976 matches found
WordPress plugin ACF: Google Font Selector 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin is an application plugin. WordPress plugin ACF: A cross-site...
CVE-2025-26746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through = 1.2.8...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of radio button type custom fields. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted websit...
CVE-2025-26746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through = 1.2.8...
CVE-2025-26746 WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through = 1.2.8...
CVE-2025-26746 WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in caalami Advanced Custom Fields: Link Picker Field acf-link-picker-field allows Reflected XSS.This issue affects Advanced Custom Fields: Link Picker Field: from n/a through = 1.2.8...
WordPress plugin Advanced Custom Fields: Link Picker Field 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2025-16511 · Unknown · Advanced Custom Fields Pro
Name of the Vulnerable Software and Affected Versions: NotFound Advanced Custom Fields: Link Picker Field versions 1.2.8 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables...
BIT-JOOMLA-2024-26278 [20240705] - Core - XSS in com_fields default field value
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
WordPress plugin ACF City Selector 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-30888
Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.1...
CVE-2025-30888
Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.1...
CVE-2025-30888
Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.1...
WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Custom Fields Account Registration For Woocommerce versions = 1.1...
CVE-2025-30888 WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.1...
CVE-2025-30888 WordPress Custom Fields Account Registration For Woocommerce Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Custom Fields Account Registration For Woocommerce custom-fields-account-registration-for-woocommerce allows Cross Site Request Forgery.This issue affects Custom Fields Account Registration For Woocommerce: from n/a through = 1.1...
CVE-2025-30888
CVE-2025-30888 is a Cross-Site Request Forgery (CSRF) vulnerability reported in the WordPress plugin “Custom Fields Account Registration For Woocommerce.” The issue affects version
WordPress plugin Custom Fields Account Registration For Woocommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in WordPress plugin Custom Fields...
CVE-2024-25601
Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...
CVE-2024-43235
Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...