Unknown Advanced Custom Fields Pro vulnerabilities
3 known vulnerabilities affecting unknown/advanced_custom_fields_pro.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-9529MEDIUMCVSS 6.6fixed in 6.3.92024-11-15
CVE-2024-9529 [MEDIUM] CWE-94 CVE-2024-9529: The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
cvelistv5nvd
CVE-2024-4565MEDIUMCVSS 6.5fixed in 6.32024-06-20
CVE-2024-4565 [MEDIUM] CWE-639 CVE-2024-4565: The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress p
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
cvelistv5nvd
CVE-2021-24241MEDIUMCVSS 6.1≥ 5.9.1, < 5.9.12021-04-22
CVE-2021-24241 [MEDIUM] CWE-79 CVE-2021-24241: The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated u
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.
cvelistv5nvd