Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Advanced_custom_fields
(Advancedcustomfields)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-13 | CVE-2021-20866 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. | Advanced_custom_fields | 6.5 | ||
| 2021-04-22 | CVE-2021-24241 | The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | Advanced_custom_fields | 6.1 | ||
| 2021-01-06 | CVE-2020-36172 | The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | Advanced_custom_fields | 6.1 | ||
| 2019-08-22 | CVE-2018-20986 | The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | Advanced_custom_fields | 5.4 |