Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.6 views

CVE-2023-1196

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

8.8CVSS7.1AI score0.0108EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2023/05/02 8:39 a.m.12 views

CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

8.8AI score0.0108EPSS
Exploits3References2
Cvelist
Cvelist
added 2023/05/02 8:39 a.m.19 views

CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...

9.1AI score0.0108EPSS
Exploits3References2
CVE
CVE
added 2023/05/02 8:39 a.m.200 views

CVE-2023-1196

The CVE-2023-1196 entry concerns the Advanced Custom Fields (ACF) Free and Pro WordPress plugins. Affected versions are 5.x before 5.12.5 and 6.x before 6.1.0. The root cause is unserialize of user-controllable data, enabling PHP Object Injection when a suitable gadget is present. Valid risk is t...

8.8CVSS8.8AI score0.0108EPSS
Exploits3References2Affected Software1
Patchstack
Patchstack
added 2023/05/02 12:0 a.m.13 views

WordPress Advanced Custom Fields Plugin < 5.12.5 is vulnerable to PHP Object Injection

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.12.5 Fixed in 5.12.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 8c55b8a9942a Credits Nguyen Huu Do Required privile...

8.8CVSS7.2AI score0.0108EPSS
Exploits3References3Affected Software1
Patchstack
Patchstack
added 2023/05/02 12:0 a.m.13 views

WordPress Advanced Custom Fields PRO Plugin < 6.1.0 is vulnerable to PHP Object Injection

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 322be262bcd9 Credits Nguyen Huu Do Required...

8.8CVSS6.7AI score0.0108EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder