cleantalk
Vulnerabilities and Security Researches

ACF Front End Editor, CVE-2024-3072

CVE, Research URL

CVE-2024-3072

Home page URL

Security reports for ACF Front End Editor

Application

ACF Front End Editor

Published on
Apr 30, 2024
Research Description
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_texts() function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary post title, content, and ACF data.
Affected versions
Min -, max 2.0.2.
Status
vulnerable
Previous vulnerability researches
ACF Front End Editor (CVE-2024-3072) , Jun 07, 2024
Front-end Editor (c6189a35be8b82352b115f57cd1dd36380a98e67) , Jun 07, 2024
Front-end Editor (CVE-2012-10019) , Jul 21, 2025
New vulnerability
CRM and Lead Management by vcita (CVE-2025-5240) , Jul 23, 2025
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2025-4685) , Jul 23, 2025
Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Galle (CVE-2025-7644) , Jul 23, 2025
bSecure – Your Universal Checkout (CVE-2025-6187) , Jul 23, 2025
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-6831) , Jul 23, 2025