CVE-2021-24909

CVE-2021-24909: ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting

Vendor Unknown
Product ACF Photo Gallery Field
Weakness CWE-79 · XSS
Published January 17, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

January 17, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE