A vulnerability has been found in wpengine Advanced Custom Fields Plugin up to 6.8.1 on WordPress and classified as critical . This impacts an unknown function of the component Form Submission Handler . The manipulation of the argument post_title leads to missing authorization. This vulnerability is referenced as CVE-2026-8382 . Remote exploitation of the attack is possible. No exploit is available.