Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

NVD
NVDadded 2025/12/09 6:15 p.m.1 views

CVE-2025-13924

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

4.3CVSS0.00011EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/12/09 5:23 p.m.18 views

CVE-2025-13924 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

4.3CVSS0.00011EPSS
Exploits0References3
EUVD
EUVDadded 2025/12/09 5:23 p.m.1 views

EUVD-2025-202267

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

4.3CVSS4.8AI score0.00011EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/12/09 5:23 p.m.1 views

CVE-2025-13924 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

4.3CVSS4.9AI score0.00011EPSS
Exploits0References3
CVE
CVEadded 2025/12/09 5:23 p.m.3 views

CVE-2025-13924

CVE-2025-13924 affects Advanced Product Fields (Product Addons) for WooCommerce. The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation on the maybe_duplicate function, allowing unauthenticated attackers to duplicate and publish product field groups (including...

4.3CVSS4.9AI score0.00011EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.3 views

PT-2025-50109

Name of the Vulnerable Software and Affected Versions Advanced Product Fields Product Addons for WooCommerce plugin for WordPress versions prior to 1.6.18 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation within...

4.3CVSS6.4AI score0.00011EPSS
Exploits0References5
CVE
CVEadded 2024/07/09 8:33 a.m.39 views

CVE-2024-6168

CVE-2024-6168 refers to a CSRF vulnerability in the WordPress plugin Just Custom Fields, affecting all versions up to 3.3.2. The issue arises from missing or incorrect nonce validation on several AJAX functions, allowing unauthenticated attackers to trick an admin into performing admin actions. C...

4.3CVSS4.7AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/07/09 8:33 a.m.16 views

CVE-2024-6168 Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery via AJAX actions

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality...

4.3CVSS0.00178EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/07/09 12:0 a.m.1 views

PT-2024-37427 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functionality intended for admin users due to a missing...

4.3CVSS6.8AI score0.00188EPSS
Exploits0References6
CNVD
CNVDadded 2021/12/04 12:0 a.m.24 views

Delicious Brains Advanced Custom Fields Licensing Issue Vulnerability

Delicious Brains Advanced Custom Fields is an advanced custom fields add-on from Delicious Brains Canada.An authorization issue vulnerability exists in Delicious Brains Advanced Custom Fields, which stems from a lack of authorization related to the movement of field groups. The vulnerability stem...

6.5CVSS3AI score0.00746EPSS
Exploits0References1
CNNVD
CNNVDadded 2021/12/02 12:0 a.m.2 views

Delicious Brains Advanced Custom Fields 安全漏洞

Delicious Brains Advanced Custom Fields is an advanced custom fields add-on from Delicious Brains Canada.An authorization issue vulnerability exists in Delicious Brains Advanced Custom Fields, which stems from a lack of authorization related to the movement of field groups. The vulnerability stem...

6.5CVSS5.6AI score0.00746EPSS
Exploits0References6
WPVulnDB
WPVulnDBadded 2021/08/25 12:0 a.m.27 views

Advanced Custom Fields < 5.11 - Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move

Some of the functions did not have proper capability checks in place, allowing low privilege users such as subscribers to view arbitrary ACF data, movie fields, as well as view field groups...

5.1AI score0.01947EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder