Janlele91

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields (ACF) versions prior to 6.3.9 Secure Custom Fields versions prior to 6.3.6.3 **Description** The issue allows for the execution of a stored XSS payload when using the Field Group editor to edit one of the plugin's fields in Advanced Custom Fields (ACF) and Secure Custom Fields for WordPress. **Recommendations** For Advanced Custom Fields (ACF) versions prior to 6.3.9, update to version 6.3.9 or later. For Secure Custom Fields versions prior to 6.3.6.3, update to version 6.3.6.3 or later. As a temporary workaround, consider restricting access to the Field Group editor until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields plugin version 5.8.11 and earlier Description: The issue is related to the mishandling of string escaping in Select2 dropdowns, potentially leading to cross-site scripting (XSS). XSS is a type of attack where an attacker injects malicious code into a website, which is then executed by the user's browser. This can lead to unauthorized access to sensitive data or taking control of the user's session. Recommendations: For versions prior to 5.8.12, update to version 5.8.12 or later to resolve the issue. As a temporary workaround, consider disabling the use of Select2 dropdowns in the Advanced Custom Fields plugin until a patch is applied. Restrict access to areas of the website that utilize the Advanced Custom Fields plugin to minimize the risk of exploitation.