Unrated severityNVD Advisory· Published May 10, 2023· Updated Apr 28, 2026
WordPress Advanced Custom Fields / Advanced Custom Fields PRO plugins <= 6.1.5 vulnerable to Cross Site Scripting (XSS)
CVE-2023-30777
Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=6.1.5
- Range: <=6.1.5
- WP Engine/Advanced Custom Fieldsv5Range: n/a
- WP Engine/Advanced Custom Fields Prov5Range: n/a
Patches
Vulnerability mechanics
References
3- patchstack.com/articles/reflected-xss-in-advanced-custom-fields-plugins-affecting-2-million-sitesmitretechnical-description
- patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-1-5-reflected-cross-site-scripting-xss-vulnerabilitymitrevdb-entry
- patchstack.com/database/vulnerability/advanced-custom-fields/wordpress-advanced-custom-fields-plugin-6-1-5-reflected-cross-site-scripting-xss-vulnerabilitymitrevdb-entry
News mentions
0No linked articles in our index yet.