Advanced Custom Fields version 6.4.3 is now available. This release contains several security fixes for ACF and ACF PRO, including additional HTML escaping for field group labels, post titles, and Select2 elements to prevent JS vulnerabilities in the WordPress admin. These vulnerabilities all required an ACF admin user to save malicious HTML. For this reason, it’s important to only ever import ACF JSON files from trusted sources.
ACF Releases Security Update
Liam Gladdy @ advancedcustomfields.com • 15 hours ago
