Vulnerabilities and security researches foracf-to-rest-api acf-to-rest-api

Jun 07, 2024

CVE, Research URL: CVE-2020-13700
Home page URL: Security reports for ACF to REST API
Application: ACF to REST API
Date: Jun 24, 2020
Research Description: An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
Affected versions: max 3.3.0.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-62979
Home page URL: Security reports for ACF to REST API
Application: ACF to REST API
Date: Oct 27, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
Affected versions: max 3.3.4.
Status: vulnerable