MEDIUM
wpengine
CVE published 2026-05-31
CVE-2026-8382
The Advanced Custom Fields (ACF®) WordPress plugin contains an authorization bypass vulnerability affecting versions up to and including 6.8.1. The plugin fails to properly verify user authorization before processing form submissions on publicly accessible acf_form() instances. Unauthenticated attackers can inject arbitrary values through the _post_title and _post_content parameters to overwrite post titl [truncated]