ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Advanced Custom Fields Plugin <= 1.1.12 - Stored Cross Site Scripting

Product
Advanced Custom Fields
Description
Because of this vulnerability, users can inject JavaScript into pages within /wp-admin/.
Solution
Upgrade the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
DWX Security
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.12
Fixed In 1.1.13
Disclosure date
2016-08-08
Submitter
ThreatPress