Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
advancedcustomfields advanced custom fields vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-20865
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4.3
CVSSv2
CVE-2020-36172
The Advanced Custom Fields plugin prior to 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2022-23183
Missing authorization vulnerability in Advanced Custom Fields versions before 5.12.1 and Advanced Custom Fields Pro versions before 5.12.1 allows a remote authenticated malicious user to view the information on the database without the access permission.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2021-20866
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
4
CVSSv2
CVE-2021-20867
Advanced Custom Fields versions before 5.11 and Advanced Custom Fields Pro versions before 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
Advancedcustomfields Advanced Custom Fields
3.5
CVSSv2
CVE-2018-20986
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin prior to 5.7.8 for WordPress has XSS by authors.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-6701
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w...
Advancedcustomfields Advanced Custom Fields
NA
CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 up to and including 6.0.2.
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated malicious user to execute an arbitrary script on the web browser of the user who is logging in to the product ...
Advancedcustomfields Advanced Custom Fields
NA
CVE-2023-30777
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
Advancedcustomfields Advanced Custom Fields
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »