3 matches found
CVE-2026-12428
The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...
EUVD-2026-42568
The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...
CVE-2025-14937
CVE-2025-14937 : Frontend Admin by DynamiApps for WordPress is vulnerable to unauthenticated stored XSS via the acff parameter in the AJAX action frontend_admin/forms/update_field. Affected versions are all up to and including 3.28.23 due to insufficient input sanitization and output escaping. Wo...