CVE-2023-7286
ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users capability to access metadata of other users, this includes contributor-level users and above.
| CWE | CWE-639 |
| Vendor | podpirate |
| Product | acf quick edit fields |
| Published | Oct 16, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for podpirate acf quick edit fields
Be the first to know when new medium vulnerabilities affecting podpirate acf quick edit fields are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
podpirate / ACF Quick Edit Fields
0 โค 3.2.2
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/5954bdc0-09e9-4691-95ff-02f7304514c9?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?new=2828750%40acf-quickedit-fields&old=2816195%40acf-quickedit-fields#file89 wpscan.com: https://wpscan.com/vulnerability/3538e80e-c2c5-4e7b-97c3-b7debad7a136
Credits
Chris Grello