CVE-2023-40068

Summary

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

Affected Software

VendorProductVersion RangeStatus
WP EngineAdvanced Custom Fieldsversions 6.1.0 to 6.1.7affected
WP EngineAdvanced Custom Fields Proversions 6.1.0 to 6.1.7affected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References