cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields (ACF), CVE-2023-30777

CVE, Research URL

CVE-2023-30777

Home page URL

Security reports for Advanced Custom Fields (ACF)

Application

Advanced Custom Fields (ACF)

Published on
May 10, 2023
Research Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.
Affected versions
Min -, max 6.1.6.
Status
vulnerable
Previous vulnerability researches
Advanced Custom Fields: Table Field (a4db1680-e0ac-425e-90bf-306bb65b921f) , Jun 07, 2024
Advanced Custom Fields (ACF) (CVE-2020-36172) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20865) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20866) , Jun 06, 2024
Advanced Custom Fields (ACF) (CVE-2021-20867) , Jun 06, 2024
New vulnerability
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse &#8211; Gutenberg Blocks &#8211; Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten &#8211; A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025