3 Aug

ACF 6.1.8

By Liam Gladdy

Advanced Custom Fields version 6.1.8 is now available.

This is a security fix release, solving a stored XSS vulnerability with labels on ACF Post Types and Taxonomies in admin screens.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.


  • Security Fix – This release resolves a stored XSS vulnerability in admin screens with ACF post type and taxonomy labels.

Affected Versions and Scope

This issue impacts ACF Free and PRO >=6.1.0, <=6.1.7.

Exploiting this issue requires administrator access to ACF’s admin screens to save a malicious Post Type or Taxonomy.

🙌 Thanks to Satoo Nakano and Ryotaro Imamura via JPCERT/CC for their responsible disclosure of this issue.

For questions and help about this release, please contact our support team.

About the Author