WordPress custom field plugin bug exposes over 1M sites to XSS attacks

05-May-23

With millions of installations, the Advanced Custom Fields and Advanced Custom Fields Pro WordPress plugins are vulnerable to cross-site scripting attacks (XSS) according to security researchers. With 2,000,000 active installs on websites throughout the world, the two plugins are among WordPress’s most well-liked custom field builders.

On May 2, 2023, Rafie Muhammad, a researcher at Patchstack, found a high-severity reflected XSS vulnerability. This vulnerability was given the identification CVE-2023-30777. In most cases, XSS issues let attackers insert malicious scripts on public websites, which causes the visitor’s web browser to run code.

Read More…