-09
CVEList
WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure2024-01-08
CVE-2022-40696 (HIGH CVSS 7.5) | Exposure of Sensitive Information t | cvebase.io