10 matches found
CVE-2023-30777
Summary: CVE-2023-30777 is a reflected XSS affecting the WordPress plugins Advanced Custom Fields (Pro) and Advanced Custom Fields, versioned
CVE-2022-23183
CVE-2022-23183 affects WordPress plugin Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with versions prior to 5.12.1 vulnerable to missing authorization. A remote authenticated attacker could view database information without proper permissions. Root cause: insufficient access contr...
CVE-2024-9529
CVE-2024-9529 affects WordPress plugins Secure Custom Fields (Secure Custom Fields WordPress plugin) up to versions before 6.3.9 and 6.3.6.3, and Advanced Custom Fields Pro up to before 6.3.9. Root cause: the plugins’ Settings Import functionality does not prevent executing arbitrary PHP function...
CVE-2021-24241
CVE-2021-24241 affects the WordPress plugin Advanced Custom Fields Pro (before 5.9.1). The issue is a reflected XSS in the update settings page caused by insufficient escaping of the generated update URL when output in an attribute. Impact described in multiple sources includes the possibility of...
CVE-2021-20866
The CVE-2021-20866 vulnerability affects Advanced Custom Fields (ACF) and ACF Pro prior to version 5.11. The issue is a missing authorization in obtaining the user list, leading to potential information disclosure of unauthorized user data via unspecified vectors. Public sources in Patchstack ind...
CVE-2024-4565
CVE-2024-4565 affects Advanced Custom Fields (ACF) for WordPress and ACF Pro prior to version 6.3, where a shortcode can display a post’s custom field values without proper access checks. This is an information disclosure issue involving unauthorized access to field data via shortcode rendering. ...
CVE-2020-36172
The CVE-2020-36172 entry concerns the WordPress plugin Advanced Custom Fields. Concrete details from connected sources show that the plugin (versions before 5.8.12) mishandles escaping of strings in Select2 dropdowns, which can lead to Cross-Site Scripting (XSS). There is no explicit exploit path...
CVE-2018-20986
CVE-2018-20986 concerns the WordPress plugin Advanced Custom Fields (vendor: a.k.a. Elliot Condon) prior to version 5.7.8. The vulnerability is an XSS issue reported as “XSS by authors,” indicating that unauthenticated or authenticated users with certain roles may inject and execute client-side s...
CVE-2021-20867
CVE-2021-20867 affects Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11. The root cause is a missing authorization mechanism for moving field groups, which could allow an attacker to move field groups they should not access via unspecified vectors. Public sources in the connected d...
CVE-2021-20865
CVE-2021-20865 affects the WordPress plugins Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with vulnerable versions prior to 5.11. The root cause is a missing authorization in the database-browsing pathway, potentially allowing an attacker to access unauthorized data via unspecifie...