logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-24241

Description

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.


Affected Software


CPE Name Name Version
advancedcustomfields:advanced_custom_fields advancedcustomfields advanced custom fields 5.9.1

Related