Advanced Custom Fields version 6.7.2 is now available.

This release contains several security fixes for ACF and ACF PRO. Since this is a security release, we’ve also released ACF PRO 6.8.0-beta4, which includes these fixes in the beta branch.

We recommend that all users of ACF and ACF PRO update as soon as possible.

Wrap Up

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

We take the security of ACF extremely seriously and are always working on protecting our users. If you have discovered a vulnerability in the code or have a security issue, please see our Security page for more information.

Changelog

  • Security – Users’ unfiltered_html capability is now correctly applied to REST API calls
  • Security – Block Preview rendering now correctly checks the user has permission to edit that post
  • Security – Repeater fields using pagination now correctly checks the user has permissions to edit that post
  • Security – Flexible content fields layout title AJAX requests now correctly verify security nonces
  • Security – Clone field AJAX admin endpoints now correctly check ACF admin permissions for field group listings

For questions and help about this release, please contact our support team.