385 matches found
Exploit for CVE-2025-13486
CVE-2025-13486 Vulnerable Test Environment One-shot Docker se...
CVE-2025-13486
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...
Exploit for CVE-2025-13486
Lab: CVE-2025-13486 - Remote Code Execution in Advanced Custom...
CVE-2025-13486
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...
CVE-2025-13486 Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...
CVE-2025-13486 Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...
CVE-2025-13486
The CVE-2025-13486 vulnerability affects the Advanced Custom Fields: Extended (ACFE) WordPress plugin, versions 0.9.0.5–0.9.1.1. It arises from the prepare_form() function, where user-supplied data is forwarded to call_user_func_array() without proper validation, enabling unauthenticated remote c...
WordPress Advanced Custom Fields: Extended plugin 0.9.0.5-0.9.1.1 - Unauthenticated Remote Code Execution vulnerability
Unauthenticated Remote Code Execution vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Advanced Custom Fields: Extended versions 0.9.0.5-0.9.1.1...
WordPress plugin Advanced Custom Fields Extended 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...
100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin
On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who...
VulnCheck KEV: CVE-2025-13486
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...
EUVD-2025-197941
The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...
WordPress ACF Flexible Layouts Manager plugin <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update vulnerability
Missing Authorization to Unauthenticated Custom Field Update vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin ACF Flexible Layouts Manager versions = 1.1.6...
WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...
WordPress Plugin ACF to REST API Information Disclosure Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin ACF to REST API, which c...
EUVD-2025-35966
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...
CVE-2025-62979
CVE-2025-62979 concerns WordPress plugin ACF to REST API (versions <= 3.3.4). Multiple sources describe an information disclosure vulnerability causing retrieval of embedded sensitive data via the REST API. The affected product is the WordPress ACF to REST API plugin; sources consistently refe...
CVE-2025-62894 WordPress ACF Recent Posts Widget plugin <= 5.9.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through = 5.9.3...
PT-2025-43851
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...
WordPress plugin ACF to REST API 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin ACF to REST API, which c...