976 matches found
WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Keitaro Yamazaki of Ierae Security, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Advanced Custom Fields < 5.12.1 - Contributor+ Database Information Access
The plugin does not have proper authorisation which could allow users with a role as low as contributor to view information on the database without the access permission...
JVN#42543427: WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization
WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains a missing authorization vulnerability CWE-862. Impact Users of this product Editor, Author, Contributor may view the information on the database without the access permission. Solution Update the plugin Update the...
WordPress Plugin Advanced Custom Fields 安全漏洞
WordPress is a set of Wordpress Foundation's blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Advanced Custom Fields Plugin is vulnerable...
WordPress Advanced Custom Fields plugin <= 5.12 - Database Information Access vulnerability
Database Information Access vulnerability was discovered by Keitaro Yamazaki Ierae Security Inc in the WordPress Advanced Custom Fields plugin versions = 5.12. Solution Update the WordPress Advanced Custom Fields plugin to the latest available version at least 5.12.1...
WordPress Advanced Custom Fields options import/export plugin <= 1.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Advanced Custom Fields options import/export plugin versions = 1.0.4. Solution No patched version available...
WordPress Advanced Custom Fields options import/export plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Advanced Custom Fields options import/export plugin versions = 1.0.4. Solution No patched version available...
WordPress Advanced Custom Fields: Extended plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to Wordpress Plugin Advanced Custom Fields: Extended 0.8.8.7, whi...
CVE-2021-24865
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...
CVE-2021-24865
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...
CVE-2021-24865
CVE-2021-24865 affects the WordPress plugin Advanced Custom Fields: Extended (pre-0.8.8.7). The vulnerability arises because the plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL injection. The issue is confirmed across multiple sourc...
WordPress plugin SQL注入漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to Wordpress Plugin Advanced Custom Fields: Extended 0.8.8.7, whi...
WordPress plugin ACF Photo Gallery Field跨站脚本漏洞
WordPress plugin is an open source application plugin for WordPress. The WordPress ACF Photo Gallery Field plugin suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability ...
CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...
CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...
Improper access control
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...
CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...
CVE-2021-43949
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature. The affected versions are before version 4.21.0...
Atlassian Jira 信息泄露漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira Center is vulnerable to an access control error that occurs when a networked system or product does not properly restrict access to resources from unauthorized roles, which can be exploited by an...
Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
The plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue PoC https://example.ocm/wp-admin/options-general.php?page=acfe-options=1%20and%20sleep0.02%23...