Lucene search
K
AdvancedcustomfieldsAdvanced Custom Fields*

10 matches found

CVE
CVE
added 2023/05/10 5:50 a.m.416 views

CVE-2023-30777

Summary: CVE-2023-30777 is a reflected XSS affecting the WordPress plugins Advanced Custom Fields (Pro) and Advanced Custom Fields, versioned

7.1CVSS6AI score0.38768EPSS
Web
CVE
CVE
added 2022/03/31 7:20 a.m.235 views

CVE-2022-23183

CVE-2022-23183 affects WordPress plugin Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with versions prior to 5.12.1 vulnerable to missing authorization. A remote authenticated attacker could view database information without proper permissions. Root cause: insufficient access contr...

6.5CVSS6AI score0.01437EPSS
CVE
CVE
added 2024/11/15 6:0 a.m.129 views

CVE-2024-9529

CVE-2024-9529 affects WordPress plugins Secure Custom Fields (Secure Custom Fields WordPress plugin) up to versions before 6.3.9 and 6.3.6.3, and Advanced Custom Fields Pro up to before 6.3.9. Root cause: the plugins’ Settings Import functionality does not prevent executing arbitrary PHP function...

6.6CVSS6.4AI score0.00435EPSS
CVE
CVE
added 2021/04/22 9:0 p.m.91 views

CVE-2021-24241

CVE-2021-24241 affects the WordPress plugin Advanced Custom Fields Pro (before 5.9.1). The issue is a reflected XSS in the update settings page caused by insufficient escaping of the generated update URL when output in an attribute. Impact described in multiple sources includes the possibility of...

6.1CVSS6AI score0.01387EPSS
CVE
CVE
added 2021/12/13 6:40 a.m.71 views

CVE-2021-20866

The CVE-2021-20866 vulnerability affects Advanced Custom Fields (ACF) and ACF Pro prior to version 5.11. The issue is a missing authorization in obtaining the user list, leading to potential information disclosure of unauthorized user data via unspecified vectors. Public sources in Patchstack ind...

6.5CVSS6.2AI score0.01662EPSS
CVE
CVE
added 2024/06/20 6:0 a.m.69 views

CVE-2024-4565

CVE-2024-4565 affects Advanced Custom Fields (ACF) for WordPress and ACF Pro prior to version 6.3, where a shortcode can display a post’s custom field values without proper access checks. This is an information disclosure issue involving unauthorized access to field data via shortcode rendering. ...

7.5CVSS6.7AI score0.00428EPSS
CVE
CVE
added 2021/01/06 2:17 p.m.68 views

CVE-2020-36172

The CVE-2020-36172 entry concerns the WordPress plugin Advanced Custom Fields. Concrete details from connected sources show that the plugin (versions before 5.8.12) mishandles escaping of strings in Select2 dropdowns, which can lead to Cross-Site Scripting (XSS). There is no explicit exploit path...

6.1CVSS6.2AI score0.00896EPSS
CVE
CVE
added 2019/08/22 7:38 p.m.66 views

CVE-2018-20986

CVE-2018-20986 concerns the WordPress plugin Advanced Custom Fields (vendor: a.k.a. Elliot Condon) prior to version 5.7.8. The vulnerability is an XSS issue reported as “XSS by authors,” indicating that unauthenticated or authenticated users with certain roles may inject and execute client-side s...

5.4CVSS5.3AI score0.00948EPSS
CVE
CVE
added 2021/12/13 6:40 a.m.59 views

CVE-2021-20867

CVE-2021-20867 affects Advanced Custom Fields (ACF) and ACF Pro versions prior to 5.11. The root cause is a missing authorization mechanism for moving field groups, which could allow an attacker to move field groups they should not access via unspecified vectors. Public sources in the connected d...

6.5CVSS6.4AI score0.01368EPSS
CVE
CVE
added 2021/12/13 6:40 a.m.56 views

CVE-2021-20865

CVE-2021-20865 affects the WordPress plugins Advanced Custom Fields (ACF) and Advanced Custom Fields Pro, with vulnerable versions prior to 5.11. The root cause is a missing authorization in the database-browsing pathway, potentially allowing an attacker to access unauthorized data via unspecifie...

7.5CVSS7.3AI score0.02462EPSS