Known Vulnerabilities for products from Advancedcustomfields
Listed below are 14 of the newest known vulnerabilities associated with the vendor "Advancedcustomfields".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40068 json | Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions ... | 5.4 - MEDIUM | 2023-08-21 | 2023-08-25 |
| CVE-2023-30777 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom... | 6.1 - MEDIUM | 2023-05-10 | 2023-05-17 |
| CVE-2023-6701 json | The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in... | Not Provided | 2024-02-05 | 2026-04-08 |
| CVE-2023-1196 json | The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user contr... | 8.8 - HIGH | 2023-05-02 | 2023-11-07 |
| CVE-2022-40696 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2024-01-08 | 2024-01-11 |
| CVE-2022-23183 json | Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro version... | 6.5 - MEDIUM | 2022-03-31 | 2022-04-07 |
| CVE-2022-2594 json | The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows u... | 8.8 - HIGH | 2022-08-22 | 2022-08-23 |
| CVE-2021-24241 json | The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting... | 6.1 - MEDIUM | 2021-04-22 | 2021-04-29 |
| CVE-2021-20867 json | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authori... | 6.5 - MEDIUM | 2021-12-13 | 2021-12-15 |
| CVE-2021-20866 json | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authori... | 6.5 - MEDIUM | 2021-12-13 | 2021-12-15 |
| CVE-2021-20865 json | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authori... | 7.5 - HIGH | 2021-12-13 | 2021-12-15 |
| CVE-2020-36172 json | The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potent... | 6.1 - MEDIUM | 2021-01-06 | 2021-01-08 |
| CVE-2018-20986 json | The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | 5.4 - MEDIUM | 2019-08-22 | 2019-08-27 |
| CVE-2015-9479 json | The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js... | 9.8 - CRITICAL | 2019-10-10 | 2019-10-17 |
Known software with vulnerabilities from Advancedcustomfields
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Advancedcustomfields | Acf Fronted Display | - |
| Application | Advancedcustomfields | Advanced Custom Fields | - |