Advanced Custom Fields
WP Engine
Developer
6.8.0
Latest version
2,000,000
Installations
No date
Last updated
Vulnerability history
0 present
20 patched
5 Mitigation rules
- Remote Code Execution via Remote File Inclusion vulnerability<= 3.5.105/08/2025
- Authenticated (Admin+) Stored Cross-Site Scripting vulnerability<= 6.3.6.216/10/2024
- Administrator+ Limited Arbitrary Function Call vulnerability<= 6.3.607/10/2024
- Missing Authorization to Information Disclosure vulnerability< 5.1104/10/2024
- Missing Authorization to Information Disclosure vulnerability< 5.1104/10/2024
- Missing Authorization on Option Changes vulnerability< 5.1104/10/2024
- Auth. Custom Field Access< 6.303/06/2024
- Contributor+ Stored Cross-Site Scripting vulnerability< 6.2.516/01/2024
- Authenticated Stored Cross-Site Scripting vulnerability6.1-6.1.703/08/2023
- Reflected Cross Site Scripting (XSS) vulnerability5.8.10-5.12.505/05/2023
- Contributor+ PHP Object Injection vulnerability< 5.12.502/05/2023
- Authenticated (Contributor+) PHP Object Injection vulnerability<= 6.0.704/04/2023
- WordPress Advanced Custom Fields plugin 3.1.1 - 6.0.2 - Custom Field Value Exposure vulnerability3.1.1-6.0.218/10/2022
- Unauthenticated File Upload vulnerability<= 5.12.201/08/2022
- Database Information Access vulnerability<= 5.1230/03/2022
- Arbitrary ACF Data/Field Groups View and Fields Move vulnerability<= 5.9.925/08/2021
- Cross-Site Scripting (XSS) vulnerability<= 5.8.1121/06/2020
- Authenticated Cross-Site Scripting (XSS) vulnerability<= 5.7.710/12/2018
- Stored Cross Site Scripting<= 1.1.1208/08/2016
- Remote File Inclusion<= 3.5.103/01/2013