976 matches found
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
CVE-2023-30777 WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
CVE-2023-30777 WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...
CVE-2023-30777
Summary: CVE-2023-30777 is a reflected XSS affecting the WordPress plugins Advanced Custom Fields (Pro) and Advanced Custom Fields, versioned
WordPress Plugin Advanced Custom Fields PRO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Advanced Custom Fields Plugin < 6.1.6 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; ifdescription...
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting XSS that could be abused to inject arbitrary executable...
New Vulnerability in Popular WordPress Plugin Exposes Over 2 Million Sites to Cyberattacks
Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting XSS that could be abused to inject arbitrary executable...
WordPress Advanced Custom Fields PRO Plugin <= 6.1.5 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.1.5 Fixed in 6.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 007d3de805e3 Credits Rafie...
WordPress Advanced Custom Fields Plugin 5.8.10-5.12.5 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields Type Plugin Vulnerable versions 5.8.10-5.12.5 Fixed in 5.12.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2970573ffd97 Credits Raf...
PT-2023-3724 · Wp Engine · Wp Engine Advanced Custom Fields
Name of the Vulnerable Software and Affected Versions: WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins versions 6.1.5 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability in the WP Engine Advanced Custom Fields...
Advanced Custom Fields < 6.1.6 - Reflected XSS
The plugins do not escape the poststatus parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...
CVE-2023-1196
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
WordPress Advanced Custom Fields PRO Plugin < 6.1.0 is vulnerable to PHP Object Injection
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1.0 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 322be262bcd9 Credits Nguyen Huu Do Required...
WordPress Advanced Custom Fields Plugin < 5.12.5 is vulnerable to PHP Object Injection
Software Advanced Custom Fields Type Plugin Vulnerable versions 5.12.5 Fixed in 5.12.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 8c55b8a9942a Credits Nguyen Huu Do Required privile...
WordPress plugin Advanced Custom Fields (ACF) Free and Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...