Advanced Custom Fields Security Vulnerabilities and Issues — Advanced Custom Fields CVE List

Lucene search

AdvancedcustomfieldsAdvanced Custom Fields

2 matches found

CVE•added 2023/05/10 6:15 a.m.•363 views

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins

7.1CVSS6AI score0.88911EPSS

CVE•added 2023/05/02 9:15 a.m.•169 views

CVE-2023-1196

The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.

8.8CVSS8.8AI score0.00334EPSS