PatchSiren

hwk-fr CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL hwk-fr CVE published 2026-05-28

CVE-2026-8809

CVE-2026-8809 is a critical privilege escalation vulnerability in the Advanced Custom Fields: Extended (ACFE) WordPress plugin, affecting all versions up to and including 0.9.2.5. The vulnerability stems from improper validation in the `after_validate_save_post()` function, which unconditionally trusts the attacker-controlled `_acf_post_id` POST parameter without authentication or integrity verification. [truncated]