Article

XSS Attack WordPress

We discovered a security issue in the plugin „Advanced Custom Fields” for WordPress. It is possible to inject JavaScript code into the website as well as into the WordPress backend due to a lack of sufficient input filtering.