CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
48.6%
WordPress Plugin “Advanced Custom Fields” provided by WP Engine contains a cross-site scripting vulnerability (CWE-79).
An arbitrary script may be executed on the web browser of the user who is logging in to the product with the editor or higher privilege.
Update the plugin
Update the plugin according to the information provided by the developer.
The developer has released the versions listed below that address the vulnerability.