Wpengine

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields PRO versions prior to 6.2.10 **Description** A Code Injection vulnerability was discovered in Advanced Custom Fields PRO due to improper control of code generation. This issue was identified during a planned security audit. **Recommendations** For versions prior to 6.2.10, update to version 6.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Advanced Custom Fields PRO versions prior to 6.2.10 **Description** A Path Traversal vulnerability, also known as Improper Limitation of a Pathname to a Restricted Directory, was discovered in Advanced Custom Fields PRO during a planned security audit. This issue allows for PHP Local File Inclusion. **Recommendations** For versions prior to 6.2.10, update to version 6.2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.