CVE-2025-54940
- EPSS 0.04%
- Published 08.08.2025 04:34:02
- Last modified 08.08.2025 20:30:18
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
CVE-2024-9529
- EPSS 0.15%
- Published 15.11.2024 07:15:17
- Last modified 11.06.2025 13:58:02
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import ...
CVE-2024-45429
- EPSS 0.14%
- Published 04.09.2024 23:15:12
- Last modified 25.03.2025 16:15:24
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stor...
CVE-2024-34761
- EPSS 0.45%
- Published 10.06.2024 16:15:13
- Last modified 21.11.2024 09:19:20
Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: f...