CVE-2020-36172

The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
References
Link Resource
https://wordpress.org/plugins/advanced-custom-fields/#developers Product Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:advancedcustomfields:advanced_custom_fields:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-01-06 03:15

Updated : 2021-01-08 09:14


NVD link : CVE-2020-36172

Mitre link : CVE-2020-36172

Products Affected
No products.
CWE