Lucene search
K

385 matches found

GithubExploit
GithubExploit
added 2025/12/04 11:28 p.m.452 views

Exploit for CVE-2025-13486

CVE-2025-13486 Vulnerable Test Environment One-shot Docker se...

9.8CVSS7.1AI score0.73557EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2025/12/04 7:14 a.m.11 views

CVE-2025-13486

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

9.8CVSS7.8AI score0.73557EPSS
Exploits10References1
GithubExploit
GithubExploit
added 2025/12/03 5:22 p.m.571 views

Exploit for CVE-2025-13486

Lab: CVE-2025-13486 - Remote Code Execution in Advanced Custom...

9.8CVSS8.4AI score0.73557EPSS
Exploits10
NVD
NVD
added 2025/12/03 7:16 a.m.12 views

CVE-2025-13486

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

9.8CVSS0.73557EPSS
Exploits10References2
Cvelist
Cvelist
added 2025/12/03 6:47 a.m.52 views

CVE-2025-13486 Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

9.8CVSS0.73557EPSS
Exploits10References2
Vulnrichment
Vulnrichment
added 2025/12/03 6:47 a.m.9 views

CVE-2025-13486 Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

9.8CVSS7.4AI score0.73557EPSS
Exploits10References2
CVE
CVE
added 2025/12/03 6:47 a.m.293 views

CVE-2025-13486

The CVE-2025-13486 vulnerability affects the Advanced Custom Fields: Extended (ACFE) WordPress plugin, versions 0.9.0.5–0.9.1.1. It arises from the prepare_form() function, where user-supplied data is forwarded to call_user_func_array() without proper validation, enabling unauthenticated remote c...

9.8CVSS7.4AI score0.73557EPSS
In wildExploits10References2
Patchstack
Patchstack
added 2025/12/03 6:19 a.m.14 views

WordPress Advanced Custom Fields: Extended plugin 0.9.0.5-0.9.1.1 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Advanced Custom Fields: Extended versions 0.9.0.5-0.9.1.1...

9.8CVSS7.9AI score0.73557EPSS
Exploits10References1Affected Software1
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.28 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injection...

9.8CVSS8.2AI score0.73557EPSS
Exploits10References3
Wordfence Blog
Wordfence Blog
added 2025/12/02 7:47 p.m.14 views

100,000 WordPress Sites Affected by Remote Code Execution Vulnerability in Advanced Custom Fields: Extended WordPress Plugin

On November 18th, 2025, we received a submission for an unauthenticated Remote Code Execution vulnerability in Advanced Custom Fields: Extended, a WordPress plugin with more than 100,000 active installations. This vulnerability can be leveraged to execute code remotely. Props to dudekmar who...

9.8CVSS9AI score0.73557EPSS
Exploits10
VulnCheck KEV
VulnCheck KEV
added 2025/12/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-13486

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...

9.8CVSS6.3AI score0.73557EPSS
In wildExploits10References3
EUVD
EUVD
added 2025/11/18 8:27 a.m.5 views

EUVD-2025-197941

The ACF Flexible Layouts Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'acfflmupdatetemplatewithpastedlayout' function in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to...

6.5CVSS4.9AI score0.00181EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/11/17 11:20 p.m.7 views

WordPress ACF Flexible Layouts Manager plugin <= 1.1.6 - Missing Authorization to Unauthenticated Custom Field Update vulnerability

Missing Authorization to Unauthenticated Custom Field Update vulnerability discovered by Ahmad Salem a7mad.cc in WordPress Plugin ACF Flexible Layouts Manager versions = 1.1.6...

6.5CVSS7AI score0.00181EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

WordPress Plugin ACF Recent Posts Widget Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ACF Recent Posts Widget, no...

5.4CVSS6AI score0.00191EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.9 views

WordPress Plugin ACF to REST API Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin ACF to REST API, which c...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 3:30 a.m.4 views

EUVD-2025-35966

Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...

5.3CVSS6.4AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2025/10/27 1:34 a.m.19 views

CVE-2025-62979

CVE-2025-62979 concerns WordPress plugin ACF to REST API (versions &lt;= 3.3.4). Multiple sources describe an information disclosure vulnerability causing retrieval of embedded sensitive data via the REST API. The affected product is the WordPress ACF to REST API plugin; sources consistently refe...

5.3CVSS6.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 1:33 a.m.2 views

CVE-2025-62894 WordPress ACF Recent Posts Widget plugin <= 5.9.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in magicoders ACF Recent Posts Widget acf-recent-posts-widget allows Stored XSS.This issue affects ACF Recent Posts Widget: from n/a through = 5.9.3...

6.5CVSS5.6AI score0.00191EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43851

Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...

5.3CVSS6.9AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

WordPress plugin ACF to REST API 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin ACF to REST API, which c...

5.3CVSS5.9AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder