CVE-2024-45429

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions 6.3.5 and earlier Advanced Custom Fields Pro versions 6.3.5 and earlier

Description: A cross-site scripting issue exists, allowing an attacker with the capability setting privilege to store an arbitrary script in the field label. This script may be executed on the web browser of a logged-in user with the same privilege as the attacker's.

Recommendations: For Advanced Custom Fields versions 6.3.5 and earlier, update to a version later than 6.3.5 to resolve the issue. For Advanced Custom Fields Pro versions 6.3.5 and earlier, update to a version later than 6.3.5 to resolve the issue. As a temporary workaround, consider restricting the capability setting privilege to minimize the risk of exploitation.