The Advanced Forms for ACF plugin for WordPress is not secure and allows people to access data without permission. This is because the export_json_file() function, found in all versions up to 1.9.3.2, does not have a check to ensure that only authorized users can export form settings. This means that anyone, even if they are not logged in, can export form settings.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
