CVE-2025-12081

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...

CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...

PT-2026-20577

Name of the Vulnerable Software and Affected Versions ACF Photo Gallery Field versions prior to 3.1 Description The ACF Photo Gallery Field plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the acf photo gallery edit sa...

WordPress plugin ACF Photo Gallery Field 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

EUVD-2021-11821

Malware in sbrugna...

EUVD-2024-21013

Malicious code in bioql PyPI...

EUVD-2023-44582

Malicious code in bioql PyPI...

CVE-2024-23518

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

CVE-2021-24909

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...

CVE-2024-23518

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

CVE-2024-23518 WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

CVE-2024-23518 WordPress ACF Photo Gallery Field plugin <= 2.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

WordPress plugin ACF Photo Gallery Field security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

ACF Photo Gallery Field < 2.7 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...

WordPress ACF Photo Gallery Field Plugin <= 2.6 is vulnerable to Broken Access Control

Software ACF Photo Gallery Field Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-23518 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 90b02382eae5 Credits Abdi Pranata Required...

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

Design/Logic Flaw

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...