What the vulnerability does
01Description
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.
CVE-2022-40696
LOW
CVE-2022-40696: WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure
CVSS base score
3.7/10
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
January 8, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-0226 Tsinghua Unigroup Electronic Archives System downLoad.html download information disclosure
CVE-2021-41120 Unauthorized access to Credit card form in sylius/paypal-plugin
CVE-2023-5254 AI ChatBot <= 4.8.9 - Unauthenticated Sensitive Information Exposure via qcld_wb_chatbot_check_user
CVE-2023-43804 `Cookie` HTTP header isn't stripped on cross-origin redirects
CVE-2024-4596 Kimai Session information disclosure
