CVE-2024-9529
Last modified
CVE-2024-9529 is a medium-severity vulnerability rated 6.6/10 on the CVSS scale. The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Advancedcustomfields | Advanced Custom Fields | < 6.3.9 |
References
- https://wpscan.com/vulnerability/dd3cc8d8-4dff-47f9-b036-5d09f2c7e5f2/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-9529?
How severe is CVE-2024-9529?
How do I fix CVE-2024-9529?
Are you affected by CVE-2024-9529?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST