Lucene search
K

15 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 3:25 a.m.4 views

CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...

4.3CVSS5.7AI score0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 3:25 a.m.8 views

CVE-2025-12081

The CVE-2025-12081 entry concerns the WordPress plugin ACF Photo Gallery Field (navz-photo-gallery) with versions up to 3.0. The root cause is a missing capability check in the acf_photo_gallery_edit_save function, allowing authenticated attackers with subscriber+ privileges to modify attachment ...

4.3CVSS5.7AI score0.00267EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/19 3:25 a.m.30 views

CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...

4.3CVSS0.00267EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.10 views

WordPress plugin ACF Photo Gallery Field 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-44582

Malicious code in bioql PyPI...

4.3CVSS6.1AI score0.0041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:53 a.m.7 views

CVE-2024-23518

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

4.3CVSS6.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.5 views

CVE-2023-3957

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4.3CVSS6.5AI score0.0041EPSS
Exploits0References1
NVD
NVD
added 2024/06/11 5:15 p.m.21 views

CVE-2024-23518

Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...

4.3CVSS0.00441EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.12 views

ACF Photo Gallery Field < 2.7 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...

9.2AI score0.00441EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/27 6:54 a.m.4 views

CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update

The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...

4.3CVSS6.6AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 2023/07/27 6:54 a.m.39 views

CVE-2023-3957

CVE-2023-3957 concerns the ACF Photo Gallery Field plugin for WordPress. The vulnerability arises from insufficient restrictions in the apg_profile_update function, allowing authenticated users with subscriber-level permissions or higher to modify other users' metas arbitrarily (the meta value is...

4.3CVSS4.6AI score0.0041EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.2 views

WordPress plugin ACF Photo Gallery Field 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ACF Photo Gallery...

4.3CVSS6.5AI score0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/27 12:0 a.m.4 views

PT-2023-27024 · WordPress · Acf Photo Gallery Field

Name of the Vulnerable Software and Affected Versions: ACF Photo Gallery Field plugin for WordPress versions up to, and including, 1.9 Description: The issue allows authenticated attackers with subscriber-level permissions or above to modify data unauthorizedly due to insufficient restrictions on...

4.3CVSS5.3AI score0.0041EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/17 12:0 a.m.4 views

WordPress plugin ACF Photo Gallery Field跨站脚本漏洞

WordPress plugin is an open source application plugin for WordPress. The WordPress ACF Photo Gallery Field plugin suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability ...

6.1CVSS6.1AI score0.008EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/12/20 12:0 a.m.18 views

ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...

6.1CVSS0.7AI score0.008EPSS
Exploits2Affected Software1
Rows per page
Query Builder