/

cve-2023-30777 Report - Details, Severity, & Advisorie...

cve-2023-30777 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is cve-2023-30777?

CVE-2023-30777 is a medium to high severity vulnerability affecting WordPress websites using the WP Engine Advanced Custom Fields Pro and WP Engine Advanced Custom Fields plugins with versions up to and including 6.1.5. This unauthorized reflected cross-site scripting (XSS) vulnerability allows unauthenticated users to steal sensitive information or escalate privileges on a WordPress site by tricking privileged users into visiting a crafted URL path. Websites using the vulnerable versions of these plugins should update to the latest version to mitigate the risk.

Who is impacted by this?

The CVE-2023-30777 vulnerability affects users of the Advanced Custom Fields plugins for WordPress, specifically the free plugin versions 5.8.10-5.12.5 and the pro plugin versions up to and including 6.1.5. This reflected XSS vulnerability could allow unauthenticated users to steal sensitive information or escalate privileges by tricking privileged users into visiting a crafted URL.

What should I do if I’m affected?

If you're affected by the cve-2023-30777 vulnerability, it's crucial to take action to protect your WordPress site. Follow these simple steps to mitigate the risk:

  1. Update the Advanced Custom Fields plugin to at least version 6.1.6 (Pro) or 5.12.6 (Free).

  2. Educate users with access to the plugin about the risks of clicking on unknown links.

  3. Consider using security plugins or services to monitor and protect your site from potential threats.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-30777 vulnerability, a Reflected Cross-Site Scripting (XSS) issue affecting certain versions of the Advanced Custom Fields plugins for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79, which is an improper neutralization of input during web page generation, also known as 'Cross-site Scripting'.

Learn More

For a comprehensive understanding of the vulnerability, its severity, and mitigation steps, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

cve-2023-30777 Report - Details, Severity, & Advisorie...

cve-2023-30777 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is cve-2023-30777?

CVE-2023-30777 is a medium to high severity vulnerability affecting WordPress websites using the WP Engine Advanced Custom Fields Pro and WP Engine Advanced Custom Fields plugins with versions up to and including 6.1.5. This unauthorized reflected cross-site scripting (XSS) vulnerability allows unauthenticated users to steal sensitive information or escalate privileges on a WordPress site by tricking privileged users into visiting a crafted URL path. Websites using the vulnerable versions of these plugins should update to the latest version to mitigate the risk.

Who is impacted by this?

The CVE-2023-30777 vulnerability affects users of the Advanced Custom Fields plugins for WordPress, specifically the free plugin versions 5.8.10-5.12.5 and the pro plugin versions up to and including 6.1.5. This reflected XSS vulnerability could allow unauthenticated users to steal sensitive information or escalate privileges by tricking privileged users into visiting a crafted URL.

What should I do if I’m affected?

If you're affected by the cve-2023-30777 vulnerability, it's crucial to take action to protect your WordPress site. Follow these simple steps to mitigate the risk:

  1. Update the Advanced Custom Fields plugin to at least version 6.1.6 (Pro) or 5.12.6 (Free).

  2. Educate users with access to the plugin about the risks of clicking on unknown links.

  3. Consider using security plugins or services to monitor and protect your site from potential threats.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-30777 vulnerability, a Reflected Cross-Site Scripting (XSS) issue affecting certain versions of the Advanced Custom Fields plugins for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79, which is an improper neutralization of input during web page generation, also known as 'Cross-site Scripting'.

Learn More

For a comprehensive understanding of the vulnerability, its severity, and mitigation steps, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

cve-2023-30777 Report - Details, Severity, & Advisories

Twingate Team

Jun 13, 2024

What is cve-2023-30777?

CVE-2023-30777 is a medium to high severity vulnerability affecting WordPress websites using the WP Engine Advanced Custom Fields Pro and WP Engine Advanced Custom Fields plugins with versions up to and including 6.1.5. This unauthorized reflected cross-site scripting (XSS) vulnerability allows unauthenticated users to steal sensitive information or escalate privileges on a WordPress site by tricking privileged users into visiting a crafted URL path. Websites using the vulnerable versions of these plugins should update to the latest version to mitigate the risk.

Who is impacted by this?

The CVE-2023-30777 vulnerability affects users of the Advanced Custom Fields plugins for WordPress, specifically the free plugin versions 5.8.10-5.12.5 and the pro plugin versions up to and including 6.1.5. This reflected XSS vulnerability could allow unauthenticated users to steal sensitive information or escalate privileges by tricking privileged users into visiting a crafted URL.

What should I do if I’m affected?

If you're affected by the cve-2023-30777 vulnerability, it's crucial to take action to protect your WordPress site. Follow these simple steps to mitigate the risk:

  1. Update the Advanced Custom Fields plugin to at least version 6.1.6 (Pro) or 5.12.6 (Free).

  2. Educate users with access to the plugin about the risks of clicking on unknown links.

  3. Consider using security plugins or services to monitor and protect your site from potential threats.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-30777 vulnerability, a Reflected Cross-Site Scripting (XSS) issue affecting certain versions of the Advanced Custom Fields plugins for WordPress, is not listed in CISA's Known Exploited Vulnerabilities Catalog.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-79, which is an improper neutralization of input during web page generation, also known as 'Cross-site Scripting'.

Learn More

For a comprehensive understanding of the vulnerability, its severity, and mitigation steps, refer to the NVD page and the resources listed below.