Security Advisory

CVE-2021-24241

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-04-22 21:00:51

Last updated 2024-08-03 19:21:18

Assigner WPScan

State PUBLISHED

Description

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

← Browse all CVEs View on cve.org ↗