386 matches found
WordPress plugin Advanced Custom Fields: Extended 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-49044
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...
CVE-2026-49044
The CVE-2026-49044 entry affects WordPress Plugin Advanced Custom Fields: Font Awesome Field (versions
EUVD-2026-32537
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...
CVE-2026-49044 WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...
CVE-2026-49044 WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...
WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Broken Access Control vulnerability
Unauthenticated Broken Access Control vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Advanced Custom Fields versions = 6.8.1...
WordPress plugin Advanced Custom Fields: Font Awesome Field 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-44022
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...
WordPress Advanced Custom Fields: Font Awesome Field plugin <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyen Cong Quang in WordPress Plugin Advanced Custom Fields: Font Awesome Field versions = 5.0.2...
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
CVE-2026-6415
The CVE concerns the Advanced Custom Fields: Font Awesome plugin for WordPress. It is vulnerable to a Stored Cross-Site Scripting (Stored XSS) in versions up to and including 5.0.2. The root cause is insufficient input validation of JSON field values and unsafe client-side HTML construction in th...
EUVD-2026-30521
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
WordPress plugin Advanced Custom Fields: Font Awesome 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin ACF Extended versions = 0.9.2.3...
CVE-2025-15463
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
EUVD-2025-209809
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
CVE-2025-15463
The CVE-2025-15463 entry concerns the Advanced Custom Fields: Extended WordPress plugin, affected versions up to 0.9.2.3. The vulnerability arises from code that executes do_shortcode without proper value validation, allowing unauthenticated attackers to execute arbitrary shortcodes. No public ex...