CVE-2021-24909

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acfphotogallerymetaboxedit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue...

PT-2022-9503 · WordPress · Acf Photo Gallery Field

Name of the Vulnerable Software and Affected Versions: ACF Photo Gallery Field WordPress plugin versions prior to 1.7.5 Description: The issue arises from the lack of sanitization and escaping of the post parameter in the includes/acf photo gallery metabox edit.php file, leading to a Reflected...