Advanced Custom Fields version 6.1.8 is now available.
This is a security fix release, solving a stored XSS vulnerability with labels on ACF Post Types and Taxonomies in admin screens.
👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
Changelog
- Security Fix – This release resolves a stored XSS vulnerability in admin screens with ACF post type and taxonomy labels.
Affected Versions and Scope
This issue impacts ACF Free and PRO >=6.1.0, <=6.1.7.
Exploiting this issue requires administrator access to ACF’s admin screens to save a malicious Post Type or Taxonomy.
🙌 Thanks to Satoo Nakano and Ryotaro Imamura via JPCERT/CC for their responsible disclosure of this issue.
For questions and help about this release, please contact our support team.
About the Author
Liam’s a veteran WordPress developer based in Bath, UK. He’s a fan of all things devops, gaming and coffee, but is still working on his espresso skills. Just don’t ask him to try latte art… the results are never good.
For plugin support, please contact our support team directly, as comments aren't actively monitored.
