NotCVE - vendor:"Advancedcustomfields" product:"Advanced Custom Fields" version:"

Page 3 of 13 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-24241 – Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2021-24241

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. El plugin de WordPress Advanced Custom Fields Pro versiones anteriores a 5.9.1, no escapaba apropiadamente de la URL de actualización generada cuando la generaba en un atributo, conllevando un problema de tipo Cross-Site Scripting reflejado en la página de configuración de actualización • https://github.com/jdordonezn/Reflected-XSS-in-WordPress-for-ACF-PRO-before-5.9.1-plugin/issues/1 https://wpscan.com/vulnerability/d1e9c995-37bd-4952-b88e-945e02e3c83f https://www.advancedcustomfields.com/blog/acf-5-9-1-release • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-36172 – Advanced Custom Fields <= 5.8.11 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS. El plugin Advanced Custom Fields versiones anteriores a 5.8.12 para WordPress, maneja inapropiadamente el escape de cadenas en los menús desplegables Select2, lo que potencialmente conlleva a un ataque de tipo XSS • https://wordpress.org/plugins/advanced-custom-fields/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-20986 – Advanced Custom Fields <= 5.7.7 - Author+ Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-20986

The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. El plugin advanced-custom-fields (también conocido como Elliot Condon Advanced Custom Fields) en versiones anteriores a la 5.7.8 para WordPress tiene XSS por los autores. • https://wordpress.org/plugins/advanced-custom-fields/#developers https://www.advancedcustomfields.com/blog/acf-5-7-8-release https://www.advancedcustomfields.com/changelog https://www2.deloitte.com/de/de/pages/risk/articles/wordpress-plugin-xss.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3