Advanced Custom Fields Security Vulnerabilities and Issues — Advanced Custom Fields CVE List

Lucene search

AdvancedcustomfieldsAdvanced Custom Fields

4 matches found

CVE•added 2024/02/05 10:15 p.m.•99 views

CVE-2023-6701

The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

6.4CVSS5.2AI score0.00227EPSS

CVE•added 2024/11/15 7:15 a.m.•64 views

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege...

6.6CVSS6.4AI score0.00145EPSS

CVE•added 2024/06/20 6:15 a.m.•51 views

CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

7.5CVSS6.7AI score0.00246EPSS

CVE•added 2024/01/08 10:15 p.m.•49 views

CVE-2022-40696

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

7.5CVSS7.5AI score0.00498EPSS