CVEDB API

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 3.1.8 Security Vulnerabilities

CVE-2022-40696

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CVSS Score

3.7

EPSS Score

0.005

Published

2024-01-08

CVE-2021-20867

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.

CVSS Score

6.5

EPSS Score

0.002

Published

2021-12-13

CVE-2021-20865

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.006

Published

2021-12-13

CVE-2021-20866

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.

CVSS Score

6.5

EPSS Score

0.004

Published

2021-12-13

CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

CVSS Score

6.1

EPSS Score

0.002

Published

2021-01-06

CVE-2018-20986

The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.

CVSS Score

5.4

EPSS Score

0.002

Published

2019-08-22

Page 1

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 3.1.8 Security Vulnerabilities

Products

Pricing

Contact Us