Cross Site Scripting (XSS) Vulnerability with Advanced Custom Fields Plugin

November 1, 2024
1 minute read

(Low Priority) A potential vulnerability related to Cross Site Scripting (XSS) was found for the Advanced Custom Fields plugin.

Our normal update and review process was also effected by the WP Engine and WordPress dispute going on. There wasn't a clear way to update the plugin or know if what was being updated was the correct version. So it was uncertain how to update/fix this vulnerability initially because of the plugin repository being blocked by WordPress. Once WP Engine moved their plugin to their own hosted plugin environment we migrated any of our clients who were using that plugin to the new repository so that future updates could be applied like normal. You can read more about our response to the legal battles between WP Engine and WordPress.

What Steps Did ClearPG Take?

  • We were notified about the issue and checked for any sites that might be affected.
  • For our managed hosting customers, we updated the plugin to the latest version after verifying the vulnerability was fixed.

References:

Author

Israel Jernigan
(He/Him)
Board Game Aficionado &
Chief Technology Officer
at Clear Partnering Group

Instagram Feed

crossmenu