Vulnerable Plugin Puts Two Million WordPress Sites At Risk

The Advanced Custom Fields WordPress plugin has a vulnerability that is leaving more than 2 million websites vulnerable....
Vulnerable Plugin Puts Two Million WordPress Sites At Risk
Written by Staff
  • The Advanced Custom Fields WordPress plugin has a vulnerability that is leaving more than 2 million websites vulnerable.

    According to a report by Patchstack, both the free and pro versions of the Advanced Custom Fields plugin have a reflected XSS vulnerability. The vulnerability opens the door to sensitive information being stolen:

    This vulnerability allows any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by tricking privileged user to visit the crafted URL path.

    The company says updating to version 6.1.6 or later should protect websites:

    The plugin Advanced Custom Fields and Advanced Custom Fields Pro (versions 6.1.5 and below, free and pro version), which has over 2 million active installations are known as the most popular custom fields plugins in WordPress.

    Admins should make sure they’re running the latest version as soon as possible.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit