Vulnerabilities > Advancedcustomfields > Advanced Custom Fields > 5.11.2

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2022-40696 Unspecified vulnerability in Advancedcustomfields Advanced Custom Fields
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.
network
low complexity
advancedcustomfields
7.5
7.5
2023-05-10 CVE-2023-30777 Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields
Unauth.
network
low complexity
advancedcustomfields CWE-79
6.1
6.1
2023-05-02 CVE-2023-1196 Unspecified vulnerability in Advancedcustomfields Advanced Custom Fields
The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present.
network
low complexity
advancedcustomfields
8.8
8.8