DNA View

CVE-2024-1121

Medium

Low Medium High Critical

5.3

CVSS Score

Published: Feb 05, 2024

Last Modified: Apr 08, 2026

CWE: CWE-862

Vulnerability Description

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

5.3

out of 10.0

Medium

Weakness Type (CWE)

CWE-862 Top 25 #8

Missing Authorization

Description: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Class