Input validation vulnerability in Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content Form – ACF Profile Form 1.3.8

The BuddyForms ACF plugin for WordPress is vulnerable to a type of security flaw called Stored Cross-Site Scripting. This means that if you’re using version 1.3.8 or earlier of the plugin, an attacker who is authenticated (has been given permission) can inject malicious web scripts into your pages. When a user visits one of these pages, the script will run and could cause problems.

Detected in:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Is this information incorrect? Please leave us a message.