976 matches found
Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
The plugin does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue https://example.ocm/wp-admin/options-general.php?page=acfe-options&orderby=1%20and%20sleep0.02%23...
WordPress Advanced Custom Fields: Extended plugin <= 0.8.8.6 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by JrXnm in WordPress Advanced Custom Fields: Extended plugin versions = 0.8.8.6. Solution Update the WordPress Advanced Custom Fields: Extended plugin to the latest available version at least 0.8.8.7...
Cross site scripting
The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
Cross site scripting
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-24871 Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting
The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
CVE-2021-20865
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors...
CVE-2021-20866
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...
CVE-2021-20866
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...
CVE-2021-20865
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors...
Authorization
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...
Authorization
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
Authorization
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors...
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
CVE-2021-20867
CVE-2021-20867 affects Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11. The root cause is a missing authorization mechanism for moving field groups, which could allow an attacker to move field groups they should not access via unspecified vectors. Public sources in the connected d...
CVE-2021-20866
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors...
CVE-2021-20866
The CVE-2021-20866 vulnerability affects Advanced Custom Fields (ACF) and ACF Pro prior to version 5.11. The issue is a missing authorization in obtaining the user list, leading to potential information disclosure of unauthorized user data via unspecified vectors. Public sources in Patchstack ind...
CVE-2021-20865
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors...
Delicious Brains Advanced Custom Fields Information Disclosure Vulnerability
Delicious Brains Advanced Custom Fields is an advanced custom fields plugin from Delicious Brains Canada.An information disclosure vulnerability exists in Delicious Brains Advanced Custom Fields, which stems from a lack of authorization related to obtaining user lists. The vulnerability stems fro...
Delicious Brains Advanced Custom Fields Access Control Error Vulnerability
Delicious Brains Advanced Custom Fields is an advanced custom fields plug-in from Delicious Brains Canada.An access control error vulnerability exists in Delicious Brains Advanced Custom Fields, which stems from a lack of authorization associated with database browsing The vulnerability stems fro...