CVE-2026-8809 | hwk-fr Advanced Custom Fields Plugin up to 0.9.2.5 on WordPress POST Parameter validate_front_value privileges management

A vulnerability classified as critical has been found in hwk-fr Advanced Custom Fields Plugin up to 0.9.2.5 on WordPress. This issue affects the function acfe_field_user_roles::validate_front_value of the component POST Parameter Handler. Performing a manipulation results in improper privilege management.

This vulnerability is reported as CVE-2026-8809. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More