3 Aug

ACF 6.1.8

By Liam Gladdy

Advanced Custom Fields version 6.1.8 is now available.

This is a security fix release, solving a stored XSS vulnerability with labels on ACF Post Types and Taxonomies in admin screens.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.


  • Security Fix – This release resolves a stored XSS vulnerability in admin screens with ACF post type and taxonomy labels.

Affected Versions and Scope

This issue impacts ACF Free and PRO >=6.1.0, <=6.1.7.

Exploiting this issue requires administrator access to ACF’s admin screens to save a malicious Post Type or Taxonomy.

🙌 Thanks to Satoo Nakano and Ryotaro Imamura via JPCERT/CC for their responsible disclosure of this issue.

For questions and help about this release, please contact our support team.

About the Author

For plugin support, please contact our support team directly, as comments aren't actively monitored.