cbcvebase.
CVE-2024-4565
published 2024-06-20

CVE-2024-4565: The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.43%
34.3th percentile
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access

Affected

6 ranges
VendorProductVersion rangeFixed in
advancedcustomfieldsadvanced_custom_fields< 6.36.3
googleprotobuf>= 0 < 3.12.4-1ubuntu7.22.04.43.12.4-1ubuntu7.22.04.4
googleprotobuf>= 0 < 3.21.12-8.2ubuntu0.23.21.12-8.2ubuntu0.2
googleprotobuf>= 0 < 2.6.1-1.3ubuntu0.1~esm42.6.1-1.3ubuntu0.1~esm4
googleprotobuf>= 0 < 3.0.0-9.1ubuntu1.1+esm33.0.0-9.1ubuntu1.1+esm3
googleprotobuf>= 0 < 3.6.1.3-2ubuntu5.2+esm23.6.1.3-2ubuntu5.2+esm2

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv8.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.