CVE-2024-1121: 
WordPress vulnerability analysis and mitigation

The Advanced Forms for ACF plugin for WordPress contains a vulnerability (CVE-2024-1121) discovered in February 2024 that affects all versions up to and including 1.9.3.2. The vulnerability stems from a missing capability check on the export_json_file() function, which could allow unauthorized access to form data (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 5.3 (Medium). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can result in low confidentiality impact (C:L) with no impact on integrity (I:N) or availability (A:N) (Wordfence).

The vulnerability allows unauthenticated attackers to export form settings from the WordPress installation. This could potentially expose sensitive configuration information and form structures to unauthorized users (NVD).

A patch has been released to address this vulnerability. Users are advised to update their Advanced Forms for ACF plugin to a version newer than 1.9.3.2 (WordPress Patch).