CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's.
We have discovered 6,919 live websites that are affected by CVE-2024-45429.
Affected Software
| Product |  Advanced Custom Fields |
| Category | Wordpress Plugins |
| Vulnerable Domains | 6,919 live websites (51.77% of Advanced Custom Fields install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 171 versions ( 92.93% of all versions) |
Details
- Published - Sep 4, 2024
- Updated - Sep 5, 2024
CVE References
CVE-2024-45429 usage by Country
 United States | 2,536 websites |
 Germany | 697 websites |
 France | 670 websites |
 GB | 371 websites |
 Russia | 343 websites |
 Italy | 155 websites |
 Netherlands | 155 websites |
 Switzerland | 124 websites |
 Cyprus | 109 websites |
 Brazil | 107 websites |
CVE-2024-45429 usage by TLD
| .com | 2,613 websites |
| .org | 398 websites |
| .fr | 346 websites |
| .de | 282 websites |
| .ru | 272 websites |
| .co.uk | 256 websites |
| .com.br | 171 websites |
| .nl | 164 websites |
| .net | 151 websites |
| .it | 141 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-45429
Top websites that are affected by CVE-2024-45429. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| ********.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| ***************.com | United States | **,*** | |
| ******************.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| ************.org | United States | **,*** | |
| ********.nl | United States | **,*** | |
| ****.org | United States | **,*** | |
| ********.com | United States | **,*** |
FAQ
A total of 6,919 websites have been identified as vulnerable to CVE-2024-45429, discovered through global website indexing conducted by WebTechSurvey.
Advanced Custom Fields is susceptible to CVE-2024-45429 vulnerability.
Advanced Custom Fields versions before, and including, 6.3.5 are vulnerable to CVE-2024-45429.