N/A
2024-10-16< 6.3.9
WordPress Advanced Custom Fields PRO Plugin <= 6.3.8 is vulnerable to Cross Site Scripting (XSS)
Advanced Custom Field Pro
Minimum safe version
6.3.9
Update to 6.3.9 or later to address 19 fixable vulnerabilities
Latest available5.12.2 ✗Affected up to6.1.7 ⚠
N/A
2024-10-15< 6.3.9
Advanced Custom Fields <= 6.3.8 & Secure Custom Fields <= 6.3.6.2 - Authenticated (Admin+) Stored Cross-Site Scripting
N/A
2024-10-07< 6.3.8
Advanced Custom Fields <= 6.3.8 - Authenticated (Admin+) Limited Arbitrary Function Call
Medium 6.1
2024-09-04< 6.3.6
CVE-2024-45429
Medium 4.3
2024-12-16< 6.3.2
CVE-2024-37251
Medium 5.4
2024-11-01< 6.3.2
CVE-2024-37250
Medium 4.3
2024-11-01< 6.3.2
CVE-2024-37249
Medium 6.5
2024-06-20< 6.3.0
CVE-2024-4565
High 8.5
2024-06-10< 6.2.10
CVE-2024-34761
Critical 9.9
2024-06-10< 6.2.10
CVE-2024-34762
N/A
< 6.2.5
Advanced Custom Fields < 6.2.5 - Contributor+ Stored Cross-Site Scripting via Custom Field
N/A
2024-01-16< 6.2.5
WordPress Advanced Custom Fields PRO Plugin < 6.2.5 is vulnerable to Cross Site Scripting (XSS)
N/A
2023-08-10< 6.1.8
Advanced Custom Fields PRO 6.1 - 6.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting
N/A
2023-08-10≥ 6.1 and ≤ 6.1.7
WordPress Advanced Custom Fields PRO Plugin 6.1-6.1.7 is vulnerable to Cross Site Scripting (XSS)
High 8.8
2023-05-02< 5.12.5
CVE-2023-1196
High 7.1
2023-05-10< 6.1.6
CVE-2023-30777
Medium 6.5
2025-10-03< 5.12.1
WordPress Advanced Custom Fields PRO Plugin < 5.11 is vulnerable to Broken Access Control
High 8.8
2022-08-22< 5.12.3
CVE-2022-2594
Medium 6.5
2022-03-31< 5.12.1
CVE-2022-23183
Medium 6.1
2021-04-22< 5.9.1
CVE-2021-24241