19 matches found
CVE-2024-34762
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
EUVD-2024-35031
Malicious code in bioql PyPI...
CVE-2024-37250
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37251
Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...
CVE-2024-37251
Cross-Site Request Forgery CSRF vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2...
CVE-2024-37251
CVE-2024-37251 affects the WordPress plugin Advanced Custom Fields PRO from WPENGINE (versions before 6.3.2). The issue is Cross-Site Request Forgery (CSRF) caused by insufficient permission checks, per Snyk and Red Hat/NVD entries. The exploitability notes show no explicit in-the-wild exploitati...
CVE-2024-37249
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37250
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37250
CVE-2024-37250 corresponds to a Missing Authorization/Broken Access Control vulnerability in WordPress plugin Advanced Custom Fields PRO, affecting versions prior to 6.3.2 with a fixed release in 6.3.2. The core issue is misconfigured access control allowing subscriber-level context to access res...
CVE-2024-37249 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Contributor+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-37250 WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Subscriber+ Broken Access Control vulnerability
Missing Authorization vulnerability in WPEngine Inc. Advanced Custom Fields PRO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Custom Fields PRO: from n/a through 6.3.1...
CVE-2024-34762
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
CVE-2024-34761
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code 'Code Injection' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10...
CVE-2024-34762
CVE-2024-34762 affects the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro). The issue is an improper limitation of pathnames to a restricted directory, enabling PHP Local File Inclusion. Public details indicate impact up to versions prior to 6.2.10 (with some sources noting an authentica...
CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
CVE-2024-34762 Wordpress Advanced Custom Fields Pro plugin < 6.2.10 - Contributor+ Local File Inclusion vulnerability
Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2....
CVE-2024-34761
CVE-2024-34761 is a vulnerability in the WordPress plugin Advanced Custom Fields Pro (WP ACF Pro) where an improper control of code generation enables Code Injection. The issue affects versions up to 6.2.9 (n/a before 6.2.10 per sources) and can be exploited by an authenticated user with Contribu...
CVE-2024-30225
Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...