Really Simple Security logo

Log out
Get PRO

Advanced Custom Fields (ACF®)

  • on WordPress.org
  • Unknown
  • Unknown
  • Known issues: Fixed

This information is sourced from wpvulnerabilities.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Submit

Vulnerabilities

  • Input validation vulnerability in Advanced Custom Fields (ACF®) 6.4.2

    Fixed

    The plugin called Advanced Custom Fields (ACF®) for WordPress has a security issue that affects all versions up to 6.4.2. This happens because the plugin doesn't properly handle unsafe HTML, allowin...

    Read More

  • Input validation vulnerability in Advanced Custom Fields 6.3.6.2

    Fixed

    The plugins Advanced Custom Fields and Secure Custom Fields for WordPress have a security vulnerability that allows attackers to inject harmful scripts into pages. This can only happen if the attacke...

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 6.3.6

    Fixed

    A security vulnerability has been identified in the Advanced Custom Fields plugin for WordPress versions up to 6.3.7, which may allow unauthorized access and manipulation of custom post types by aut...

    Read More

  • Input validation vulnerability in Advanced Custom Fields 6.3.5

    Fixed

    The Advanced Custom Fields plugin for WordPress has a security flaw that allows attackers to insert harmful scripts into pages. This can happen because the plugin does not properly clean and protect ...

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 6.2.10

    Fixed

    The ACF plugin for WordPress has a security issue where anyone can access custom fields without proper restrictions. This means that attackers with Contributor-level access or higher can potentially ...

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 6.2.4

    Fixed

    The Advanced Custom Fields plugin used for WordPress has a security issue that can allow hackers to inject harmful code into a website. This can happen through a custom text field and affects all ver...

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 6.1.7

    Fixed

    The Advanced Custom Fields plugin for WordPress is not secure in versions up to 6.1.7. If you have a multi-site installation, or your installation has disabled unfiltered_html, this could allow attac...

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 5.11

    Fixed

    Some versions of Advanced Custom Fields and Advanced Custom Fields Pro

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 5.12.5

    Fixed

    The Advanced Custom Fields plugin for WordPress is not secure enough in versions 6.1.5 and below. This means that unauthenticated attackers can put malicious code on webpages

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 5.12.2

    Fixed

    The Advanced Custom Fields plugin for WordPress is vulnerable to file uploads in versions up to 5.12.2. This vulnerability allows people who don't have permission to upload files (like contributors or...

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 5.11

    Fixed

    Some versions of Advanced Custom Fields and Advanced Custom Fields Pro have a security issue that could allow someone to see information they aren't supposed to have access to.

    Read More

  • Output validation vulnerability in Advanced Custom Fields (ACF) 5.12.4

    Fixed

    The Advanced Custom Fields plugin for WordPress

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 5.11

    Fixed

    Advanced Custom Fields and Advanced Custom Fields Pro software versions before 5.11 could have a security issue that allowed users to move a field group without the right authorization. It's not clear...

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 5.12.1

    Fixed

    The Advanced Custom Fields plugin for WordPress has a security flaw in versions up to 5.12 which allows people with editor access

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 5.8.12

    Fixed

    The Advanced Custom Fields plugin for WordPress

    Read More

  • Access violation vulnerability in Advanced Custom Fields (ACF) 6.0.2

    Fixed

    The Advanced Custom Fields plugin for WordPress has a security issue in versions up to 6.0.2

    Read More

  • Output validation vulnerability in Advanced Custom Fields (ACF) 5.7.11

    Fixed

    Advanced Custom Fields is a plugin for WordPress, a web-based content management system. There was a vulnerability in versions of Advanced Custom Fields before 5.7.12 that could potentially allow a m...

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 5.7.8

    Fixed

    The advanced-custom-fields plugin for WordPress had a security flaw before version 5.7.8. This flaw allowed people with author privileges to inject malicious code into the WordPress system.

    Read More

  • Input validation vulnerability in Advanced Custom Fields (ACF) 3.5.1

    Fixed

    Advanced Custom Fields up to version 3.5.1 is vulnerable to a type of security breach called Remote Code Execution. This means that malicious code can be stored on your website, giving attackers acce...

    Read More