CVE ID :CVE-2026-4812 Published : 15 Apr 2026, 1:25 a.m. | 56 minutes ago Description :The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions without proper authorization checks. This makes it possible for unauthenticated attackers with access to a frontend ACF form to enumerate and disclose information about draft/private posts, restricted post types, and other data that should be restricted by field configuration. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...