RSS   Vulnerabilities for 'Advanced custom fields'   RSS

2022-03-31
 
CVE-2022-23183

CWE-862
 

 
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission.

 
2021-12-13
 
CVE-2021-20865

CWE-862
 

 
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors.

 
 
CVE-2021-20866

CWE-862
 

 
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.

 
 
CVE-2021-20867

CWE-862
 

 
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors.

 
2021-04-22
 
CVE-2021-24241

CWE-79
 

 
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

 
2021-01-06
 
CVE-2020-36172

CWE-79
 

 
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

 


Copyright 2022, cxsecurity.com

 

Back to Top