cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content, 1d8066394517b6cd0b4aebae83bf3d686d10bc5c

CVE, Research URL

1d8066394517b6cd0b4aebae83bf3d686d10bc5c

Home page URL

Security reports for Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content

Application

Advanced Custom Fields Frontend Forms – ACF Forms – ACF Post Form – ACF Registration Form – ACF Content

Published on
Aug 08, 2022
Research Description
Advanced Custom Fields Frontend Forms &#8211; ACF Forms &#8211; ACF Post Form &#8211; ACF Registration Form &#8211; ACF Content Form &#8211; ACF Profile Form [buddyforms-acf] < 1.3.9 BuddyForms ACF <= 1.3.8 - Authenticated (Contributor+) Cross-Site Scripting The BuddyForms ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.3.9.
Status
vulnerable
Previous vulnerability researches
Advanced Custom Fields Frontend Forms &#8211; ACF Forms &#8211; ACF Post Form &#8211; ACF Registration Form &#8211; ACF Content (1d8066394517b6cd0b4aebae83bf3d686d10bc5c) , Jun 06, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025