### [CVE-2021-20867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20867)
![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Custom%20Fields%20and%20Advanced%20Custom%20Fields%20Pro&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=versions%20prior%20to%205.11%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20authorization&color=brightgreen)

### Description

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates