| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4812 | Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters | wpengine | Advanced Custom Fields (ACF®) | Medium | 5.3 | 2026-04-15 01:25:18 | Deep Dive |
| CVE-2026-3528 | Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023 | Drupal | Calculation Fields | - | - | 2026-03-26 20:03:21 | Deep Dive |
| CVE-2026-4066 | Smart Custom Fields <= 5.0.6 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Relational Post Search | inc2734 | Smart Custom Fields | Medium | 4.3 | 2026-03-23 22:25:39 | Deep Dive |
| CVE-2026-4068 | Add Custom Fields to Media <= 2.0.3 - Cross-Site Request Forgery to Custom Field Deletion via 'delete' Parameter | pattihis | Add Custom Fields to Media | Medium | 4.3 | 2026-03-19 06:46:13 | Deep Dive |
| CVE-2026-23489 | Fields GLPI plugin vulnerable to RCE in dropdown generation | pluginsGLPI | fields | Critical | 9.1 | 2026-03-16 17:12:44 | Deep Dive |
| CVE-2026-32457 | WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability | Wombat Plugins | Advanced Product Fields (Product Addons) for WooCommerce | 中危 | - | 2026-03-13 11:42:23 | Deep Dive |
| CVE-2026-3986 | Calculated Fields Form <= 5.4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Form Settings | codepeople | Calculated Fields Form | Medium | 6.4 | 2026-03-13 08:25:18 | Deep Dive |
| CVE-2025-69377 | WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability | vanquish | User Extra Fields | - | - | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2025-69376 | WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability | vanquish | User Extra Fields | - | - | 2026-02-20 15:46:52 | Deep Dive |
| CVE-2025-67991 | WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability | vanquish | User Extra Fields | - | - | 2026-02-20 15:46:32 | Deep Dive |
| CVE-2026-21627 | Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla | tassos.gr | Novarain/Tassos Framework (plg_system_nrframework) | - | - | 2026-02-20 14:22:15 | Deep Dive |
| CVE-2026-25368 | WordPress Calculated Fields Form plugin <= 5.4.4.1 - Broken Access Control vulnerability | codepeople | Calculated Fields Form | - | - | 2026-02-19 08:27:00 | Deep Dive |
| CVE-2025-14983 | Advanced Custom Fields: Font Awesome <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | mattkeys | Advanced Custom Fields: Font Awesome Field | Medium | 6.4 | 2026-02-19 04:36:23 | Deep Dive |
| CVE-2026-2296 | Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter | acowebs | Product Addons for Woocommerce – Product Options with Custom Fields | High | 7.2 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2025-14533 | Advanced Custom Fields: Extended <= 0.9.2.1 - Unauthenticated Privilege Escalation via Insert User Form Action | hwk-fr | Advanced Custom Fields: Extended | Critical | 9.8 | 2026-01-20 09:25:01 | Deep Dive |
| CVE-2025-49379 | WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability | silverplugins217 | Custom Fields Account Registration For Woocommerce | - | - | 2025-12-18 07:21:44 | Deep Dive |
| CVE-2025-13924 | Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication | maartenbelmans | Advanced Product Fields (Product Addons) for WooCommerce | Medium | 4.3 | 2025-12-09 17:23:32 | Deep Dive |
| CVE-2025-67579 | WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability | vanquish | User Extra Fields | - | - | 2025-12-09 14:14:15 | Deep Dive |
| CVE-2025-13486 | Advanced Custom Fields: Extended 0.9.0.5 - 0.9.1.1 - Unauthenticated Remote Code Execution in prepare_form | hwk-fr | Advanced Custom Fields: Extended | Critical | 9.8 | 2025-12-03 06:47:47 | Deep Dive |
| CVE-2025-60207 | WordPress Custom User Registration Fields for WooCommerce plugin <= 2.1.2 - Arbitrary File Upload Vulnerability | Addify | Custom User Registration Fields for WooCommerce | 中危 | - | 2025-11-06 15:55:06 | Deep Dive |