Lucene search
K

251 matches found

Vulnrichment
Vulnrichment
added 2024/05/02 4:52 p.m.9 views

CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS6AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.31 views

CVE-2024-3071 ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

4.3CVSS5.1AI score0.00361EPSS
Exploits0References2
NVD
NVD
added 2024/04/30 9:15 a.m.24 views

CVE-2024-3072

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

4.3CVSS4.8AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/30 8:32 a.m.15 views

CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

4.3CVSS6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/30 8:32 a.m.28 views

CVE-2024-3072 ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

4.3CVSS5.1AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/04/30 8:32 a.m.56 views

CVE-2024-3072

CVE-2024-3072 affects the ACF Front End Editor WordPress plugin. Root cause: a missing capability check in update_texts() across all versions up to 2.0.2, enabling authenticated subscribers and above to modify arbitrary post titles, content, and ACF data. Impact is unauthorized data modification ...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.6 views

WordPress plugin ACF Front End Editor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.16 views

WordPress ACF Front End Editor Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software ACF Front End Editor Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3072 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5c576884eef4 Credits Francesco Carlucci Required...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/04/30 12:0 a.m.9 views

WordPress ACF On-The-Go Plugin <= 1.0.1 is vulnerable to Broken Access Control

Software ACF On-The-Go Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3071 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 6d532a3fc713 Credits Francesco Carlucci Required...

4.3CVSS6.6AI score0.00361EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.12 views

ACF On-The-Go <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF On-The-Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the acfgupdatefields function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access an...

4.3CVSS6.6AI score0.00361EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.16 views

ACF Front End Editor <= 2.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Update

Description The ACF Front End Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updatetexts function in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level access...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.13 views

ACF Photo Gallery Field < 2.7 - Missing Authorization

Description The plugin is vulnerable to unauthorized access of data, modification of data, or loss of data due to a missing capability check on an unknown function, allowing authenticated attackers, with subscriber access and above, to access the unprotected function...

9.2AI score0.00441EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/05 10:16 p.m.27 views

CVE-2024-1121

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

5.3CVSS5.1AI score0.00562EPSS
Exploits0References2
NVD
NVD
added 2024/02/05 10:15 p.m.14 views

CVE-2023-6701

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS5.7AI score0.00523EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/05 9:22 p.m.19 views

CVE-2023-6701 Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS6.8AI score0.00523EPSS
Exploits0References3
CVE
CVE
added 2024/02/05 9:22 p.m.126 views

CVE-2023-6701

CVE-2023-6701 affects the WordPress plugin Advanced Custom Fields (ACF) , with a stored XSS vulnerability in a custom text field. Affected versions: all up to and including 6.2.4 . Root cause: insufficient input sanitization and output escaping. Exploitation requires authenticated access (contrib...

6.4CVSS5.2AI score0.00523EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/02/05 9:21 p.m.58 views

CVE-2024-1121

CVE-2024-1121 concerns the WordPress plugin Advanced Forms for ACF . The issue is a missing capability check in the function export_json_file(), affecting all versions up to and including 1.9.3.2, enabling unauthenticated attackers to export form settings (unauthorized data access). Public source...

5.3CVSS6AI score0.00562EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.33 views

CVE-2024-1121 Advanced Forms for ACF <= 1.9.3.2 - Missing Authorization to Unauthenticated Form Settings Export

The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

5.3CVSS5.4AI score0.00562EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.19 views

Advanced Forms for ACF < 1.9.3.3 - Missing Authorization to Unauthenticated Form Settings Export

Description The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportjsonfile function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings...

5CVSS7AI score0.00562EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.6 views

WordPress plugin Advanced Forms for ACF security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.5AI score0.00562EPSS
Exploits0References3
Rows per page
Query Builder