CVSS 3.1 Score 4.3 of 10 (medium)


Published May 2, 2024


CVE-2024-3071 is a vulnerability affecting the ACF On-The-Go plugin for WordPress. All versions up to and including 1.0.1 are susceptible to unauthorized modification of data due to a missing capability check on the acfg_update_fields() function. This vulnerability allows authenticated attackers with subscriber-level access or higher to update arbitrary post titles, descriptions, and ACF (Advanced Custom Fields) values. The base severity of this vulnerability is rated as MEDIUM with a base score of 4.3 out of 10. The exploitability score is 2.8 out of 10, indicating a moderate level of difficulty for potential attackers. It has been classified as a secondary vulnerability, posing a potential risk to organizations that use the affected plugin in their WordPress installations.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3071 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options