CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

976 matches found

Cvelist•added 2025/01/02 12:0 p.m.•18 views

CVE-2023-46203 WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

4.3CVSS0.00292EPSS

Exploits0References1

CNNVD•added 2025/01/02 12:0 a.m.•2 views

WordPress plugin Just Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.8AI score0.00292EPSS

Exploits0References1

Snyk•added 2024/12/16 3:42 p.m.•2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient checks for the permissions associated with the user sending commands. Remediation Upgrade wordpress-premium/advanced-custom-fields-pro to version 3.6.10, 6.3.4 or higher. References -...

5.1CVSS6.9AI score0.00223EPSS

Exploits0References2

NVD•added 2024/12/16 3:15 p.m.•10 views

CVE-2024-37251

Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...

4.3CVSS0.00223EPSS

Exploits0References1

Cvelist•added 2024/12/16 3:3 p.m.•9 views

CVE-2024-37251 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...

4.3CVSS0.00223EPSS

Exploits0References1

Vulnrichment•added 2024/12/16 3:3 p.m.•7 views

CVE-2024-37251 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...

4.3CVSS7.3AI score0.00223EPSS

Exploits0References1

CVE•added 2024/12/16 3:3 p.m.•44 views

CVE-2024-37251

CVE-2024-37251 affects the WordPress plugin Advanced Custom Fields PRO from WPENGINE (versions before 6.3.2). The issue is Cross-Site Request Forgery (CSRF) caused by insufficient permission checks, per Snyk and Red Hat/NVD entries. The exploitability notes show no explicit in-the-wild exploitati...

4.3CVSS4.7AI score0.00223EPSS

Exploits0References1

CNNVD•added 2024/12/16 12:0 a.m.•2 views

WordPress plugin Advanced Custom Fields PRO 跨站请求伪造漏洞

4.3CVSS6.7AI score0.00223EPSS

Exploits0References1

CNNVD•added 2024/12/09 12:0 a.m.•5 views

WordPress plugin Display custom fields in the frontend – Post and User Profile Fields 安全漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress plugin Display custom fields in the frontend...

4.3CVSS8.4AI score0.00416EPSS

Exploits0References1

OSV•added 2024/11/15 7:15 a.m.•2 views

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...

6.6CVSS5.9AI score0.00435EPSS

Exploits1References1

CNNVD•added 2024/11/15 12:0 a.m.•3 views

WordPress plugin Secure Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

6.6CVSS6.6AI score0.00435EPSS

Exploits1References1

CVE•added 2024/11/13 4:29 a.m.•82 views

CVE-2024-10800

CVE-2024-10800 : WordPress User Extra Fields plugin (

8.8CVSS8.7AI score0.00789EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2024/11/01 3:15 p.m.•3 views

CVE-2024-43235

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

7.1CVSS5.1AI score0.00419EPSS

Exploits0References2

NVD•added 2024/11/01 3:15 p.m.•11 views

CVE-2024-37249

Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...

4.3CVSS0.00307EPSS

Exploits0References1

NVD•added 2024/11/01 3:15 p.m.•10 views

CVE-2024-37250

5.4CVSS0.00297EPSS

Exploits0References1

Cvelist•added 2024/11/01 2:18 p.m.•16 views

CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability

4.3CVSS0.00307EPSS

Exploits0References1

Vulnrichment•added 2024/11/01 2:18 p.m.•11 views

CVE-2024-37250 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability