QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24909

Published: Jan 17, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue

Vendor	Product	Versions
Unknown	ACF Photo Gallery Field	affected `1.7.5 - < 1.7.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/5855f1fe-28f6-4cd6-a83c-95c23d809b79

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.