ACF Plugin’s Reflected XSS Vulnerability Attracts Exploit Attempts Within 24 Hours of Public Announcement

On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG)  is reporting that attackers began attempting to exploit it within 24 hours of Patchstack’s publication.

This post was originally published on WP Tavern by Sarah Gooding.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.