Wp Engine Advanced Custom Fields vulnerabilities

CVE-2024-45429 [MEDIUM] CWE-79 CVE-2024-45429: Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and A Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged

CVE-2022-40696 [HIGH] CWE-200 CVE-2022-40696: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custo Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

CVE-2023-40068 [MEDIUM] CWE-79 CVE-2023-40068: Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Cu Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

CVE-2023-30777 [MEDIUM] CWE-79 CVE-2023-30777: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.