Advancedcustomfields Advanced_custom_fields
15 CVEs affecting Advancedcustomfields Advanced_custom_fields. Latest disclosed: 2024-11-15. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-1196 | High | 8.8 | 2023-05-02 | The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow us… |
CVE-2022-2594 | High | 8.8 | 2022-08-22 | The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload fil… |
CVE-2021-20865 | High | 7.5 | 2021-12-13 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing d… |
CVE-2023-30777 | High | 7.1 | 2023-05-10 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. |
CVE-2024-9529 | Medium | 6.6 | 2024-11-15 | The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin befor… |
CVE-2024-4565 | Medium | 6.5 | 2024-06-20 | The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values… |
CVE-2022-23183 | Medium | 6.5 | 2022-03-31 | Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote… |
CVE-2021-20867 | Medium | 6.5 | 2021-12-13 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the… |
CVE-2021-20866 | Medium | 6.5 | 2021-12-13 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining… |
CVE-2023-6701 | Medium | 6.4 | 2024-02-05 | The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including… |
CVE-2021-24241 | Medium | 6.1 | 2021-04-22 | The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a… |
CVE-2020-36172 | Medium | 6.1 | 2021-01-06 | The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. |
CVE-2023-40068 | Medium | 5.4 | 2023-08-21 | Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote aut… |
CVE-2018-20986 | Medium | 5.4 | 2019-08-22 | The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. |
CVE-2022-40696 | Low | 3.7 | 2024-01-08 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (A… |