WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. The ACF field builder allows users to quickly and easily add fields to […]

The post WordPress Advanced Custom Fields plugin XSS exposes +2M sites to attacks appeared first on Security Affairs.