Vulnerabilities > Advancedcustomfields > Advanced Custom Fields > 6.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2023-6701 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. | 5.4 |
| 2023-08-21 | CVE-2023-40068 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields 6.1.5/6.1.6 Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege. | 5.4 |