Advanced Custom Fields < 6.1.0 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

Advanced Custom Fields < 5.12.5 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. PoC Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

Advanced Custom Fields < 6.1.0 - Contributor+ PHP Object Injection

The plugin unserializes user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. Setup As admin - To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

WordPress Advanced Custom Fields Plugin <= 6.0.7 is vulnerable to PHP Object Injection

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.0.7 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 29e8820ff608 Credits Unknown Required privilege Contributor...

The vulnerability in the script of the web application for managing IP addresses, app/admin/custom-fields/edit-result.php, allows a violator to execute arbitrary SQL commands.

The vulnerability in the script app/admin/custom-fields/edit-result.php of the IP address management web application, developed with PHPIPAM, relates to the lack of measures taken to protect the SQL query structure during the processing of user fields with the parameter fieldType=set&fieldSize='1...

WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)

Software WP Custom Fields Search Type Plugin Vulnerable versions = 1.2.34 Fixed in 1.2.35 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47157 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7498e4b584cc Credits Justiice...

WP Custom Fields Search < 1.2.35 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SQL Injection in Custom Fields

Description SQL injection when updating custom fields in the admin panel. Malicious web admins can use POST /app/admin/custom-fields/edit-result.php with parameters fieldType=set&fieldSize='1' CHARACTER SET utf8; SELECT sleep3; to execute the inserted SQL command SELECT sleep3; and thus result th...

WordPress plugin Custom Post Types and Custom Fields creator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Advanced Custom Fields: Image Crop Add-on Plugin <= 1.4.12 is vulnerable to Broken Access Control

Software Advanced Custom Fields: Image Crop Add-on Type Plugin Vulnerable versions = 1.4.12 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-22676 Patch priority Low CVSS severity Low 3.1 Developer Claim ownership PSID ae467650d1f0 Credits Istv...

WordPress Plugin 'Advanced Custom Fields' < 5.12.4, 6.x < 6.0.3 Custom Field Value Exposure

The WordPress application running on the remote host has a version of the 'Advanced Custom Fields' plugin that is prior to 5.12.4 or 6.x prior to 6.0.3. It is, therefore, affected by a custom field value exposure through parsed shortcode from user input vulnerability. Note that Nessus has not...

Design/Logic Flaw

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

PT-2022-7392 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.4 Description: The issue is related to improper input validation in the GLPI system, which can be exploited by a remote attacker to impact the system's integrity. Users may be able to inject custom field values in...

CVE-2022-39376 Improper input validation on emails links in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to inject custom fields values in mailto links. This issue has been patched, please...

WordPress Advanced Custom Fields plugin 3.1.1 - 6.0.2 - Custom Field Value Exposure vulnerability

Custom Field Value Exposure Through Parsed Shortcode from User Input vulnerability discovered by Juan Hoffmann in WordPress Advanced Custom Fields plugin versions 3.1.1 - 6.0.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 6.0.3...

GHSA-6W4Q-23CF-J9JP parse-server's session object properties can be updated by foreign user if object ID is known

Impact A foreign user can write to the session object of another user if the session object ID is known. For example, a foreign user can assign the session object to their own user by writing to the user field and then read any custom fields of that session object. Note that assigning a session t...

WordPress Core Cross Site Scripting / SQL Injection

Description: SQL Injection via Links LIMIT clause Affected Versions: WordPress Core 6.0.2 Researcher: FVD CVE ID: Pending CVSS Score: 8.0 High CVSS Vector:CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Fully Patched Version: 6.0.2 The WordPress Link functionality, previously known as “Bookmarks”, i...

WordPress Advanced Custom Fields Plugin 5.x < 5.12.3 File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; ifdescription...

WordPress Advanced Custom Fields Pro Plugin 5.x < 5.12.3 File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfieldspro"; ifdescription...