Wordpress Plugin
Approved changes feed: RSS · Atom
cpe:2.3:a:advanced_custom_fields:wordpress_plugin:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Advanced Custom Fields (159ee20b-1a83-51ca-98e2-ffc88f6690dd) |
|---|---|
| Product | Wordpress Plugin (ee01d135-a1ce-5033-bb18-e0a4c5856864) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2012-10025 |
vulnerable | 2026-06-08 05:00:46.881428 |
WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion
The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host.
Published: 2025-08-05T20:06:00.838Z
Updated: 2026-05-15T11:13:52.958Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.