Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection
CVE-2021-24865
7.2HIGH
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 24 January 2022
What is CVE-2021-24865?
The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue
Affected Version(s)
Advanced Custom Fields: Extended 0.8.8.7