- Description
- In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the free version of ACF, then you can follow the process shown at the advancedcustomfields.com blog URL within the References section below.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
CVE-2024-49593 In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's… https://t.co/YwneKsn36n
@CVEnew
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49593 Stored XSS Vulnerability in WordPress ACF Plugin Before 6.3.9 Advanced Custom Fields (ACF) versions before 6.3.9 and Secure Custom Fields before 6.3.6.3 have a stored XSS vulnerability. This can ha... https://t.co/c2WdkSOX4B
@VulmonFeeds
59 Impressions
0 Retweets
0 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨🔒 ¡Alerta de Seguridad! CVE-2024-49593 🚦 Se ha identificado una vulnerabilidad crítica en los plugins de WordPress: Advanced Custom Fields (ACF) < 6.3.9 y Secure Custom Fields < 6.3.6.3. 🚨 Usar el editor de Field Group puede permitir la ejecución de payload XSS almace
@antu_tech
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes