cleantalk
Vulnerabilities and Security Researches

ACF to REST API, CVE-2020-13700

CVE, Research URL

CVE-2020-13700

Home page URL

Security reports for ACF to REST API

Application

ACF to REST API

Published on
Jun 24, 2020
Research Description
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
Affected versions
max 3.3.0.
Status
vulnerable
Previous vulnerability researches
ACF to REST API (CVE-2025-62979) , Nov 10, 2025
ACF to REST API (CVE-2020-13700) , Jun 07, 2024
New vulnerability
WP Carticon (CVE-2025-12065) , Nov 10, 2025
WP Logo Changer (CVE-2025-53245) , Nov 10, 2025
ACF Recent Posts Widget (CVE-2025-62894) , Nov 10, 2025
VNPAY Payment gateway (CVE-2025-12017) , Nov 10, 2025
Persian Admnin Fonts (CVE-2025-62980) , Nov 10, 2025