ByteOS Network

NVD Vulnerability Details :

CVE-2023-40068

Analyzed

Source-vultures@jpcert.or.jp

Published At-21 Aug, 2023 | 09:15

Updated At-25 Aug, 2023 | 16:10

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CPE Matches

advancedcustomfields>>advanced_custom_fields>>Versions from 6.1.0(inclusive) to 6.1.7(inclusive)

cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:-:wordpress:*:*

advancedcustomfields>>advanced_custom_fields>>Versions from 6.1.0(inclusive) to 6.1.7(inclusive)

cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:pro:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://jvn.jp/en/jp/JVN98946408/	vultures@jpcert.or.jp	Third Party Advisory
https://wordpress.org/plugins/advanced-custom-fields/	vultures@jpcert.or.jp	Product
https://www.advancedcustomfields.com/	vultures@jpcert.or.jp	Product
https://www.advancedcustomfields.com/blog/acf-6-1-8/	vultures@jpcert.or.jp	Release Notes Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History