5 matches found
CVE-2024-37250
CVE-2024-37250 corresponds to a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Advanced Custom Fields PRO, affecting versions prior to 6.3.2 with a fixed release in 6.3.2. The core issue is misconfigured access control allowing subscriber-level context to access res...
WordPress Advanced Custom Fields PRO Plugin <= 6.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.8 Fixed in 6.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2e0e0bd5611b Credits Duc Luong Tran Required privilege...
WordPress WooCommerce Multiple Customer Addresses & Shipping plugin < 24.9 - Vulnerable ACF Pro plugin Embed vulnerability
Vulnerable ACF Pro plugin Embed vulnerability discovered by ? in WordPress Plugin WooCommerce Multiple Customer Addresses & Shipping versions 24.9...
WordPress Advanced Custom Fields PRO Plugin < 6.3.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.3.2 Fixed in 6.3.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a5acbbde5c90 Credits Rafie...
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...