What is the severity of CVE-2024-49593?

CVE-2024-49593 is considered a high severity vulnerability due to its potential for stored cross-site scripting (XSS) attacks.

How do I fix CVE-2024-49593?

To fix CVE-2024-49593, update Advanced Custom Fields to version 6.3.9 or later, or Secure Custom Fields to version 6.3.6.3 or later.

Who is affected by CVE-2024-49593?

CVE-2024-49593 affects users of Advanced Custom Fields versions prior to 6.3.9 and Secure Custom Fields versions prior to 6.3.6.3.

What type of vulnerability is CVE-2024-49593?

CVE-2024-49593 is a stored cross-site scripting (XSS) vulnerability that can exploit the Field Group editor.

Can CVE-2024-49593 impact website security?

Yes, CVE-2024-49593 can significantly impact website security by allowing attackers to execute malicious scripts on affected installations.

Vulnerability/
CVE-2024-49593

medium

5.3

CWE

EPSS

0.107%

17/10/2024

18/11/2024

CVE-2024-49593: XSS

First published: Thu Oct 17 2024(Updated: )

In Advanced Custom Fields (ACF) before 6.3.9 and Secure Custom Fields before 6.3.6.3 (plugins for WordPress), using the Field Group editor to edit one of the plugin's fields can result in execution of a stored XSS payload. NOTE: if you wish to use the WP Engine alternative update mechanism for the free version of ACF, then you can follow the process shown at the advancedcustomfields.com blog URL within the References section below.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Advanced Custom Fields	<6.3.9
Secure Custom Fields	<6.3.6.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-49593?
CVE-2024-49593 is considered a high severity vulnerability due to its potential for stored cross-site scripting (XSS) attacks.
How do I fix CVE-2024-49593?
To fix CVE-2024-49593, update Advanced Custom Fields to version 6.3.9 or later, or Secure Custom Fields to version 6.3.6.3 or later.
Who is affected by CVE-2024-49593?
CVE-2024-49593 affects users of Advanced Custom Fields versions prior to 6.3.9 and Secure Custom Fields versions prior to 6.3.6.3.
What type of vulnerability is CVE-2024-49593?
CVE-2024-49593 is a stored cross-site scripting (XSS) vulnerability that can exploit the Field Group editor.
Can CVE-2024-49593 impact website security?
Yes, CVE-2024-49593 can significantly impact website security by allowing attackers to execute malicious scripts on affected installations.

agent/weakness
agent/references
agent/description
agent/type
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/event
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/source
agent/epss
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/advanced custom fields
canonical/advanced custom fields
vendor/secure custom fields
canonical/secure custom fields

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.