← Back

Acf Photo Gallery Field

acf_photo_gallery_field

Vendor: Navz • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-3957
1Navz
1Acf Photo Gallery Field
Apr 8, 2026
Jul 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This make...Show more
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.Show less
CVE-2021-24909
1Navz
1Acf Photo Gallery Field
Nov 21, 2024
Jan 17, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflec...Show more
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issueShow less