6.6
CVE-2024-9529
- EPSS 0.44%
- Veröffentlicht 15.11.2024 07:15:17
- Zuletzt bearbeitet 11.06.2025 13:58:02
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution
Advanced Custom Fields <= 6.3.8 - Authenticated (Admin+) Limited Arbitrary Function Call
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
Mögliche Gegenmaßnahme
Advanced Custom Fields: Update to version 6.3.9, or a newer patched version
Advanced Custom Fields Pro: Update to version 6.3.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advancedcustomfields ≫ Advanced Custom Fields SwEditionfree SwPlatformwordpress Version < 6.3.9
Advancedcustomfields ≫ Advanced Custom Fields SwEditionpro SwPlatformwordpress Version < 6.3.9
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Advanced Custom Fields
Version
*-6.3.6
Version
6.3.7
Version
6.3.8
SystemWordPress Plugin
≫
Produkt
Advanced Custom Fields Pro
Version
*-6.3.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.346 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | 2.3 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
|
https://wpscan.com/vulnerability/dd3cc8d8-4dff-47f9-b036-5d09f2c7e5f2/
https://www.wordfence.com/threat-intel/vulnerabilities/id/afcbad6d-90ca-42cb-a69c-4e0bcc4606e0