CVE-2021-24909

Name of the Vulnerable Software and Affected Versions ACF Photo Gallery Field WordPress plugin versions prior to 1.7.5

Description The issue arises from the lack of sanitization and escaping of the post parameter in the includes/acf photo gallery metabox edit.php file, leading to a Reflected Cross-Site Scripting issue. This allows malicious code to be injected and executed, potentially compromising the security of the system.

Recommendations For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the includes/acf photo gallery metabox edit.php file until a patch is applied. Avoid using the post parameter in the affected file until the issue is resolved.