CVE-2024-4565
published 2024-06-20CVE-2024-4565: The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.43%
34.3th percentile
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advancedcustomfields | advanced_custom_fields | < 6.3 | 6.3 |
| protobuf | >= 0 < 3.12.4-1ubuntu7.22.04.4 | 3.12.4-1ubuntu7.22.04.4 | |
| protobuf | >= 0 < 3.21.12-8.2ubuntu0.2 | 3.21.12-8.2ubuntu0.2 | |
| protobuf | >= 0 < 2.6.1-1.3ubuntu0.1~esm4 | 2.6.1-1.3ubuntu0.1~esm4 | |
| protobuf | >= 0 < 3.0.0-9.1ubuntu1.1+esm3 | 3.0.0-9.1ubuntu1.1+esm3 | |
| protobuf | >= 0 < 3.6.1.3-2ubuntu5.2+esm2 | 3.6.1.3-2ubuntu5.2+esm2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
protobuf vulnerabilities
osv·2025-09-02·CVSS 8.7
CVE-2025-4565 protobuf vulnerabilities
protobuf vulnerabilities
USN-7435-1 and USN-7629-1 fixed vulnerabilities in Protocol Buffers
for several releases of Ubuntu. This update provides the corresponding
fixes for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Python bindings. An attacker could
possibly use this issue to cause a denial of service. (CVE-2025-4565)
It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Java bindings. An attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.04. (CVE-2024-7254)
OSV
protobuf vulnerabilities
osv·2025-07-09·CVSS 8.7
CVE-2025-4565 protobuf vulnerabilities
protobuf vulnerabilities
It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Python bindings. An attacker could
possibly use this issue to cause a denial of service. (CVE-2025-4565)
It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Java bindings. An attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.04. (CVE-2024-7254)
GHSA
GHSA-6x2p-g636-5378: The Advanced Custom Fields (ACF) WordPress plugin before 6
ghsa_unreviewed·2024-06-20
CVE-2024-4565 [HIGH] GHSA-6x2p-g636-5378: The Advanced Custom Fields (ACF) WordPress plugin before 6
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-20
Published