Browse all 4 CVE security advisories affecting wpengine. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4812 | Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®)CWE-862 | 5.3 | Medium | 2026-04-15 |
| CVE-2025-11427 | WP Migrate Lite <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery — WP Migrate Lite – Migration Made EasyCWE-918 | 5.8 | Medium | 2025-11-18 |
| CVE-2023-6701 | Advanced Custom Fields <= 6.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Advanced Custom Fields (ACF®)CWE-79 | 6.4 | Medium | 2024-02-05 |
| CVE-2023-6933 | Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection — Better Search ReplaceCWE-502 | 8.8 | High | 2024-02-05 |
This page lists every published CVE security advisory associated with wpengine. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.