WordPress Advanced Custom Fields Pro Vulnerabilities

Wordpress Advanced Custom Fields Pro vulnerabilities.

16 December 2024

Cross-Site Request Forgery Vulnerability in WPENGINE's Advanced Custom Fields PRO
CVE-2024-37251
WordPressAdvanced Custom Fields...4.3MEDIUM

15 November 2024

Arbitrary Function Execution Through Setting Import
CVE-2024-9529
WordpressSecure Custom Fields👾🟡

1 November 2024

Incorrectly Configured Access Control Security Levels Expose Advanced Custom Fields PRO to Missing Authorization Vulnerability
CVE-2024-37250
WordPressAdvanced Custom Fields...5.4MEDIUM
Missing Authorization Vulnerability in Advanced Custom Fields PRO
CVE-2024-37249
WordPressAdvanced Custom Fields...4.3MEDIUM

16 October 2024

Freemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes
CVE-2022-4974
WordpressYasr – Yet Another Sta...6.3MEDIUM

20 June 2024

ACF Plugin Vulnerability Allows Unauthorized Access to Custom Fields
CVE-2024-4565
WordpressAdvanced Custom Fields...👾🟡6.5MEDIUM

10 June 2024

5 February 2024

Stored Cross-Site Scripting Vulnerability in ACF Plugin for WordPress
CVE-2023-6701
WordpressAdvanced Custom Fields...6.4MEDIUM

10 May 2023

WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)
CVE-2023-30777
WordPressAdvanced Custom Fields...👾🟡EPSS 70%6.1MEDIUM

2 May 2023

Advanced Custom Fields - Contributor+ PHP Object Injection
CVE-2023-1196
WordpressAdvanced Custom Fields...👾🟡8.8HIGH

22 August 2022

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload
CVE-2022-2594
WordpressAdvanced Custom Fields8.8HIGH

22 April 2021

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)
CVE-2021-24241
WordpressAdvanced Custom Fields...6.1MEDIUM

No more vulnerabilities to load.