WordPress Plugin Vulnerabilities

Advanced Custom Fields <= 3.5.1 - Remote File Inclusion

Description

The Advanced Custom Fields WordPress plugin was affected by a Remote File Inclusion security vulnerability.

Affects Plugins

Plugin icon
advanced-custom-fields
Fixed in 3.5.2

References

Exploitdb
23856
URL
exploit/unix/webapp/wp_advanced_custom_fields_exec
URL
https://packetstormsecurity.com/files/#119221/

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98

Miscellaneous

Verified
Yes
WPVDB ID
d132d93b-509c-490d-8001-87147ed28c5e

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-09-02
Title
FitLine <= 1.6 - Unauthenticated Local File Inclusion
Published
2024-05-14
Title
All-in-One Video Gallery < 3.7.0 - Authenticated (Contributor+) Local File Inclusion via aiovg_search_form Shortcode
Published
2025-01-16
Title
Image Gallery Box by CRUDLab <= 1.0.3 - Authenticated (Subscriber+) Local File Inclusion
Published
2024-12-19
Title
Userpro <= 5.1.9 - Unauthenticated Local File Inclusion
Published
2024-11-20
Title
Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion