PT-2026-1585

Name of the Vulnerable Software and Affected Versions ACF to REST API plugin for WordPress versions through 3.3.4 Description The ACF to REST API plugin for WordPress is affected by an Insecure Direct Object Reference issue. Insufficient capability checks in the update item permissions check meth...

WordPress plugin ACF to REST API 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2026-2092

Name of the Vulnerable Software and Affected Versions Titra versions 0.99.49 and below Description Titra is open source project time tracking software. An API has a Mass Assignment issue that allows authenticated users to inject arbitrary fields into time entries, bypassing business logic control...

WordPress ACF to REST API plugin <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ ACF Field/Option Modification vulnerability discovered by Kai Aizen in WordPress Plugin ACF to REST API versions = 3.3.4...

CVE-2025-12067

CVE-2025-12067 involves the WordPress plugin Table Field Add-on for ACF and SCF. The issue is stored XSS via Table Cell Content in versions up to 1.3.30, caused by insufficient input sanitization and output escaping. The vulnerability can be triggered by authenticated attackers with Author-level ...

CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content

The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up to, and including, 1.3.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Table Field Add-on for ACF and SCF 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

CVE-2025-13361

The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the custom field deletion functionality. This makes it possible for unauthenticated attackers to delete custom fields v...

CVE-2025-13361

CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

EUVD-2025-204231

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

CVE-2025-49379

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

CVE-2025-49379

CVE-2025-49379 affects the WordPress plugin Custom Fields Account Registration For Woocommerce (plugin slug: custom-fields-account-registration-for-woocommerce) with versions n/a through 1.2. The issue is described as Incorrect Privilege Assignment, enabling Privilege Escalation. Connected docume...

CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

CVE-2025-49379 WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Privilege Escalation.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.2...

PT-2025-52015

Name of the Vulnerable Software and Affected Versions Custom Fields Account Registration For Woocommerce versions n/a through 1.2 Description A flaw exists in Custom Fields Account Registration For Woocommerce that allows for privilege escalation due to incorrect privilege assignment. This issue...

WordPress plugin Custom Fields Account Registration For Woocommerce 安全漏洞

...

Exploit for CVE-2025-13486

CVE-2025-13486 The Advanced Custom...

Exploit for CVE-2025-13486

CVE-2025-13486 Vulnerable Test Environment One-shot Docker se...

CVE-2025-13486

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepareform function. This is due to the function accepting user input and then passing that through calluserfuncarray. This makes it possible for...