Vulnerability Description
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Advancedcustomfields | Advanced Custom Fields | >= 6.1.0, <= 6.1.7 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN98946408/Third Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Product
- https://www.advancedcustomfields.com/Product
- https://www.advancedcustomfields.com/blog/acf-6-1-8/Release NotesVendor Advisory
- https://jvn.jp/en/jp/JVN98946408/Third Party Advisory
- https://wordpress.org/plugins/advanced-custom-fields/Product
- https://www.advancedcustomfields.com/Product
- https://www.advancedcustomfields.com/blog/acf-6-1-8/Release NotesVendor Advisory
FAQ
What is CVE-2023-40068?
CVE-2023-40068 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitra...
How severe is CVE-2023-40068?
CVE-2023-40068 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-40068?
Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.