Advancedcustomfields Advanced_custom_fields

15 CVEs affecting Advancedcustomfields Advanced_custom_fields. Latest disclosed: 2024-11-15. Critical: 0, High: 4.

Top CVEs affecting Advancedcustomfields Advanced_custom_fields
CVESeverityScorePublishedSummary
CVE-2023-1196High8.82023-05-02The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow us…
CVE-2022-2594High8.82022-08-22The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload fil…
CVE-2021-20865High7.52021-12-13Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing d…
CVE-2023-30777High7.12023-05-10Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
CVE-2024-9529Medium6.62024-11-15The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin befor…
CVE-2024-4565Medium6.52024-06-20The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values…
CVE-2022-23183Medium6.52022-03-31Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote…
CVE-2021-20867Medium6.52021-12-13Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the…
CVE-2021-20866Medium6.52021-12-13Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining…
CVE-2023-6701Medium6.42024-02-05The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including…
CVE-2021-24241Medium6.12021-04-22The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a…
CVE-2020-36172Medium6.12021-01-06The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
CVE-2023-40068Medium5.42023-08-21Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote aut…
CVE-2018-20986Medium5.42019-08-22The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
CVE-2022-40696Low3.72024-01-08Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (A…