Advanced Custom Fields Security Vulnerabilities and Issues — Advanced Custom Fields CVE List

Lucene search

AdvancedcustomfieldsAdvanced Custom Fields

5 matches found

CVE•added 2021/04/22 9:15 p.m.•77 views

CVE-2021-24241

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

6.1CVSS6AI score0.00628EPSS

CVE•added 2021/12/13 7:15 a.m.•54 views

CVE-2021-20866

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.

6.5CVSS6.2AI score0.0039EPSS

CVE•added 2021/01/06 3:15 p.m.•50 views

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

6.1CVSS6.2AI score0.0019EPSS

CVE•added 2021/12/13 7:15 a.m.•48 views

CVE-2021-20867

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.

6.5CVSS6.4AI score0.00184EPSS

CVE•added 2021/12/13 7:15 a.m.•40 views

CVE-2021-20865

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.

7.5CVSS7.3AI score0.00552EPSS