9 matches found
WordPress Advanced Custom Fields: Extended plugin <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Kishan Vyas in WordPress Plugin ACF Extended versions = 0.9.2.3...
CVE-2025-15463
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
CVE-2025-15463 Advanced Custom Fields: Extended <= 0.9.2.3 - Unauthenticated Arbitrary Shortcode Execution
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
CVE-2025-15463
The CVE-2025-15463 entry concerns the Advanced Custom Fields: Extended WordPress plugin, affected versions up to 0.9.2.3. The vulnerability arises from code that executes do_shortcode without proper value validation, allowing unauthenticated attackers to execute arbitrary shortcodes. No public ex...
EUVD-2025-209809
The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This make...
WordPress plugin Advanced Custom Fields Extended 代码注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-40456
Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended versions prior to 0.9.2.4 Description The Advanced Custom Fields: Extended plugin for WordPress allows unauthenticated attackers to execute arbitrary shortcodes. This occurs because the software fails to proper...
openSUSE Security Update : syncthing / syncthing-gtk (openSUSE-2017-30)
This updates syncthing to version 0.14.16 and fixes the following issues : The following security issue was fixed : - A remote device that was already accepted by syncthing could perform arbitrary reads and writes outside of the configured directories boo1016161 This update also contains a number...