3 matches found
CVE-2021-24241
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page...
CVE-2021-24241 Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)
The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page...
CVE-2021-24241
CVE-2021-24241 affects the WordPress plugin Advanced Custom Fields Pro (before 5.9.1). The issue is a reflected XSS in the update settings page caused by insufficient escaping of the generated update URL when output in an attribute. Impact described in multiple sources includes the possibility of...