CVE-2023-40068

medium

Description

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

References

https://www.advancedcustomfields.com/blog/acf-6-1-8/

https://www.advancedcustomfields.com/

https://wordpress.org/plugins/advanced-custom-fields/

https://jvn.jp/en/jp/JVN98946408/

Details

Source: Mitre, NVD

Published: 2023-08-21

Updated: 2023-08-25

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.16615