CVE-2020-36172: XSS
First published: Wed Jan 06 2021(Updated: )
The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandles the escaping of strings in Select2 dropdowns, potentially leading to XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Advanced Custom Fields | <5.8.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Advanced Custom Fields plugin?
The vulnerability ID for the Advanced Custom Fields plugin is CVE-2020-36172.
What is the severity level of CVE-2020-36172?
The severity level of CVE-2020-36172 is medium.
How does the Advanced Custom Fields plugin mishandle the escaping of strings?
The Advanced Custom Fields plugin mishandles the escaping of strings in Select2 dropdowns.
What is the potential impact of CVE-2020-36172?
CVE-2020-36172 has the potential to lead to cross-site scripting (XSS) attacks.
How can I fix the vulnerability in the Advanced Custom Fields plugin?
To fix the vulnerability in the Advanced Custom Fields plugin, update to version 5.8.12 or newer.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/advancedcustomfields
- canonical/advanced custom fields