Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product ...
Advancedcustomfields Advanced Custom Fields
605
VMScore
CVE-2015-3363
Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module prior to 6.x-2.3 for Drupal allows remote malicious users to hijack the authentication of administrators for requests that delete fields via unspecified vectors.
Joshics Contact Form Fields
356
VMScore
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 allows a remote authenticated malicious user to view the information on the database without the access permission.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-6446
The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admini...
Dwbooster Calculated Fields Form
NA
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x prior to 6.1.0 and 5.x prior to 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 up to and including 6.0.2.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-0389
The Calculated Fields Form WordPress plugin prior to 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa...
Codepeople Calculated Fields Form
NA
CVE-2023-5292
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'acfe_form' shortcode in versions up to, and including, 0.8.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This ma...
Acfextended Advanced Custom Fields Extended
NA
CVE-2022-47157
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions.
Webhammer Wp Custom Fields Search
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »