15 May

ACF PRO 6.2.10 Security Release

By Liam Gladdy

Advanced Custom Fields PRO version 6.2.10 is now available.

This PRO only release of ACF contains an important security fix for ACF Blocks users and we recommend upgrading as soon as possible.

👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.

We take the security of ACF extremely seriously and are always working on protecting our users. If you have discovered a vulnerability in the code or have a security issue, please see our Security page for more information.

ACF Blocks Security Fix

This release patches a security vulnerability in ACF Blocks, where malicious authenticated users with the ability to edit posts could change the render template, render callback function name, or set a custom legacy asset callback function name for an ACF Block.

Though the vulnerability requires an authenticated user, we still recommend patching as soon as possible.


  • Security Fix – ACF Blocks no longer allow render templates, render callbacks or assets to be overridden in the block’s attributes.

For questions and help about this release, please contact our support team.

About the Author