Searchenginejournal.com

ACF WordPress Plugin Vulnerability Affects Up To +2 Million Sites

Missing authorization vulnerability …allows a remote authenticated attacker to view the information on the database without the access permission. This kind of vulnerability allows an attacker to ...
GIGAZINE

WordPress forks popular WP Engine plugin 'Advanced Custom Fields' without permission, developer claims plugin was 'taken without consent'

On October 12, 2024 local time, Mullenweg announced that he would fork ACF into a new plugin called 'Secure Custom Fields.' Mullenweg cited the fact that ACF updates are now done directly from the WP ...
Bleeping Computer

WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS). The two ...
GeekWire

WordPress Plugin Review: Advanced Custom Fields Pro

We use a number of WordPress plugins on GeekWire. One of the most useful ones we’ve found is Advanced Custom Fields (ACF), which enables easy input and output of custom fields. We use custom fields ...
The Verge

WordPress.org’s latest move involves taking control of a WP Engine plugin

WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” resulting from WP Engine’s legal moves. WordPress co-founder Matt Mullenweg calls it “a rare and unusual situation” ...
Searchenginejournal.com

Automattic Receives Backlash For Cloning Premium Plugin

Automattic cloned WP Engine’s paid ACF Premium plugin and is distributing it for free. Many in the WordPress community disapprove of this action, expressing concerns that it undermines the plugin and ...

ACF plugin bug gives hackers admin on 50,000 WordPress sites

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be ...