Lucene search
K

251 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS0.00285EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42568

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-12428

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References9
CVE
CVE
added 6 days ago10 views

CVE-2026-12428

The CVE concerns the WordPress plugin Blocks for ACF Fields (versions up to 1.6.2). A missing capability check on the REST endpoint /wp-json/acf-field-blocks/v1/values (get_all_values) allows unauthorized access to ACF field data. The permission_callback only verifies publish_posts, and the handl...

6.5CVSS6.1AI score0.00285EPSS
Exploits0References8
CVE
CVE
added 2026/07/08 5:34 a.m.11 views

CVE-2026-10570

The CVE-2026-10570 entry concerns the Sympl Repeater for ACF and Elementor WordPress plugin (versions up to 2.3). Affected component: the function symp_arfe_replace_content() , which uses str_replace() to insert raw ACF field values (via get_field()) directly into Elementor-generated HTML without...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 5:34 a.m.7 views

EUVD-2026-42176

The Sympl Repeater for ACF and Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ACF repeater field values in all versions up to, and including, 2.3. This is due to insufficient input sanitization and output escaping in the symparfereplacecontent function, which uses...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/12 8:9 a.m.88 views

Exploit for CVE-2026-8809

CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 -...

9.8CVSS5.6AI score0.008EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-15463

The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...

6.5CVSS6AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.14 views

CVE-2026-8382

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/01 8:7 a.m.15 views

WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by daroo in WordPress Plugin ACF Extended versions = 0.9.2.5...

9.8CVSS5.8AI score0.008EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/31 2:28 a.m.26 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.17 views

PT-2026-45169

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

WordPress plugin Advanced Custom Fields: Extended 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

9.8CVSS5.8AI score0.008EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/29 1:39 a.m.4 views

CVE-2025-62104

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS5.1AI score0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 12:31 p.m.5 views

EUVD-2025-209561

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 12:17 p.m.7 views

CVE-2025-62104

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 11:2 a.m.28 views

CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 11:2 a.m.3 views

CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/23 11:1 a.m.7 views

WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin ACF Galerie 4 versions = 1.4.2...

4.3CVSS5.8AI score0.00198EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

WordPress plugin ACF Galerie 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References1
Rows per page
Query Builder