Vulnerabilities > Advancedcustomfields
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-20867 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors. | 6.5 |
| 2021-04-22 | CVE-2021-24241 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields 5.8.13/5.8.14/5.9.0 The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. | 6.1 |
| 2021-01-06 | CVE-2020-36172 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. | 6.1 |
| 2019-10-10 | CVE-2015-9479 | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedcustomfields ACF Fronted Display The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php. | 9.8 |
| 2019-08-22 | CVE-2018-20986 | Cross-site Scripting vulnerability in Advancedcustomfields Advanced Custom Fields The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | 5.4 |