EUVD-2018-13522

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

WordPress advanced-custom-fields plugin before 5.7.8 has XSS vulnerability by authors

Reporter	Title	Published	Views	Family All 9
CNVD	WordPress advanced-custom-fields plugin cross-site scripting vulnerability	23 Aug 201900:00	–	cnvd
CVE	CVE-2018-20986	22 Aug 201919:38	–	cve
Cvelist	CVE-2018-20986	22 Aug 201919:38	–	cvelist
NVD	CVE-2018-20986	22 Aug 201920:15	–	nvd
OpenVAS	WordPress Advanced Custom Fields Plugin < 5.7.8 XSS Vulnerability	16 Sep 201900:00	–	openvas
OSV	CVE-2018-20986	22 Aug 201920:15	–	osv
Prion	Design/Logic Flaw	22 Aug 201920:15	–	prion
RedhatCVE	CVE-2018-20986	22 May 202503:33	–	redhatcve
WPVulnDB	Advanced Custom Fields <= 5.7.7 - Authenticated Cross-Site Scripting (XSS)	7 Dec 201800:00	–	wpvulndb

[
  {
    "enisaIdVendor": [
      {
        "id": "61c1f7fb-1216-3676-850f-d4e33af1d83d",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "585d3268-b738-3745-933f-aede28025db1",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
wordpress	www.wordpress.org/plugins/advanced-custom-fields/
advancedcustomfields	www.advancedcustomfields.com/blog/acf-5-7-8-release/
www2	www.www2.deloitte.com/de/de/pages/risk/articles/wordpress-plugin-xss.html
advancedcustomfields	www.advancedcustomfields.com/changelog/
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

5.4Medium risk

Vulners AI Score5.4

CVSS 35.4

CVSS 23.5

EPSS0.00227