WordPress plugin Advanced Custom Fields 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

JVN#98946408: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting

WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege. Solution Update the plugin Update t...

CVE-2023-39438

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. This allows an arbitrary authenticated user to read CLA information including information of the persons who signed them as...

WordPress Advanced Custom Fields PRO Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c4bf4250f3b3 Credits Satoo Nakano Ryotaro Imamura Require...

WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...

PT-2023-15899 · WordPress · Checkout Fields Manager +12

Name of the Vulnerable Software and Affected Versions: Checkout Fields Manager WordPress plugin versions prior to 1.0.2 Abandoned Cart Recovery WordPress plugin versions prior to 1.2.5 Custom Fields for WooCommerce WordPress plugin versions prior to 1.0.4 Custom Order Number WordPress plugin...

PT-2023-27024 · WordPress · Acf Photo Gallery Field

Name of the Vulnerable Software and Affected Versions: ACF Photo Gallery Field plugin for WordPress versions up to, and including, 1.9 Description: The issue allows authenticated attackers with subscriber-level permissions or above to modify data unauthorizedly due to insufficient restrictions on...

The vulnerability of the Advanced Custom Fields plugin in the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the Advanced Custom Fields plugin in the WordPress content management system is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

WordPress Advanced Custom Fields Frontend Forms Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Frontend Forms Type Plugin Vulnerable versions = 1.3.4 Fixed in 1.3.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID e7bf47e904be Credits Rafie Muhammad...

WordPress Advanced Custom Fields options import/export Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields options import/export Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4db49edd1f34 Credits Rafie...

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

CVE-2021-4397

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

CVE-2020-36749

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...

CVE-2020-36749

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...

Cross site request forgery (csrf)

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

Cross site request forgery (csrf)

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a...

CVE-2021-4397 Staff Directory Plugin <= 3.6 - Cross-Site Request Forgery Bypass

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via ...

Cross site request forgery (csrf)

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4394 Locations <= 3.2.1 - Cross-Site Request Forgery Bypass

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

WordPress Plugin Locations 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...