Beebee Mini, CVE-2022-2594

CVE, Research URL: CVE-2022-2594
Home page URL: Security reports for Beebee Mini
Application: Beebee Mini
Published on: Aug 22, 2022
Research Description: The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
Affected versions: Min -, max 1.3.0.
Status: vulnerable