CVE-2026-4812
- EPSS 0.04%
- Veröffentlicht 15.04.2026 01:25:17
- Zuletzt bearbeitet 15.04.2026 04:17:48
The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query endpoints accepting user-supplied filter parameters ...
CVE-2025-54940
- EPSS 0.03%
- Veröffentlicht 08.08.2025 04:34:02
- Zuletzt bearbeitet 15.04.2026 00:35:42
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
CVE-2024-9529
- EPSS 0.18%
- Veröffentlicht 15.11.2024 07:15:17
- Zuletzt bearbeitet 11.06.2025 13:58:02
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import ...
CVE-2024-45429
- EPSS 0.54%
- Veröffentlicht 04.09.2024 23:15:12
- Zuletzt bearbeitet 25.03.2025 16:15:24
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stor...
CVE-2024-34761
- EPSS 0.61%
- Veröffentlicht 10.06.2024 16:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: f...