15 matches found
CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...
CVE-2025-12081
The CVE-2025-12081 entry concerns the WordPress plugin ACF Photo Gallery Field (navz-photo-gallery) with versions up to 3.0. The root cause is a missing capability check in the acf_photo_gallery_edit_save function, allowing authenticated attackers with subscriber+ privileges to modify attachment ...
CVE-2025-12081 ACF Photo Gallery Field <= 3.0 - Missing Authorization to Authenticated (Subscriber+) Attachment Metadata Modification
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the "acfphotogalleryeditsave" function in all versions up to, and including, 3.0. This makes it possible for authenticated attackers, with subscriber level acce...
WordPress plugin ACF Photo Gallery Field 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
EUVD-2023-44582
Malicious code in bioql PyPI...
CVE-2024-23518
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...
CVE-2023-3957
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...
CVE-2024-23518
Missing Authorization vulnerability in Navneil Naicker ACF Photo Gallery Field.This issue affects ACF Photo Gallery Field: from n/a through 2.6...
ACF Photo Gallery Field < 2.7 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...
CVE-2023-3957 ACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta Update
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apgprofileupdate' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or...
CVE-2023-3957
CVE-2023-3957 concerns the ACF Photo Gallery Field plugin for WordPress. The vulnerability arises from insufficient restrictions in the apg_profile_update function, allowing authenticated users with subscriber-level permissions or higher to modify other users' metas arbitrarily (the meta value is...
WordPress plugin ACF Photo Gallery Field 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin ACF Photo Gallery...
PT-2023-27024 · WordPress · Acf Photo Gallery Field
Name of the Vulnerable Software and Affected Versions: ACF Photo Gallery Field plugin for WordPress versions up to, and including, 1.9 Description: The issue allows authenticated attackers with subscriber-level permissions or above to modify data unauthorizedly due to insufficient restrictions on...
WordPress plugin ACF Photo Gallery Field跨站脚本漏洞
WordPress plugin is an open source application plugin for WordPress. The WordPress ACF Photo Gallery Field plugin suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability ...
ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC...