Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advancedcustomfields advanced custom fields vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 allows a remote authenticated malicious user to view the information on the database without the access permission.
Advancedcustomfields Advanced Custom Fields
5
CVSSv2
CVE-2021-20865
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4.3
CVSSv2
CVE-2020-36172
The Advanced Custom Fields plugin prior to 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
Advancedcustomfields Advanced Custom Fields
3.5
CVSSv2
CVE-2018-20986
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin prior to 5.7.8 for WordPress has XSS by authors.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product ...
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x prior to 6.1.0 and 5.x prior to 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
Advancedcustomfields Advanced Custom Fields
1 Github repository
1 Article
NA
CVE-2022-2594
The Advanced Custom Fields WordPress plugin prior to 5.12.3, Advanced Custom Fields Pro WordPress plugin prior to 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnera...
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2021-20866
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »