CVE-2021-24241

Summary

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

Affected Software

VendorProductVersion RangeStatus
UnknownAdvanced Custom Fields Pro5.9.1 < 5.9.1affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References