What is the severity of CVE-2024-45429?

CVE-2024-45429 is classified as a cross-site scripting (XSS) vulnerability which can potentially allow attackers to execute arbitrary scripts in user browsers.

What versions are affected by CVE-2024-45429?

CVE-2024-45429 affects Advanced Custom Fields versions 6.3.5 and earlier, as well as Advanced Custom Fields Pro versions 6.3.5 and earlier.

How do I fix CVE-2024-45429?

To mitigate the risk of CVE-2024-45429, update to the latest version of Advanced Custom Fields or Advanced Custom Fields Pro that patches this vulnerability.

Who is vulnerable to CVE-2024-45429?

Users who have implemented Advanced Custom Fields or Advanced Custom Fields Pro up to version 6.3.5 are vulnerable if the 'capability' setting is misconfigured.

What impact does CVE-2024-45429 have on my website?

If exploited, CVE-2024-45429 can allow an attacker to inject malicious scripts into your website, compromising user data and potentially gaining control over user sessions.

Vulnerability/
CVE-2024-45429

medium

6.1

CWE

4/9/2024

25/3/2025

CVE-2024-45429: XSS

First published: Wed Sep 04 2024(Updated: )

Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Advanced Custom Fields	<=6.3.5
Advanced Custom Fields	<=6.3.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45429?
CVE-2024-45429 is classified as a cross-site scripting (XSS) vulnerability which can potentially allow attackers to execute arbitrary scripts in user browsers.
What versions are affected by CVE-2024-45429?
CVE-2024-45429 affects Advanced Custom Fields versions 6.3.5 and earlier, as well as Advanced Custom Fields Pro versions 6.3.5 and earlier.
How do I fix CVE-2024-45429?
To mitigate the risk of CVE-2024-45429, update to the latest version of Advanced Custom Fields or Advanced Custom Fields Pro that patches this vulnerability.
Who is vulnerable to CVE-2024-45429?
Users who have implemented Advanced Custom Fields or Advanced Custom Fields Pro up to version 6.3.5 are vulnerable if the 'capability' setting is misconfigured.
What impact does CVE-2024-45429 have on my website?
If exploited, CVE-2024-45429 can allow an attacker to inject malicious scripts into your website, compromising user data and potentially gaining control over user sessions.

agent/references
agent/author
agent/type
agent/description
agent/weakness
agent/first-publish-date
agent/severity
agent/source
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/wpengine
canonical/advanced custom fields
version/advanced custom fields/6.3.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.