CVE-2024-9529 — MEDIUM (6.6)

Q: How severe is CVE-2024-9529?

CVE-2024-9529 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-9529?

Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.

Vulnerability Description

The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.

CVSS Score

6.6

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Advancedcustomfields	Advanced Custom Fields	< 6.3.9

References

https://wpscan.com/vulnerability/dd3cc8d8-4dff-47f9-b036-5d09f2c7e5f2/ExploitThird Party Advisory

FAQ

What is CVE-2024-9529?

CVE-2024-9529 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from runni...

How severe is CVE-2024-9529?

CVE-2024-9529 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-9529?

Check the references section above for vendor advisories and patch information. Affected products include: Advancedcustomfields Advanced Custom Fields.