CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.203

EPSS Ranking 95.2%

CVSS Severity

CVSS v3 Score 5.4

References

https://jvn.jp/en/jp/JVN98946408/
https://wordpress.org/plugins/advanced-custom-fields/
https://www.advancedcustomfields.com/
https://www.advancedcustomfields.com/blog/acf-6-1-8/
https://jvn.jp/en/jp/JVN98946408/
https://wordpress.org/plugins/advanced-custom-fields/
https://www.advancedcustomfields.com/
https://www.advancedcustomfields.com/blog/acf-6-1-8/

Products affected by CVE-2023-40068

Advancedcustomfields » Advanced Custom Fields » Version: 6.1.5

cpe:2.3:a:advancedcustomfields:advanced_custom_fields:6.1.5
Advancedcustomfields » Advanced Custom Fields » Version: 6.1.6

cpe:2.3:a:advancedcustomfields:advanced_custom_fields:6.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-40068

Products

Pricing

Contact Us