CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privile...

WordPress plugin Secure Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

CVE-2024-49593

In Advanced Custom Fields ACF before 6.3.9 and Secure Custom Fields before 6.3.6.3 plugins for WordPress, using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the fr...

CVE-2024-49593

CVE-2024-49593 affects the WordPress ecosystem via two plugins: Advanced Custom Fields (ACF) and Secure Custom Fields. The vulnerability is a stored XSS that can be triggered when editing a Field Group with the plugin editors, enabling execution of malicious payloads. Affected versions are ACF pr...

PT-2024-33558 · WordPress · Advanced Custom Fields Pro +1

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF versions prior to 6.3.9 Secure Custom Fields versions prior to 6.3.6.3 Description: The issue allows for the execution of a stored XSS payload when using the Field Group editor to edit one of the plugin's fields in...

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites

The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site. Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive...

PT-2024-39679 · WordPress · Secure Custom Fields +1

Name of the Vulnerable Software and Affected Versions: Secure Custom Fields WordPress plugin versions prior to 6.3.9 Advanced Custom Fields Pro WordPress plugin versions prior to 6.3.9 Description: The issue allows high privilege users, such as admins, to run arbitrary PHP functions through the...