Advancedcustomfields Advanced Custom Fields — known CVE vulnerabilities
Every CVE whose affected-product data names Advancedcustomfields Advanced Custom Fields, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2022-2594 — CVSS 8.8 (high): The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated…
CVE-2023-1196 — CVSS 8.8 (high): The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data…
CVE-2021-20865 — CVSS 7.5 (high): Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization…
CVE-2024-9529 — CVSS 6.6 (medium): The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro…
CVE-2022-23183 — CVSS 6.5 (medium): Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to…
CVE-2021-20867 — CVSS 6.5 (medium): Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization…
CVE-2024-4565 — CVSS 6.5 (medium): The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display…
CVE-2021-20866 — CVSS 6.5 (medium): Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization…
CVE-2023-6701 — CVSS 6.4 (medium): The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions…
CVE-2021-24241 — CVSS 6.1 (medium): The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an…
CVE-2020-36172 — CVSS 6.1 (medium): The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading…
CVE-2023-40068 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7…
CVE-2018-20986 — CVSS 5.4 (medium): The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
CVE-2022-40696 — CVSS 3.7 (low): Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects…