CVEs (15)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Advancedcustomfields 1Advanced Custom Fields Jun 11, 2025 Nov 15, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functio...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Jun 20, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct a...Show more |
1Advancedcustomfields 1Advanced Custom Fields Apr 8, 2026 Feb 5, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output esc...Show more |
1Advancedcustomfields 1Advanced Custom Fields Apr 28, 2026 Jan 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Aug 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 May 10, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. |
1Advancedcustomfields 1Advanced Custom Fields Jan 30, 2025 May 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Objec...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Aug 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possi...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Mar 31, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the databas...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Dec 13, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Dec 13, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthoriz...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Dec 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data vi...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Apr 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings p...Show more |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Jan 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. |
1Advancedcustomfields 1Advanced Custom Fields Nov 21, 2024 Aug 22, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. |