CVE-2026-12428 | gamaup Blocks for ACF Fields Plugin up to 1.6.2 REST Endpoint values get_all_values ID improper authorization

SecurityVulns

A vulnerability has been found in gamaup Blocks for ACF Fields Plugin up to 1.6.2 and classified as problematic. This impacts the function get_all_values of the file /wp-json/acf-field-blocks/v1/values of the component REST Endpoint. The manipulation of the argument ID leads to improper authorization.

This vulnerability is uniquely identified as CVE-2026-12428. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More