CVE-2024-4565

CWE-639 — Insecure Direct Object Reference5 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 59.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Advanced Custom Fields (acf)Unknown Advanced Custom Fields PRO Advancedcustomfields Advanced Custom Fields

Timeline

PublishedJun 20

Latest updateSep 2

Description

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5unknown/advanced_custom_fields_pro< 6.3

▶CVEListV5unknown/advanced_custom_fields_(acf)< 6.3

▶NVDadvancedcustomfields/advanced_custom_fields< 6.3

🔴Vulnerability Details

OSV

protobuf vulnerabilities↗2025-09-02

▶

OSV

protobuf vulnerabilities↗2025-07-09

▶

GHSA

GHSA-6x2p-g636-5378: The Advanced Custom Fields (ACF) WordPress plugin before 6↗2024-06-20

▶

CVEList

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access↗2024-06-20

▶