Lucene search
K

991 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 10:24 p.m.9 views

CVE-2025-15463

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/12 10:24 p.m.9 views

CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 10:24 p.m.41 views

CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS0.00381EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 10:24 p.m.11 views

EUVD-2025-209809

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/05/12 10:24 p.m.26 views

CVE-2025-15463

The CVE-2025-15463 entry concerns the Advanced Custom Fields: Extended WordPress plugin, affected versions up to 0.9.2.3. The vulnerability arises from code that executes do_shortcode without proper value validation, allowing unauthenticated attackers to execute arbitrary shortcodes. No public ex...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.10 views

CVE-2025-40899

A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victim views the...

8.9CVSS5.8AI score0.00288EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40456

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.4 Description The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to proper...

6.5CVSS6.1AI score0.00381EPSS
Exploits0References6
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/05/05 12:0 a.m.5 views

[20260712] - Core - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

8.8CVSS6AI score0.00262EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/29 8:16 p.m.8 views

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS0.00741EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/29 7:24 p.m.3 views

EUVD-2018-21829

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the fieldhiddenfile and fielddeleteimg parameters during profile editing to unlink...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 7:24 p.m.8 views

CVE-2018-25308

Affected product: BuddyPress Xprofile Custom Fields Type 2.6.3. Vulnerability: remote code execution via unescaped POST parameters during profile editing, enabling authenticated users to delete arbitrary files by manipulating field_hiddenfile and field_deleteimg. Impact: high impact on confidenti...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

WordPress plugin BuddyPress Xprofile Custom Fields Type 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.8CVSS6.2AI score0.00741EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.5 views

PT-2026-35991

BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field hiddenfile and field deleteimg parameters during profile editing to unlin...

8.8CVSS6.5AI score0.00741EPSS
Exploits0References4
CVE
CVE
added 2026/04/23 11:2 a.m.19 views

CVE-2025-62104

Technical details about CVE-2025-62104 are not publicly available in the provided documents; monitor for updates.

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.13 views

PT-2026-34654

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 p.m.6 views

EUVD-2026-22828

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters that override field-configured restrictions witho...

5.3CVSS5.7AI score0.00625EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2026/04/21 7:23 p.m.6 views

CVE-2026-6248

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00593EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 9:31 p.m.8 views

EUVD-2026-23935

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS6.6AI score0.00593EPSS
Exploits0References6
NVD
NVD
added 2026/04/20 7:16 p.m.4 views

CVE-2026-6248

The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...

8.1CVSS0.00593EPSS
Exploits0References5
Rows per page
Query Builder