Advanced Custom Fields version 6.8.2 is now available.

This release contains multiple security fixes to ACF frontend forms for both ACF and ACF PRO.

We recommend that all users of ACF and ACF PRO upgrade as soon as possible.

Wrap Up

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

We take the security of ACF extremely seriously and are always working on protecting our users. If you have discovered a vulnerability in the code or have a security issue, please see our Security page for more information.

Changelog

  • Security – ACF frontend forms (acf_form()) now respect the post_title and post_content form configuration options when processing submissions, ensuring those values are only saved when the form is configured to accept them. Thanks to Sarawut Poolkhet (MisterHelloz) for the responsible disclosure.
  • Security – ACF frontend forms (acf_form()) now only save values for fields assigned to the form via the fields or field_groups parameters, or via the form’s location rules

For questions and help about this release, please contact our support team.