Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability

Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched by ACF developers in version 6.1.6 in April.

This post was originally published on WP Tavern by Sarah Gooding.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.