Description

WordPress Plugin Advanced Custom Fields PRO is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input before being passed to the unserialize() PHP function. Attackers can possibly exploit this issue to execute arbitrary PHP code within the context of the affected webserver process. WordPress Plugin Advanced Custom Fields PRO version 6.0.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin versions 6.1.0, 5.12.5 or latest

Try Deep Scan Version

Give your DevOps team the freedom to innovate and create outstanding products without being held back by security concerns.

CyStack Intelligent Products

CyStack VulnScan

Locker Secrets Manager

SafeChain Blockchain Security

Locker Password Manager

CyStack Endpoint

WhiteHub Bug Bounty

CyStack Trust Center

CyStack Data Leak Detection

By Use Case

By Industry

Looking for something?

Advanced Custom Fields PRO PHP Object Injection

Description

Remediation

Severity

Classification

Published Date

Try Deep Scan Version

CyStack and Cookies

VietNam Office

Canada Office

Audit

Security Operations

Data Security

Security Compliance

Blockchain Security

Company

Resources