Vulnerabilities > Advancedcustomfields > Advanced Custom Fields > 4.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2022-40696 | Unspecified vulnerability in Advancedcustomfields Advanced Custom Fields Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | 7.5 |
| 2021-12-13 | CVE-2021-20865 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in browsing database which may allow a user to browse unauthorized data via unspecified vectors. | 5.0 |
| 2021-12-13 | CVE-2021-20866 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors. | 4.0 |
| 2021-12-13 | CVE-2021-20867 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. | 4.0 |
| 2021-01-06 | CVE-2020-36172 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | 4.3 |
| 2019-08-22 | CVE-2018-20986 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | 3.5 |