251 matches found
CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...
CVE-2024-3072
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...
CVE-2024-3072
CVE-2024-3072 affects the ACF Front End Editor WordPress plugin. Root cause: a missing capability check in update_texts() across all versions up to 2.0.2, enabling authenticated subscribers and above to modify arbitrary post titles, content, and ACF data. Impact is unauthorized data modification ...
WordPress plugin ACF Front End Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...
WordPress ACF Front End Editor Plugin <= 2.0.2 is vulnerable to Broken Access Control
Software ACF Front End Editor Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3072 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5c576884eef4 Credits Francesco Carlucci Required...
WordPress ACF On-The-Go Plugin <= 1.0.1 is vulnerable to Broken Access Control
Software ACF On-The-Go Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3071 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d532a3fc713 Credits Francesco Carlucci Required...
ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...
ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update
Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...
ACF Photo Gallery Field < 2.7 - Missing Authorization
Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...
CVE-2024-1121
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...
CVE-2023-6701
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2023-6701 Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field
The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...
CVE-2023-6701
CVE-2023-6701 affects the WordPress plugin Advanced Custom Fields (ACF) , with a stored XSS vulnerability in a custom text field. Affected versions: all up to and including 6.2.4 . Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticated access (contrib...
CVE-2024-1121
CVE-2024-1121 concerns the WordPress plugin Advanced Forms for ACF . The issue is a missing capability check in the function export_json_file(), affecting all versions up to and including 1.9.3.2, enabling unauthenticated attackers to export form settings (unauthorized data access). Public source...
CVE-2024-1121 Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export
The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...
Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export
Description The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...
WordPress plugin Advanced Forms for ACF security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...