CVE-2023-40068

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 21, 2023
Updated: Aug 25, 2023
CWE ID 79

Summary

CVE-2023-40068 is a cross-site scripting (XSS) vulnerability affecting Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7. This issue allows a remote, authenticated attacker to inject and execute malicious scripts on the web browser of users with administrative privileges when they log into the product. Successful exploitation could lead to unauthorized access, data theft, or even full takeover of the affected system. Users are advised to upgrade to the latest versions of these plugins as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share