WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Arbitrary Post Modification vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 5.3
WordPress Advanced Custom Fields (ACF®) plugin <= 6.8.1 - Unauthenticated Broken Access Control vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 5.3
References
PatchStack
Timeline
- Publicly Published
- 2026-05-27
- Created
- 2026-05-27
WordPress Advanced Custom Fields (ACF®) plugin <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Broken Access Control
- Score:
- 5.3
WordPress Advanced Custom Fields <= 6.3.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 5.9
References
PatchStack
Timeline
- Publicly Published
- 2024-10-16
- Created
- 2024-10-16
WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Arbitrary Code Execution
- Score:
- 5.4
WordPress Advanced Custom Fields plugin < 6.3 - Auth. Custom Field Access
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Sensitive Data Exposure
- Score:
- 4.3
Wordpress Advanced Custom Fields plugin < 6.2.5 - Contributor+ Stored Cross-Site Scripting vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- Cross Site Scripting (XSS)
- Score:
- 6.5
Wordpress Advanced Custom Fields plugin <= 6.0.7 - Authenticated (Contributor+) PHP Object Injection vulnerability
Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.
- Type:
- PHP Object Injection
- Score:
- 8.5
References
PatchStack
Timeline
- Publicly Published
- 2023-04-04
- Created
- 2023-04-04