CVE-2025-54940
- EPSS 0.04%
- Veröffentlicht 08.08.2025 04:34:02
- Zuletzt bearbeitet 08.08.2025 20:30:18
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
CVE-2024-9529
- EPSS 0.15%
- Veröffentlicht 15.11.2024 07:15:17
- Zuletzt bearbeitet 11.06.2025 13:58:02
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import ...
CVE-2024-45429
- EPSS 0.14%
- Veröffentlicht 04.09.2024 23:15:12
- Zuletzt bearbeitet 25.03.2025 16:15:24
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stor...
CVE-2024-34761
- EPSS 0.45%
- Veröffentlicht 10.06.2024 16:15:13
- Zuletzt bearbeitet 21.11.2024 09:19:20
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: f...