Tweet
What are the most frequent WordPress vulnerabilities affecting sites?
-
-
So basically what happened was there was a privilege escalation bug in the ACF Extended plugin (Advanced Custom Fields Extended). Because of how it handled user insert forms, an attacker could trick it into making themselves an admin even without logging in. That’s why Wordfence flagged it as critical and you need to update immediately to the patched version. -
This was scary because Advanced Custom Fields Extended is used on so many sites — over 100,000 affected. Wordfence said it’s a critical privilege escalation vulnerability. If your site used forms that allow users to input roles, it was especially at risk. They’ve released a patch now, so update the plugin, and check if your firewall blocked any exploitation attempts.Comment
Comment