Advanced_custom_fields - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Advanced_custom_fields
(Advancedcustomfields)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	14

Date	Id	Summary	Products	Score	Patch	Annotated
2023-08-21	CVE-2023-40068	Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.	Advanced_custom_fields	5.4
2023-05-10	CVE-2023-30777	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.	Advanced_custom_fields	6.1
2022-08-22	CVE-2022-2594	The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.	Advanced_custom_fields	8.8
2022-03-31	CVE-2022-23183	Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.	Advanced_custom_fields	6.5
2021-12-13	CVE-2021-20867	Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.	Advanced_custom_fields	6.5
2021-12-13	CVE-2021-20865	Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.	Advanced_custom_fields	7.5
2021-12-13	CVE-2021-20866	Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.	Advanced_custom_fields	6.5
2021-04-22	CVE-2021-24241	The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.	Advanced_custom_fields	6.1
2021-01-06	CVE-2020-36172	The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.	Advanced_custom_fields	6.1
2019-08-22	CVE-2018-20986	The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.	Advanced_custom_fields	5.4