Filtered by vendor Advancedcustomfields
Subscribe
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2594 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2022-08-23 | N/A | 8.8 HIGH |
| The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. | |||||
| CVE-2022-23183 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2022-04-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. | |||||
| CVE-2021-20867 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. | |||||
| CVE-2021-20866 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-12-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. | |||||
| CVE-2021-20865 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. | |||||
| CVE-2021-24241 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-04-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | |||||
| CVE-2020-36172 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2021-01-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | |||||
| CVE-2015-9479 | 1 Advancedcustomfields | 1 Acf Fronted Display | 2019-10-17 | 7.5 HIGH | 9.8 CRITICAL |
| The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2019-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||