Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advancedcustomfields advanced custom fields vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 up to and including 6.0.2.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
Advancedcustomfields Advanced Custom Fields
1 Github repository
1 Article
NA
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x prior to 6.1.0 and 5.x prior to 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2021-20866
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2021-20867
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4.3
CVSSv2
CVE-2020-36172
The Advanced Custom Fields plugin prior to 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
Advancedcustomfields Advanced Custom Fields
5
CVSSv2
CVE-2021-20865
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 allows a remote authenticated malicious user to view the information on the database without the access permission.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
4.3
CVSSv2
CVE-2021-24241
The Advanced Custom Fields Pro WordPress plugin prior to 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.
Advancedcustomfields Advanced Custom Fields
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »