Advanced Custom Fields@* Security Vulnerabilities and Issues — Advanced Custom Fields@* CVE List

Lucene search

AdvancedcustomfieldsAdvanced Custom Fields*

5 matches found

CVE•added 2021/04/22 9:15 p.m.•75 views

CVE-2021-24241

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

6.1CVSS6AI score0.00628EPSS

CVE•added 2021/12/13 7:15 a.m.•53 views

CVE-2021-20866

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.

6.5CVSS6.2AI score0.00418EPSS

CVE•added 2021/01/06 3:15 p.m.•49 views

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

6.1CVSS6.2AI score0.0019EPSS

CVE•added 2021/12/13 7:15 a.m.•47 views

CVE-2021-20867

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.

6.5CVSS6.4AI score0.00197EPSS

CVE•added 2021/12/13 7:15 a.m.•39 views

CVE-2021-20865

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.

7.5CVSS7.3AI score0.00591EPSS