[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fn3C2pzWB97YByWgY29NNAm4kG38CvdLG0iRXXAeTTpI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2012-10025","advanced-custom-fields-remote-code-execution-via-remote-file-inclusion","Advanced Custom Fields \u003C= 3.5.1 - Remote Code Execution via Remote File Inclusion","Advanced Custom Fields up to 3.5.1 is vulnerable to Remote Code Execution. The vulnerability allows for remote file inclusion and remote code execution via the export.php script. This exploit only works when the php option allow_url_include is set to On (Default Off).","advanced-custom-fields",null,"\u003C=3.5.1","3.5.2","low",3.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2013-01-03 00:00:00","2025-08-22 18:50:10",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3dfba044-42f8-44a2-be62-99af9d9094c3?source=api-prod",4615]