Go to the text

Disclosure of vulnerability information reported by our employees (JVN#98946408)


SB Technology Corp.

The following vulnerability, reported by SB Technology employee Ryotaro Imamura, has been disclosed on JVN.

■Summary
JVN#98946408
Cross-site scripting vulnerability in the WordPress plugin Advanced Custom Fields *.

■Affected systems

■Assumed impact
Arbitrary scripts may be executed on the web browser of users who are logged in to the product with editor or higher privileges.

Please see here for the detail.
Vulnerability report: https://jvn.jp/jp/JVN98946408/
Vulnerability countermeasure information database: https://jvndb.jvn.jp/ja/contents/2023/JVNDB-2023-000084.html

About vendor information
WP Engine ACF 6.1.8: https://www.advancedcustomfields.com/blog/acf-6-1-8/
Advanced Custom Fields: https://ja.wordpress.org/plugins/advanced-custom-fields/
Advanced Custom Fields for WordPress Developers: https://www.advancedcustomfields.com/

Contact information regarding this matter

● SB Technology Corp. Public Relations Department
E-mail: sbt-press@tech.softbank.co.jp