WordPress custom field plugin bug exposes over 1M sites to XSS attacks


With millions of installations, the Advanced Custom Fields and Advanced Custom Fields Pro WordPress plugins are vulnerable to cross-site scripting attacks (XSS) according to security researchers. With 2,000,000 active installs on websites throughout the world, the two plugins are among WordPress’s most well-liked custom field builders.

On May 2, 2023, Rafie Muhammad, a researcher at Patchstack, found a high-severity reflected XSS vulnerability. This vulnerability was given the identification CVE-2023-30777. In most cases, XSS issues let attackers insert malicious scripts on public websites, which causes the visitor’s web browser to run code.

Read More…