CVEDB API

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 5.12.3 Security Vulnerabilities

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.

CVSS Score

6.6

EPSS Score

0.001

Published

2024-11-15

CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

CVSS Score

6.5

EPSS Score

0.001

Published

2024-06-20

CVE-2022-40696

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CVSS Score

3.7

EPSS Score

0.005

Published

2024-01-08

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.

CVSS Score

7.1

EPSS Score

0.887

Published

2023-05-10

CVE-2023-1196

The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.

CVSS Score

8.8

EPSS Score

0.003

Published

2023-05-02

Page 1

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 5.12.3 Security Vulnerabilities

Products

Pricing

Contact Us