CVE-2022-23183 The vulnerability allows a remote attacker to view information of the database without permission.

The weakness exists due to lack of sufficient validating access checks which allows an attacker to bypass the validation. By doing so, attacker can enter the system and view or change the data on the system. The Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 are vulnerable to the unauthorized access due to insufficient access checks. The issue is present in the file /wp-content/plugins/advanced-custom-fields/scm/scm_config.php . The issue affects all the versions of Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1. The issue is present in the file /wp-content/plugins/advanced-custom-fields/scm/scm_config.php . An attacker can exploit this issue to view or edit the data on the system. This issue has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2019-1343. Mitigation The only mitigation against this issue is upgrading to Advanced Custom Fields versions 5.12.2 or 5.12.3 or Advanced Custom Fields Pro versions 5.12.3 or 5.12.4. In order to mitigate this issue, you should upgrade to the latest version of Advanced Custom Fields.

Solution:

Upgrade to Advanced Custom Fields 5.12.2 or 5.12.3 or Advanced Custom Fields Pro 5.12.3 or 5.12.4
Upgrade to the latest version of Advanced Custom Fields

References ||

Please see the references for more information on this topic.

In order to have a successful online business, you need to invest in digital marketing. It's generally easier to target specific demographics or geographic areas with these types of campaigns, which can help increase your conversion rates. You can also use pictures in your ad campaigns on Facebook as people are more likely to click through when they see something visually appealing than if they see text only. These ads get better conversion rates because you'll spend less money while still getting better results.

How to verify the version of your WordPress installation?

The following checks can be used to verify the version of WordPress installed on your system:
If you are using Advanced Custom Fields versions 5.12.1 or 5.12.2 or Advanced Custom Fields Pro versions 5.12.2 or 5.12.3, make sure that the file path /wp-content/plugins/advanced-custom-fields/scm/scm_config.php contains the string "version" in it's final line before the line containing "return array."
If you are using Advanced Custom Fields versions 4.9 or earlier, 4.10 or older, ensure that the file path /wp-content/plugins/advanced-custom-fields/scm/scm_config.php contains a string "version" in it's first line before the line containing "require('./plugin.'.$id)."

Timeline

Published on: 03/31/2022 08:15:00 UTC
Last modified on: 04/07/2022 20:02:00 UTC

References

• https://jvn.jp/en/jp/JVN42543427/index.html
• https://wordpress.org/plugins/advanced-custom-fields/
• https://www.advancedcustomfields.com/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23183