Ryo Sotoyama

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions 6.3.5 and earlier Advanced Custom Fields Pro versions 6.3.5 and earlier Description: A cross-site scripting issue exists, allowing an attacker with the `capability` setting privilege to store an arbitrary script in the field label. This script may be executed on the web browser of a logged-in user with the same privilege as the attacker's. Recommendations: For Advanced Custom Fields versions 6.3.5 and earlier, update to a version later than 6.3.5 to resolve the issue. For Advanced Custom Fields Pro versions 6.3.5 and earlier, update to a version later than 6.3.5 to resolve the issue. As a temporary workaround, consider restricting the `capability` setting privilege to minimize the risk of exploitation.