Lucene search
K

6 matches found

GithubExploit
GithubExploit
added 2026/06/12 8:9 a.m.70 views

Exploit for CVE-2026-8809

CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...

9.8CVSS5.6AI score0.008EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-15463

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS6AI score0.00381EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/01 8:7 a.m.14 views

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin ACF Extended versions = 0.9.2.5...

9.8CVSS5.8AI score0.008EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2026/03/04 12:0 a.m.167 views

📄 WordPress ACF 0.9.1.1 Remote Code Execution

WordPress ACF plugin version 0.9.1.1 unauthenticated remote code execution proof of concept exploit. ============================================================================================================================================= | Title : WordPress ACF 0.9.1.1 unauthenticated Remote...

9.8CVSS6.5AI score0.73557EPSS
Exploits10
Metasploit
Metasploit
added 2025/12/19 6:55 p.m.494 views

WordPress ACF Extended Unauthenticated RCE via prepare_form()

This module exploits an unauthenticated Remote Code Execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...

9.8CVSS9AI score0.73557EPSS
Exploits10
Packet Storm
Packet Storm
added 2025/12/19 12:0 a.m.220 views

📄 WordPress ACF 0.9.1.1 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...

9.8CVSS8.6AI score0.73557EPSS
Exploits10
Rows per page
Query Builder