7 matches found
CVE-2024-9529
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...
CVE-2024-9529
creationtimestamp| type| source ---|---|--- 2024-11-15 06:18:33+00:00| seen| https://infosec.exchange/users/cve/statuses/113485513577251295 2024-11-15 09:23:49+00:00| seen| https://t.me/cvedetector/11049...
CVE-2024-9529 Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...
CVE-2024-9529 Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...
CVE-2024-9529
CVE-2024-9529 affects WordPress plugins Secure Custom Fields (Secure Custom Fields WordPress plugin) up to versions before 6.3.9 and 6.3.6.3, and Advanced Custom Fields Pro up to before 6.3.9. Root cause: the plugins’ Settings Import functionality does not prevent executing arbitrary PHP function...
WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution
Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...
WordPress Advanced Custom Fields Plugin <= 6.3.6 is vulnerable to Arbitrary Code Execution
Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6 Fixed in 6.3.6.1 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b40e735610b Credits Automattic Security Team...