CVE-2023-40068

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields versions 6.1.0 through 6.1.7 Advanced Custom Fields Pro versions 6.1.0 through 6.1.7

Description A cross-site scripting vulnerability allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with administrative privilege. This issue potentially affects approximately 1 million sites.

Recommendations For Advanced Custom Fields versions 6.1.0 through 6.1.7, update to a version later than 6.1.7 to resolve the issue. For Advanced Custom Fields Pro versions 6.1.0 through 6.1.7, update to a version later than 6.1.7 to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges until a patch is applied.