WordPress · Advanced Custom Fields Pro · CVE-2021-24241
**Name of the Vulnerable Software and Affected Versions**
Advanced Custom Fields Pro WordPress plugin versions prior to 5.9.1
**Description**
The issue is related to a reflected Cross-Site Scripting problem in the update settings page, caused by improper escaping of the generated update URL.
**Recommendations**
For versions prior to 5.9.1, update to version 5.9.1 or later to resolve the issue.