RSS   Vulnerabilities for 'Advanced custom fields'   RSS

2021-04-22
 
CVE-2021-24241

CWE-79
 

 
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

 
2021-01-06
 
CVE-2020-36172

CWE-79
 

 
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.

 


Copyright 2021, cxsecurity.com

 

Back to Top