CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

976 matches found

CNNVD•added 2024/06/20 12:0 a.m.•6 views

WordPress plugin Advanced Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the WordPre...

7.5CVSS6.7AI score0.00428EPSS

Exploits2References2

Positive Technologies•added 2024/06/20 12:0 a.m.•5 views

PT-2024-31718 · WordPress · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF WordPress plugin versions prior to 6.3 Advanced Custom Fields Pro WordPress plugin versions prior to 6.3 Description: The issue allows displaying custom field values for any post via shortcode without checking for t...

7.5CVSS6.7AI score0.00428EPSS

Exploits2References5

NVD•added 2024/06/10 4:15 p.m.•22 views

CVE-2024-34762

Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....

9.9CVSS0.0059EPSS

Exploits0References1

Vulnrichment•added 2024/06/10 3:38 p.m.•16 views

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

9.9CVSS7AI score0.0059EPSS

Exploits0References1

CVE•added 2024/06/10 3:38 p.m.•64 views

CVE-2024-34762

CVE-2024-34762 affects the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro). The issue is an improper limitation of pathnames to a restricted directory, enabling PHP Local File Inclusion. Public details indicate impact up to versions prior to 6.2.10 (with some sources noting an authentica...

9.9CVSS9.5AI score0.0059EPSS

Exploits0References1

Cvelist•added 2024/06/10 3:38 p.m.•32 views

CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

9.9CVSS0.0059EPSS

Exploits0References1

Cvelist•added 2024/06/10 3:34 p.m.•21 views

CVE-2024-34761 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...

8.5CVSS0.00429EPSS

Exploits0References1

CVE•added 2024/06/10 3:34 p.m.•73 views

CVE-2024-34761

CVE-2024-34761 is a vulnerability in the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro) where an improper control of code generation enables Code Injection. The issue affects versions up to 6.2.9 (n/a before 6.2.10 per sources) and can be exploited by an authenticated user with Contribu...

8.5CVSS8.5AI score0.00429EPSS

Exploits0References1

CNNVD•added 2024/06/10 12:0 a.m.•3 views

WordPress plugin Advanced Custom Fields PRO Code Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability previously...

8.5CVSS7.5AI score0.00429EPSS

Exploits0References2

CNNVD•added 2024/06/10 12:0 a.m.•3 views

WordPress plugin Advanced Custom Fields PRO path traversal vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

9.9CVSS6.8AI score0.0059EPSS

Exploits0References2

NVD•added 2024/06/09 7:15 p.m.•13 views

CVE-2024-32081

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...

8.8CVSS0.00351EPSS

Exploits0References1

Cvelist•added 2024/06/09 6:37 p.m.•21 views

CVE-2024-32081 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...

4.3CVSS0.00351EPSS

Exploits0References1

Vulnrichment•added 2024/06/09 6:37 p.m.•15 views

CVE-2024-32081 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - Broken Access Control vulnerability

Missing Authorization vulnerability in Websupporter Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...

4.3CVSS6.9AI score0.00351EPSS

Exploits0References1

CVE•added 2024/06/09 6:37 p.m.•77 views

CVE-2024-32081

The CVE CVE-2024-32081 affects the WordPress plugin Filter Custom Fields & Taxonomies Light and is described as a Missing Authorization (Broken Access Control) vulnerability. Affected versions are up to 1.05 (n/a through 1.05). The connected sources indicate an unauthorized access issue with part...

8.8CVSS6.4AI score0.00351EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/06/03 8:13 p.m.•4 views

WordPress Advanced Custom Fields Pro plugin < 6.3 - Auth. Custom Field Access vulnerability

Auth. Custom Field Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Advanced Custom Fields PRO versions 6.3...

7.5CVSS7AI score0.00428EPSS

Exploits2References1Affected Software1

Patchstack•added 2024/06/03 8:7 p.m.•4 views

WordPress Advanced Custom Fields plugin < 6.3 - Auth. Custom Field Access

Auth. Custom Field Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin Advanced Custom Fields versions 6.3...

7.5CVSS7AI score0.00428EPSS

Exploits2References1Affected Software1

Patchstack•added 2024/06/03 12:0 a.m.•14 views

WordPress Advanced Custom Fields PRO Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1daa59fd8d88 Credits Scott Kingsley Clark...

7.5CVSS6.4AI score0.00428EPSS

Exploits2References2Affected Software1

Patchstack•added 2024/06/03 12:0 a.m.•18 views

WordPress Advanced Custom Fields Plugin < 6.3 is vulnerable to Sensitive Data Exposure

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.3 Fixed in 6.3 OWASP Top 10 A6: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-4565 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5beab9ff85fb Credits Scott Kingsley Clark...

7.5CVSS6.4AI score0.00428EPSS

Exploits2References3Affected Software1

wpexploit•added 2024/05/30 12:0 a.m.•233 views

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts includin...

9.5AI score0.00428EPSS

Exploits2

WPVulnDB•added 2024/05/30 12:0 a.m.•20 views

Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access

Description The plugin allows you to display custom field values for any post via shortcode without checking for the correct access PoC 1. ADMIN: Install Advanced Custom Fields or ACF Pro 2. ADMIN: Create a new field group for posts and add a field to that 3. ADMIN: Fill in content for posts...

9.3AI score0.00428EPSS

Exploits2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by