cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields (ACF), CVE-2018-20986

CVE, Research URL

CVE-2018-20986

Home page URL

Security reports for Advanced Custom Fields (ACF)

Application

Advanced Custom Fields (ACF)

Published on
Aug 23, 2019
Research Description
The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors.
Affected versions
Min -, max 5.7.8.
Status
vulnerable
Previous vulnerability researches
Advanced Custom Fields: Table Field (a4db1680-e0ac-425e-90bf-306bb65b921f) , Jun 07, 2024
Advanced Custom Fields (ACF) (CVE-2020-36172) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20865) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20866) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20867) , Jun 06, 2024
New vulnerability
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025