CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

CVE-2026-8382 Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...

PT-2024-10575 · Unknown · N-Media Post Front-End Form +1

Name of the Vulnerable Software and Affected Versions: Frontend File Manager versions prior to 4.0 N-Media Post Front-end Form versions prior to 1.1 Description: The issue allows unauthenticated attackers to upload arbitrary files on the server due to missing file type validation via the nm...

WordPress plugin Frontend File Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

VulnCheck KEV: CVE-2016-15042

The Frontend File Manager versions 4.0, N-Media Post Front-end Form versions 1.1 plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the nmfilemanageruploadfile and nmpostfrontuploadfile AJAX actions. This makes it possible...

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

CVE-2023-47129 Statamic CMS remote code execution via front-end form uploads

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

Craft CMS Cross-Site Scripting Vulnerability (CNVD-2021-46873)

Craft CMS is a content management system for developers, designers and web professionals that provides flexibility, power and ease of use. A cross-site scripting vulnerability exists in a front-end form that accepts user uploads in versions of Craft CMS prior to 3.6.0. Detailed vulnerability...

Pixel＆tonic Craft CMS 跨站脚本漏洞

Craft CMS is a content management system for developers, designers and web professionals that provides flexibility, power and ease of use. A cross-site scripting vulnerability exists in a front-end form that accepts user uploads in versions of Craft CMS prior to 3.6.0. Detailed vulnerability...

WordPress N-Media Post Front-end Form Plugin <= 1.0 - Arbitrary File Upload Vulnerability

Arbitrary File Upload Vulnerability was found in WordPress N-Media Post Front-end Form Plugin v1.0. It only validates the file on client-side with JavaScript so the validation can be easily bypassed. Solution Update the plugin...