WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Advanced Custom Fields < 5.8.12 - Cross-Site Scripting in Select2 dropdowns

Description

The plugin did not correctly escape input from Select2 dropdowns, which could lead to Cross-Site Scripting issues

Affects Plugins

advanced-custom-fields
Fixed in version 5.8.12

References

CVE
CVE-2020-36172

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified

No

WPVDB ID
daa26c20-4295-40a3-b06f-62b22a635083

Timeline

Publicly Published

2021-01-06 (about 2 years ago)

Added

2021-01-06 (about 2 years ago)

Last Updated

2021-01-09 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin