Advanced Custom Fields version 6.1.8 is now available.
This is a security fix release, solving a stored XSS vulnerability with labels on ACF Post Types and Taxonomies in admin screens.
👨💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
This issue impacts ACF Free and PRO >=6.1.0, <=6.1.7.
Exploiting this issue requires administrator access to ACF’s admin screens to save a malicious Post Type or Taxonomy.
🙌 Thanks to Satoo Nakano and Ryotaro Imamura via JPCERT/CC for their responsible disclosure of this issue.