The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its setting import functionalities, which could allow high privilege users such as admin to run arbitrary PHP functions.
CVSS Details
- CVSS 3.1 Base Score: 6.6
- CVSS 3.1 Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Advanced Custom Fields Plugin | advanced-custom-fields-plugin-cve-2024-9529 | May 15, 2025 | Oct 7, 2024 | |
| Advanced Custom Fields Pro Plugin | advanced-custom-fields-pro-plugin-cve-2024-9529 | May 15, 2025 | Oct 7, 2024 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub