WordPress Advanced Custom Fields Plugin 5.8.10 < 5.12.6 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; if description...

CVE-2022-40696

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields ACF.This issue affects Advanced Custom Fields ACF: from 3.1.1 through 6.0.2...

CVE-2022-40696

CVE-2022-40696 affects WordPress plugin WP Engine Advanced Custom Fields (ACF): versions 3.1.1 through 6.0.2 are vulnerable to information disclosure. The underlying issue is described as a Custom Field Value Exposure via parsed shortcode from user input, leading to disclosure of sensitive data t...

WordPress Plugin Advanced Custom Fields Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-11630 · Wp Engine · Wp Engine Advanced Custom Fields

Name of the Vulnerable Software and Affected Versions: WP Engine Advanced Custom Fields ACF versions 3.1.1 through 6.0.2 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made accessible to individuals wh...

WordPress Plugin Advanced Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery on AJAX Actions

Description The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to create, modify, a...

Improper Access Control

@strapi/strapi and @strapi/plugin-users-permissions are vulnerable to Improper Access Control. The vulnerability is caused by a missing configuration/provision to control which custom fields are allowed to be set during registration while calling the /api/auth/local/register route. This can lead ...

BIT-2023-45147

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

Virtualmin Cross-Site Scripting Vulnerability

Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems from Virtualmin. A security vulnerability exists in Virtualmin version 7.7 that stems from a cross-site scripting XSS vulnerability in the Custom Fields feature...

CVE-2023-47095

A Stored Cross-Site Scripting XSS vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server...

WordPress Advanced Custom Fields: Extended Plugin < 0.8.8.7 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:acf-extended:advancedcustomfields"; ifdescription...

WordPress Advanced Custom Fields: Extended Plugin < 0.8.9.4 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:acf-extended:advancedcustomfields"; ifdescription...

CVE-2023-32116

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin = 4.0.12 versions...

CVE-2023-32116

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin = 4.0.12 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin = 4.0.12 versions...

CVE-2023-32116 WordPress Custom post types Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin = 4.0.12 versions...

CVE-2023-32116

CVE-2023-32116 affects the WordPress plugin “TotalPress.Org Custom post types, Custom Fields & more” (versions &lt;= 4.0.12). The root cause is an authenticated stored XSS vulnerability exploitable by users with admin+ privileges; the impact is stored script execution within the plugin’s context ...