Path Traversal Vulnerability in Advanced Custom Fields PRO
CVE-2024-34762

9.9CRITICAL

Key Information:

Vendor: WPengine Inc
Status: Advanced Custom Fields Pro
Vendor: CVE Published:; 10 June 2024

Summary

The vulnerability identified in Advanced Custom Fields PRO introduces a potential threat through improper limitation of a pathname to a restricted directory, commonly referred to as Path Traversal. This flaw enables PHP Local File Inclusion, which could allow an attacker to access sensitive files on the server, leading to unauthorized information disclosure or further exploitation. Affected versions are those prior to 6.2.10, making it essential for users to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Advanced Custom Fields PRO < 6.2.10

References

https://patchstack.com/database/vulnerability/advanced-cu...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
May 8, 2024

Credit

WPEngine

Patchstack