WordPress Advanced Custom Fields PRO plugin < 5.11 - Missing Authorization to Information Disclosure vulnerability

Missing Authorization to Information Disclosure vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields PRO versions 5.11...

WordPress Advanced Custom Fields plugin < 5.11 - Missing Authorization to Information Disclosure vulnerability

Missing Authorization to Information Disclosure vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields versions 5.11...

WordPress Advanced Custom Fields PRO plugin < 5.11 - Missing Authorization to Information Disclosure vulnerability

Missing Authorization to Information Disclosure vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields PRO versions 5.11...

WordPress Advanced Custom Fields plugin < 5.11 - Missing Authorization to Information Disclosure vulnerability

Missing Authorization to Information Disclosure vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields versions 5.11...

WordPress Advanced Custom Fields PRO plugin < 5.11 - Missing Authorization on Option Changes vulnerability

Missing Authorization on Option Changes vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields PRO versions 5.11...

WordPress Advanced Custom Fields plugin < 5.11 - Missing Authorization on Option Changes vulnerability

Missing Authorization on Option Changes vulnerability discovered by Keitaro Yamazaki in WordPress Plugin Advanced Custom Fields versions 5.11...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20867 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 205fd390910c Credits Keitaro Yamazaki Required...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a4b648ba0bb Credits Keitaro Yamazaki Required...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 36e7531caa36 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20867 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38d705c1f970 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20866 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3c61745fb42a Credits Keitaro Yamazaki Required...

CVE-2024-46639

A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...

HelpDeskZ 安全漏洞

HelpDeskZ is a free PHP-based software from HelpDeskZ Open Source. Allows the use of a web-based support ticket system to manage support for a site. A security vulnerability exists in HelpDeskZ version v2.0.2, which stems from a cross-site scripting code that can be injected into the Name field o...

CVE-2024-46639

A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...

CVE-2024-46639

A cross-site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box...

WordPress WP Custom Fields Search plugin <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpcfs-preset Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Custom Fields Search versions = 1.2.35...

CVE-2024-8364

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8364

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8364 WP Custom Fields Search <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode

The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-8364

Affected software : WP Custom Fields Search plugin for WordPress (versions up to and including 1.2.35). Vulnerability : Stored Cross-Site Scripting via the wpcfs-preset shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Impact : Authenticated attacke...