VYPR

Advanced Custom Fields

by Advancedcustomfields

Source repositories

CVEs (5)

  • CVE-2012-10025CriAug 5, 2025
    risk 0.73cvss epss 0.01

    The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit…

  • CVE-2023-6701MedFeb 5, 2024
    risk 0.35cvss 6.4epss 0.01

    The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2022-40696LowJan 8, 2024
    risk 0.24cvss 3.7epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.

  • CVE-2023-22676LowDec 29, 2023
    risk 0.20cvss 3.1epss 0.00

    Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.

  • CVE-2024-45429Sep 4, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the…