Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-28855
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Vers...
Teclib-edition Fields
9.8
CVSSv3
CVE-2019-12723
An issue exists in the Teclib Fields plugin up to and including 1.9.2 for GLPI. it allows SQL Injection via container_id and old_order parameters to ajax/reorder.php by an unauthenticated user.
Teclib-edition Fields
6.1
CVSSv3
CVE-2022-46864
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.
Woocommerce Custom Checkout Fields Editor With Drag \\& Drop Project Woocommerce Custom Checkout Fields Editor With Drag \\& Drop
6.5
CVSSv3
CVE-2021-20867
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
8.8
CVSSv3
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x prior to 6.1.0 and 5.x prior to 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
Advancedcustomfields Advanced Custom Fields
5.4
CVSSv3
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
5.4
CVSSv3
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product ...
Advancedcustomfields Advanced Custom Fields
5.3
CVSSv3
CVE-2023-4469
The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated malicious users ...
Bestwebsoft Profile Extra Fields
4.8
CVSSv3
CVE-2023-0389
The Calculated Fields Form WordPress plugin prior to 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa...
Codepeople Calculated Fields Form
7.5
CVSSv3
CVE-2021-20865
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »