Advanced Custom Fields PRO version 6.2.10 is now available.
This PRO only release of ACF contains an important security fix for ACF Blocks users and we recommend upgrading as soon as possible.
👨‍💻 Please find the release notes below. And for the latest ACF news, follow us on Twitter @wp_acf.
We take the security of ACF extremely seriously and are always working on protecting our users. If you have discovered a vulnerability in the code or have a security issue, please see our Security page for more information.
ACF Blocks Security Fix
This release patches a security vulnerability in ACF Blocks, where malicious authenticated users with the ability to edit posts could change the render template, render callback function name, or set a custom legacy asset callback function name for an ACF Block.
Though the vulnerability requires an authenticated user, we still recommend patching as soon as possible.
Changelog
- Security Fix – ACF Blocks no longer allow render templates, render callbacks or assets to be overridden in the block’s attributes.
For questions and help about this release, please contact our support team.
About the Author
Liam’s a veteran WordPress developer based in Bath, UK. He’s a fan of all things devops, gaming and coffee, but is still working on his espresso skills. Just don’t ask him to try latte art… the results are never good.
