Shodan
Vulnerabilities
Vulnerable Software
Advancedcustomfields:  >> Advanced Custom Fields  >> 5.0.1  Security Vulnerabilities
CVE-2022-40696
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.
CVSS Score
3.7
EPSS Score
0.005
Published
2024-01-08
CVE-2023-1196
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-05-02
CVE-2022-2594
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-08-22
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-13
CVE-2021-20865
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.006
Published
2021-12-13
CVE-2021-20866
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-12-13
CVE-2020-36172
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-01-06
CVE-2018-20986
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved