CVE-2022-2594

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...

CVE-2022-2594

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration so PHP is not possible if there is a frontend form available. This vulnerability was introduced i...

CVE-2022-2594

The CVE-2022-2594 entry concerns the WordPress plugins Advanced Custom Fields (ACF) and Advanced Custom Fields Pro (ACF Pro) prior to version 5.12.3. Affects ACF and ACF Pro when a frontend form is available, allowing unauthenticated users to upload files permitted by default WordPress configurat...

WordPress plugin Advanced Custom Fields 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-17611 · WordPress · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields WordPress plugin versions prior to 5.12.3 Advanced Custom Fields Pro WordPress plugin versions prior to 5.12.3 Description: The issue allows unauthenticated users to upload files, limited to those allowed in a default...

WordPress Advanced Custom Fields plugin <= 5.12.2 - Unauthenticated File Upload vulnerability

Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields plugin versions = 5.12.2. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.12.3...

WordPress Advanced Custom Fields PRO premium plugin <= 5.12.2 - Unauthenticated File Upload vulnerability

Unauthenticated File Upload vulnerability discovered by James Golovich in WordPress Advanced Custom Fields PRO premium plugin versions = 5.12.2. Solution Update the WordPress Advanced Custom Fields PRO plugin to the latest available version at least 5.12.3...

Design/Logic Flaw

The Appfire Jira Misc Custom Fields JMCF app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function...

Atlassian Jira 跨站脚本漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is mainly used for tracking and managing various types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira's Appfire Jira Misc Custom Fields JMCF app version 2.4.6. An...

CVE-2022-1326

The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

WordPress plugin Form - Contact Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Form-Contact Form plugin 1.2.4 and earlier versions have a cross-site scripting vulnerabili...

CVE-2022-31398

A cross-site scripting XSS vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

HelpDeskZ 跨站脚本漏洞

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

WordPress plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Advanced Custom Fields Plugin授权问题漏洞

WordPress is a set of Wordpress Foundation's blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Advanced Custom Fields Plugin is vulnerable...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission...

CVE-2022-23183

CVE-2022-23183 affects WordPress plugin Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with versions prior to 5.12.1 vulnerable to missing authorization. A remote authenticated attacker could view database information without proper permissions. Root cause: insufficient access contr...