Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbRyan DewhurstWPVDB-ID:A90020B3-1D8F-4278-93F4-A3263E3BBDCD
HistoryDec 07, 2018 - 12:00 a.m.

Advanced Custom Fields <= 5.7.7 - Authenticated Cross-Site Scripting (XSS)

2018-12-0700:00:00
Ryan Dewhurst
wpscan.com
7
JSON

According to the vendor: β€œThis release contains a fix to a recently reported XSS vunerability [sic]. This report showed it was possible for a logged in author to save unfiltered HTML within a custom field value. This is something that should not be possible without the unfiltered_html capability.”

CPENameOperatorVersion
advanced-custom-fieldslt5.7.8

Related

cve 2
openvas 1
prion 1
cve
cve
CVE-2018-20986
2019-08-22 20:15:00
CVE-2018-17557
2019-08-27 12:15:00
openvas
openvas
WordPress Advanced Custom Fields Plugin < 5.7.8 XSS Vulnerability
2019-09-16 00:00:00
prion
prion
Design/Logic Flaw
2019-08-22 20:15:00
JSON
Related for WPVDB-ID:A90020B3-1D8F-4278-93F4-A3263E3BBDCD
cve2openvas1prion1