logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns

Description

The plugin did not correctly escape input from Select2 dropdowns, which could lead to Cross-Site Scripting issues

Affects Plugins

advanced-custom-fields

Fixed in version 5.8.12

References

CVE

CVE-2020-36172

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Verified

No

WPVDB ID

daa26c20-4295-40a3-b06f-62b22a635083

Timeline

Publicly Published

2021-01-06 (about 8 months ago)

Added

2021-01-06 (about 8 months ago)

Last Updated

2021-01-09 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin