Tag
The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the create_crop function, allowing authenticated attackers with Subscriber-level access or higher to delete arbitrary files, potentially leading to remote code execution.