CVEDB API

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 6.1.6 Security Vulnerabilities

CVE-2024-9529

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.

CVSS Score

6.6

EPSS Score

0.001

Published

2024-11-15

CVE-2024-4565

The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

CVSS Score

6.5

EPSS Score

0.002

Published

2024-06-20

CVE-2023-6701

The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Score

6.4

EPSS Score

0.002

Published

2024-02-05

CVE-2023-40068

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

CVSS Score

5.4

EPSS Score

0.248

Published

2023-08-21

Page 1

Vulnerabilities

Vulnerable Software

Advancedcustomfields: >> Advanced Custom Fields >> 6.1.6 Security Vulnerabilities

Products

Pricing

Contact Us