32 matches found
WPGraphQL 0.2.3 - User Creation
The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. id: CVE-2019-9879 info: name: WPGraphQL 0.2.3 - User Creation author: DhiyaneshDk severity:...
CVE-2024-34761
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...
CVE-2024-34762
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
EUVD-2024-28156
Malicious code in bioql PyPI...
EUVD-2024-37031
Malicious code in bioql PyPI...
EUVD-2024-35031
Malicious code in bioql PyPI...
JVN#21048820: WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection
Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection CWE-94 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 4.6 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N Base Score 3.4 CVE-2025-54940 Impact Crafted HTML code may be...
CVE-2024-37250
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37251
Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...
CVE-2024-30225
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...
CVE-2024-37251
Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...
CVE-2024-37251
CVE-2024-37251 affects the WordPress plugin Advanced Custom Fields PRO from WPENGINE (versions before 6.3.2). The issue is Cross-Site Request Forgery (CSRF) caused by insufficient permission checks, per Snyk and Red Hat/NVD entries. The exploitability notes show no explicit in-the-wild exploitati...
CVE-2024-37249
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37250
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37250
CVE-2024-37250 corresponds to a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Advanced Custom Fields PRO, affecting versions prior to 6.3.2 with a fixed release in 6.3.2. The core issue is misconfigured access control allowing subscriber-level context to access res...
CVE-2024-37250 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-34762
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
CVE-2024-34761
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...