Filtered by vendor Accesspressthemes
Subscriptions
Filtered by product Frontend Post Wordpress Plugin
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-10025 | 3 Accesspressthemes, Advanced Custom Fields, Wordpress | 3 Frontend Post Wordpress Plugin, Advanced Custom Fields Wordpress Plugin, Wordpress | 2026-03-05 | N/A |
| The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled (default: Off), an unauthenticated attacker can exploit the acf_abspath POST parameter to include and execute arbitrary remote PHP code. This leads to remote code execution under the web server’s context, allowing full compromise of the host. | ||||
| CVE-2022-4946 | 1 Accesspressthemes | 1 Frontend Post Wordpress Plugin | 2025-01-08 | 5.4 Medium |
| The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | ||||
Page 1 of 1.