Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability

Contributor+ Local File Inclusion vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.2.10...

Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Arbitrary Function Execution vulnerability

Contributor+ Arbitrary Function Execution vulnerability discovered by Security audit in WordPress Plugin Advanced Custom Fields PRO versions 6.2.10...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Local File Inclusion

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-34762 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID c63a5562f29a Credits Security audit Required privile...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...

PT-2024-28531 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions up to, and including, 3.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Pod Form widget,...

CVE-2024-0613

The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajaxdeletefield function. This makes it possible for unauthenticated attackers to delete arbitrary pos...

CVE-2024-0613

CVE-2024-0613 refers to the Delete Custom Fields WordPress plugin. The description (and corroborating references) state that all versions up to and including 0.3.1 are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on ajax_delete_field(). This enables unauth...

WordPress plugin Delete Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

PT-2024-23595 · WordPress · Acf Front End Editor

Name of the Vulnerable Software and Affected Versions: ACF Front End Editor plugin for WordPress versions prior to 2.0.3 Description: The issue allows authenticated attackers with subscriber-level access and above to update arbitrary post title, content, and ACF data due to a missing capability...

CVE-2024-33274

CVE-2024-33274 describes a Directory Traversal in PrestaShop’s FME Modules customfields (v2.2.7 and earlier). The vulnerability is triggered via the ajax.php endpoint’s parameter referenced as "Custom Checkout Fields, Add Custom Fields to Checkout", allowing a remote attacker to obtain sensitive ...

PT-2024-23586 · WordPress · Acf On-The-Go

Name of the Vulnerable Software and Affected Versions: ACF On-The-Go plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is related to a missing capability check on the acfg update fields function, allowing authenticated attackers with subscriber-level access and abov...

CVE-2024-33274

Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php...

WordPress Delete Custom Fields plugin <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion vulnerability

Cross-Site Request Forgery to Post Meta Deletion vulnerability discovered by Francesco Carlucci in WordPress Plugin Delete Custom Fields versions = 0.3.1...

WordPress Delete Custom Fields Plugin <= 0.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Delete Custom Fields Type Plugin Vulnerable versions = 0.3.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0613 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 68d8efef2ebd Credits Francesco Carlucc...

CVE-2024-1204

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

CVE-2024-1204

The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...

WordPress Meta Box – WordPress Custom Fields Framework Plugin < 5.9.4 is vulnerable to Broken Access Control

Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions 5.9.4 Fixed in 5.9.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc7a0ef7141a Credits Sco...

WordPress Plugin Meta Box 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...