Wordpress Advanced Custom Fields Pro Vulnerabilities

Cross-Site Request Forgery Vulnerability in WPENGINE's Advanced Custom Fields PRO

CVE-2024-37251

WordPressAdvanced Custom Fields...4.3MEDIUM

Arbitrary Function Execution Through Setting Import

CVE-2024-9529

WordpressSecure Custom Fields👾🟡

Incorrectly Configured Access Control Security Levels Expose Advanced Custom Fields PRO to Missing Authorization Vulnerability

CVE-2024-37250

WordPressAdvanced Custom Fields...5.4MEDIUM

Missing Authorization Vulnerability in Advanced Custom Fields PRO

CVE-2024-37249

WordPressAdvanced Custom Fields...4.3MEDIUM

Freemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes

CVE-2022-4974

WordpressYasr – Yet Another Sta...6.3MEDIUM

ACF Plugin Vulnerability Allows Unauthorized Access to Custom Fields

CVE-2024-4565

WordpressAdvanced Custom Fields...👾🟡6.5MEDIUM

Path Traversal Vulnerability in Advanced Custom Fields PRO

CVE-2024-34762

WordPressAdvanced Custom Fields...9.9CRITICAL

Improper Control of Generation of Code ('Code Injection') Vulnerability Affects Advanced Custom Fields PRO

CVE-2024-34761

WordPressAdvanced Custom Fields...8.5HIGH

Stored Cross-Site Scripting Vulnerability in ACF Plugin for WordPress

CVE-2023-6701

WordpressAdvanced Custom Fields...6.4MEDIUM

WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)

CVE-2023-30777

WordPressAdvanced Custom Fields...👾🟡EPSS 88%6.1MEDIUM

Advanced Custom Fields - Contributor+ PHP Object Injection

CVE-2023-1196

WordpressAdvanced Custom Fields...👾🟡8.8HIGH

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

CVE-2022-2594

WordpressAdvanced Custom Fields8.8HIGH

Authorization Flaw in Advanced Custom Fields Plugin for WordPress

CVE-2021-20867

WordPressAdvanced Custom Fields...6.5MEDIUM

Authorization Vulnerability in Advanced Custom Fields by WordPress

CVE-2021-20866

WordPressAdvanced Custom Fields...6.5MEDIUM

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

CVE-2021-24241

WordpressAdvanced Custom Fields...6.1MEDIUM

WordPress Advanced Custom Fields Pro Vulnerabilities

Vulnerability Published:

Sort By:

16 December 2024

Cross-Site Request Forgery Vulnerability in WPENGINE's Advanced Custom Fields PRO

15 November 2024

Arbitrary Function Execution Through Setting Import

1 November 2024

Incorrectly Configured Access Control Security Levels Expose Advanced Custom Fields PRO to Missing Authorization Vulnerability

Missing Authorization Vulnerability in Advanced Custom Fields PRO

16 October 2024

Freemius SDK Vulnerabilities Affect Hundreds of WordPress Plugins and Themes

20 June 2024

ACF Plugin Vulnerability Allows Unauthorized Access to Custom Fields

10 June 2024

Path Traversal Vulnerability in Advanced Custom Fields PRO

Improper Control of Generation of Code ('Code Injection') Vulnerability Affects Advanced Custom Fields PRO

5 February 2024

Stored Cross-Site Scripting Vulnerability in ACF Plugin for WordPress

10 May 2023

WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)

2 May 2023

Advanced Custom Fields - Contributor+ PHP Object Injection

22 August 2022

Advanced Custom Fields 5.0-5.12.2 - Unauthenticated File Upload

13 December 2021

Authorization Flaw in Advanced Custom Fields Plugin for WordPress

Authorization Vulnerability in Advanced Custom Fields by WordPress

22 April 2021

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)