cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forbuddyforms-acf buddyforms-acf

Direction: descending
Jun 06, 2024

Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content # 1d8066394517b6cd0b4aebae83bf3d686d10bc5c

CVE, Research URL

1d8066394517b6cd0b4aebae83bf3d686d10bc5c

Home page URL

Security reports for Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content

Application

Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content

Date
Aug 08, 2022
Research Description
Advanced Custom Fields Frontend Forms &#8211; ACF Forms &#8211; ACF Post Form &#8211; ACF Registration Form &#8211; ACF Content Form &#8211; ACF Profile Form [buddyforms-acf] < 1.3.9 BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting The BuddyForms ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable