(Low Priority) A potential vulnerability related to Cross Site Scripting (XSS) was found for the Advanced Custom Fields plugin.
Our normal update and review process was also effected by the WP Engine and WordPress dispute going on. There wasn't a clear way to update the plugin or know if what was being updated was the correct version. So it was uncertain how to update/fix this vulnerability initially because of the plugin repository being blocked by WordPress. Once WP Engine moved their plugin to their own hosted plugin environment we migrated any of our clients who were using that plugin to the new repository so that future updates could be applied like normal. You can read more about our response to the legal battles between WP Engine and WordPress.