Advanced Custom Fields@* Security Vulnerabilities and Issues — Advanced Custom Fields@* CVE List

Lucene search

AdvancedcustomfieldsAdvanced Custom Fields*

3 matches found

CVE•added 2023/05/10 6:15 a.m.•363 views

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins

7.1CVSS6AI score0.88911EPSS

CVE•added 2023/05/02 9:15 a.m.•169 views

CVE-2023-1196

The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.

8.8CVSS8.8AI score0.00334EPSS

CVE•added 2023/08/21 9:15 a.m.•96 views

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative p...

5.4CVSS5.4AI score0.20282EPSS