WordPress Advanced Custom Fields PRO Plugin <= 6.3.7 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions = 6.3.7 Fixed in 6.3.8 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID aa150d72013d Credits Automattic Security Team...

WordPress Advanced Custom Fields Plugin <= 6.3.6 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.3.6 Fixed in 6.3.6.1 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2024-9529 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2b40e735610b Credits Automattic Security Team...

WordPress Advanced Custom Fields Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20865 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a4b648ba0bb Credits Keitaro Yamazaki Required...

WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 5.11 Fixed in 5.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2021-20867 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 38d705c1f970 Credits Keitaro Yamazaki...

WordPress Advanced Custom Fields PRO Plugin < 6.2.10 is vulnerable to Arbitrary Code Execution

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.10 Fixed in 6.2.10 OWASP Top 10 A3: Injection Classification Arbitrary Code Execution CVE CVE-2024-34761 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d593f1472031 Credits Security audit Required...

WordPress Advanced Custom Fields PRO Plugin < 6.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.2.5 Fixed in 6.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6701 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5c62a93a2661 Credits Francesco Carlucci Required...

WordPress Advanced Custom Fields Plugin < 6.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.2.5 Fixed in 6.2.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-6701 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d7cb7ac0fa29 Credits Francesco Carlucci Required...

WordPress Advanced Custom Fields PRO Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields PRO Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c4bf4250f3b3 Credits Satoo Nakano Ryotaro Imamura Require...

WordPress Advanced Custom Fields Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 6.1-6.1.7 Fixed in 6.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40068 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ad8c9dc6f2b9 Credits Satoo Nakano...

WordPress Advanced Custom Fields Plugin 5.8.10-5.12.5 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.8.10-5.12.5 Fixed in 5.12.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30777 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2970573ffd97 Credits Raf...

WordPress Advanced Custom Fields Plugin < 5.12.5 is vulnerable to PHP Object Injection

Software Advanced Custom Fields Type Plugin Vulnerable versions 5.12.5 Fixed in 5.12.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1196 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 8c55b8a9942a Credits Nguyen Huu Do Required privile...

WordPress Advanced Custom Fields Plugin <= 6.0.7 is vulnerable to PHP Object Injection

Software Advanced Custom Fields Type Plugin Vulnerable versions = 6.0.7 Fixed in 6.1.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 29e8820ff608 Credits Unknown Required privilege Contributor...