CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

976 matches found

Patchstack•added 2024/07/09 12:35 p.m.•4 views

WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability

Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

4.3CVSS7AI score0.00198EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/07/09 12:35 p.m.•4 views

WordPress Just Custom Fields plugin <= 3.3.2 - Missing Authorization via AJAX actions vulnerability

Missing Authorization via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

4.3CVSS7AI score0.00297EPSS

Exploits0References1Affected Software1

NVD•added 2024/07/09 9:15 a.m.•17 views

CVE-2024-6167

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

4.3CVSS0.00297EPSS

Exploits0References2

NVD•added 2024/07/09 9:15 a.m.•18 views

CVE-2024-6168

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality...

4.3CVSS0.00198EPSS

Exploits0References2

Vulnrichment•added 2024/07/09 8:33 a.m.•11 views

CVE-2024-6167 Just Custom Fields <= 3.3.2 - Missing Authorization via AJAX actions

4.3CVSS4.4AI score0.00297EPSS

Exploits0References2

Patchstack•added 2024/07/09 12:0 a.m.•6 views

WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Broken Access Control

Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-6167 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 899cda063365 Credits Francesco Carlucci Required...

4.3CVSS6.6AI score0.00297EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/07/09 12:0 a.m.•4 views

PT-2024-37428 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on several AJAX functions. This allows unauthenticat...

4.3CVSS6.7AI score0.00198EPSS

Exploits0References6

CNNVD•added 2024/07/09 12:0 a.m.•2 views

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.7AI score0.00297EPSS

Exploits0References3

CNNVD•added 2024/07/09 12:0 a.m.•3 views

Joomla! Security Vulnerabilities

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! that stems from the custom fields component not filtering input properly, which can lead to a cross-site scripting XSS vulnerability...

6.1CVSS5.9AI score0.00447EPSS

Exploits0References3

Positive Technologies•added 2024/07/09 12:0 a.m.•2 views

PT-2024-21327 · Unknown · Custom Fields

Name of the Vulnerable Software and Affected Versions: Custom Fields component affected versions not specified Description: The issue is related to the Custom Fields component not correctly filtering inputs, which leads to a cross-site scripting XSS vector. This means an attacker could potentiall...

6.1CVSS5.8AI score0.00447EPSS

Exploits0References7

Patchstack•added 2024/07/09 12:0 a.m.•7 views

WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fc0b88e6af6 Credits Francesco Carlucci...

4.3CVSS6.7AI score0.00198EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/07/09 12:0 a.m.•3 views

PT-2024-37427 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functionality intended for admin users due to a missing...

4.3CVSS6.8AI score0.00297EPSS

Exploits0References6

CNNVD•added 2024/07/09 12:0 a.m.•4 views

WordPress plugin Just Custom Fields security vulnerability

4.3CVSS6.7AI score0.00198EPSS

Exploits0References3

Joomla! Vulnerable Extensions List•added 2024/06/30 12:0 a.m.•15 views

Advanced custom fields, 2.7.7, SQL Injection

Version: Old 2.8.2 / New 2.8.3 Update details: Improved sanitization/escaping of custom field values in v2.8.3 Update URL: https://www.tassos.gr/releases/advanced-custom-fields/advanced-custom-fields-2-8-3?format=htmlChangelog...

7.1AI score

Exploits0References1Affected Software1

Patchstack•added 2024/06/26 8:7 a.m.•4 views

WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.3.2...

4.3CVSS7AI score0.00223EPSS

Exploits0Affected Software1

Patchstack•added 2024/06/26 8:2 a.m.•3 views

WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability

Subscriber+ Broken Access Control vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.3.2...

5.4CVSS7AI score0.00297EPSS

Exploits0Affected Software1

Patchstack•added 2024/06/26 7:37 a.m.•4 views

WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability

Contributor+ Broken Access Control vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.3.2...

4.3CVSS7AI score0.00307EPSS

Exploits0Affected Software1

Patchstack•added 2024/06/26 12:0 a.m.•9 views

WordPress Advanced Custom Fields PRO Plugin < 6.3.2 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37249 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f318d317c2ed Credits Rafie Muhammad...

4.3CVSS6.9AI score0.00307EPSS

Exploits0References1Affected Software1

OSV•added 2024/06/20 6:15 a.m.•5 views

CVE-2024-4565

The Advanced Custom Fields ACF WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access...

6.5CVSS5.8AI score0.00428EPSS

Exploits2References1

Vulnrichment•added 2024/06/20 6:0 a.m.•12 views

CVE-2024-4565 Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

6.8AI score0.00428EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by