EUVD-2026-36933

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

CVE-2026-39468

WordPress Meta Box – WordPress Custom Fields Framework plugin

CVE-2026-39468 WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

CVE-2016-20083

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

EUVD-2016-10895

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

EUVD-2016-10887

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

CVE-2016-20075

CVE-2016-20075 affects WordPress Ultimate Product Catalog 3.8.6. The vulnerability is an arbitrary file upload via the custom fields feature, exploitable by authenticated users with contributor, editor, author, or administrator roles. By uploading malicious files (e.g., PHP shells) through the Pr...

CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

PT-2026-49213

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

CVE-2026-49044

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Advanced Custom Fields: Font Awesome Field: from n/a through 5.0.2...

CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

CVE-2026-4812

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

CVE-2026-8809

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the aftervalidatesavepost function unconditionally trusting the attacker-controlled acfpostid POST...

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

EUVD-2026-33483

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...