CVE-2021-24865

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields: Extended WordPress plugin versions prior to 0.8.8.7

Description The issue arises from the lack of validation of the order and orderby parameters before they are used in a SQL statement, leading to a SQL Injection issue.

Recommendations For versions prior to 0.8.8.7, update to version 0.8.8.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL statement or validating the order and orderby parameters manually until a patch is applied.