The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpengine
Wpengine advanced Custom Field Pro Wpengine advanced Custom Fields |
|
CPEs | cpe:2.3:a:wpengine:advanced_custom_field_pro:*:*:*:*:*:*:*:* cpe:2.3:a:wpengine:advanced_custom_fields:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Wpengine
Wpengine advanced Custom Field Pro Wpengine advanced Custom Fields |
|
Metrics |
cvssV3_1
|
Fri, 15 Nov 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions. | |
Title | Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-15T06:00:08.369Z
Updated: 2024-11-15T18:38:37.432Z
Reserved: 2024-10-04T15:01:44.589Z
Link: CVE-2024-9529
Vulnrichment
Updated: 2024-11-15T18:37:23.068Z
NVD
Status : Awaiting Analysis
Published: 2024-11-15T07:15:17.900
Modified: 2024-11-15T19:35:19.160
Link: CVE-2024-9529
Redhat
No data.