20 May

ACF 5.9.6 Release

Advanced Custom Fields version 5.9.6 is now available. This release contains a number of important bug fixes for both the ACF and ACF PRO plugins, which we hope you enjoy.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

Improving Defence Against XSS

Cross-site scripting or XSS is one of the most popular vulnerabilities among WordPress Core, Plugins and Themes. This vulnerability is best though of as a missing “filter” in the PHP pipeline when displaying user-generated content, which can allow unauthorized JavaScript code to be executed on a website.

We’re constantly making improvements to combat XSS and are excited to announce a new opt-in feature is available for testing. This feature will supercharge our plugins defense against XSS, and you can enable it early by adding the following code to your wp-config.php:


define( 'ACF_EXPERIMENTAL_ESC_HTML', true );

For more information, please read our full GitHub thread here: Issue #500


  • Enhancement – Added ‘position’ setting compatibility for Options Page submenus.
  • Enhancement – Visually highlight “High” metabox area when dragging metaboxes.
  • Fix – Fixed compatibility issue between Block matrix alignment setting and the latest version of Gutenberg (10.6).
  • Fix – Fixed bug breaking WYSIWYG field after reordering a child block via the block’s toolbar up/down buttons.
  • Fix – Added missing “readonly” and “disabled” attributes to DateTime and Time picker fields.
  • Fix – Fixed bug incorrectly validating Email field values containing special characters.
  • Fix – Fixed missing “dashicons” asset dependency from front-end forms.
  • Fix – Fixed bug causing Review JSON diff modal to appear with narrow column since WP 5.7.
  • Dev – Added label elements to Repeater, Flexible Content and Clone field’s table header titles.
  • Dev – Added new ACF_EXPERIMENTAL_ESC_HTML constant.


🙌 Thanks to everyone who helped make this release possible.