CVE-2021-24241

CVE-2021-24241: Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

Vendor Unknown
Product Advanced Custom Fields Pro
Weakness CWE-79 · XSS
Published April 22, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Advanced Custom Fields Pro WordPress plugin before 5.9.1 did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 3, 2024 Record updated