CVE-2024-43235

CVE-2024-43235 concerns Meta Box – WordPress Custom Fields Framework. Several connected sources confirm a Missing Authorization vulnerability (broken access control) affecting the Meta Box plugin up to version 5.9.10. The CVSS 3.1 base metrics show Network attack vector, Low attack complexity, Pr...

CVE-2024-43235 WordPress Meta Box plugin <= 5.9.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in MetaBox.Io Meta Box – WordPress Custom Fields Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta Box – WordPress Custom Fields Framework: from n/a through 5.9.10...

PT-2024-27414 · Unknown · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields PRO versions prior to 6.3.1 Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. This vulnerability can be...

WordPress plugin Advanced Custom Fields PRO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Advanced Custom Fields PRO 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-27412 · Unknown · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields PRO versions through 6.3.1 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions...

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

CVE-2024-49593

CVE-2024-49593 affects the WordPress ecosystem via two plugins: Advanced Custom Fields (ACF) and Secure Custom Fields. The vulnerability is a stored XSS that can be triggered when editing a Field Group with the plugin editors, enabling execution of malicious payloads. Affected versions are ACF pr...

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

WordPress Advanced Custom Fields Pro <= 6.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Duc Luong Tran in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.8...

WordPress Advanced Custom Fields <= 6.3.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Duc Luong Tran in WordPress Plugin Advanced Custom Fields versions = 6.3.6.2...

WordPress Advanced Custom Fields Plugin <= 6.3.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6.2 Fixed in 6.3.6.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID fb0621a063a9 Credits Duc Luong Tran Required privilege...

PT-2024-33558 · WordPress · Advanced Custom Fields Pro +1

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF versions prior to 6.3.9 Secure Custom Fields versions prior to 6.3.6.3 Description: The issue allows for the execution of a stored XSS payload when using the Field Group editor to edit one of the plugin's fields in...

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive...

WordPress Advanced Custom Fields PRO plugin <= 6.3.7 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields PRO versions = 6.3.7...

WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...

WordPress Advanced Custom Fields Plugin <= 6.3.6 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6 Fixed in 6.3.6.1 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b40e735610b Credits Automattic Security Team...

PT-2024-39679 · WordPress · Secure Custom Fields +1

Name of the Vulnerable Software and Affected Versions: Secure Custom Fields WordPress plugin versions prior to 6.3.9 Advanced Custom Fields Pro WordPress plugin versions prior to 6.3.9 Description: The issue allows high privilege users, such as admins, to run arbitrary PHP functions through the...