CVE-2019-14682

low-risk
Published 2019-08-08

The acf-better-search (aka ACF: Better Search) plugin before 3.3.1 for WordPress allows wp-admin/options-general.php?page=acfbs_admin_page CSRF.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Better Search Project

Affected Vendors

Acf\

References (6)

Third Party Advisory https://wordpress.org/plugins/acf-better-search/#developers
Third Party Advisory https://wpvulndb.com/vulnerabilities/9399
Exploit https://www.pluginvulnerabilities.com/2019/06/26/cross-site-request-forgery-csrf...
Third Party Advisory https://wordpress.org/plugins/acf-better-search/#developers
Third Party Advisory https://wpvulndb.com/vulnerabilities/9399
Exploit https://www.pluginvulnerabilities.com/2019/06/26/cross-site-request-forgery-csrf...
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal