Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-11
CVE-2024-9529 - Advanced Custom Fields Pro Plugin
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
PLUGIN
Advanced Custom Fields Pro
CVE-2024-9529
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-4565 - Advanced Custom Fields Pro Plugin
The Advanced Custom Fields (ACF) WordPress plugin before 6.3, Advanced Custom Fields Pro WordPress plugin before 6.3 allows you to display custom field values for any post via shortcode without checking for the correct access
PLUGIN
Advanced Custom Fields Pro
CVE-2024-4565
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2594 - Advanced Custom Fields Pro Plugin
The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release.
PLUGIN
Advanced Custom Fields Pro
CVE-2022-2594
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24241 - Advanced Custom Fields Pro Plugin
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.
PLUGIN
Advanced Custom Fields Pro
CVE-2021-24241
Risk Score