ACF WordPress Plugin Vulnerability Affects Up To +2 Million Sites
Missing authorization vulnerability …allows a remote authenticated attacker to view the information on the database without the access permission. This kind of vulnerability allows an attacker to attain access to the site at levels that are ordinarily restricted to users with admin privileges.
Advanced Custom Fields (ACF) WordPress Plugin
The ACF WordPress plugin is a popular development tool that allows developers to add custom fields to the Edit screen as well as to customize the sections for users, posts, media and other areas.
Missing Authorization Vulnerability
A missing authorization vulnerability happens when a software like a WordPress plugin does not check for authorization of a user when accessing specific information.
This type of vulnerability can lead to exposure of sensitive information and remote code execution attacks.
Remote Authenticated Attacker
This particular vulnerability exploits a missing authorization check for users who have some level of authentication.
According to the most current information from the Japan Computer Emergency Repsonse Team Coordination Center:
TEXTO PROPIEDAD de: https://www.searchenginejournal.com/acf-wordpress-plugin-vulnerability/444530/