CVE-2026-8382 – Advanced Custom Fields (ACF®)

CVE ID :CVE-2026-8382

Published : May 31, 2026, 4:16 a.m. | 16 minutes ago

Description :The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite the post_title and post_content of any post bound to a publicly accessible acf_form() instance by injecting values into the _post_title and _post_content parameters of a form submission request.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10168 – OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection

CVE-2026-10169 – OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

CVE-2026-10167 – OUSL-GROUP-BrinaryBrains School Student Management System MY_Controller Login.php sign_auth_cookie improper authentication

CVE-2026-10166 – Edimax BR-6478AC POST Request formWlbasic command injection