← Back

Navz

navz

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Acf Photo Gallery Field
acf_photo_gallery_field
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-3957
1Navz
1Acf Photo Gallery Field
Apr 8, 2026
Jul 27, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This make...Show more
The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.Show less
CVE-2021-24909
1Navz
1Acf Photo Gallery Field
Nov 21, 2024
Jan 17, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflec...Show more
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issueShow less