WordPress Plugin Vulnerability

Published On: May 15, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the WordPress Advanced Custom Fields plugin.

The SensCy team is discovering that threat actors and hackers are taking advantage of a WordPress Advanced Custom Fields plugin flaw. The vulnerability can be tracked as CVE-2023-30777 and is ranked as a high-severity reflected cross-site scripting (XSS), meaning an unauthenticated attacker to steal sensitive information and escalate their privilege across the WordPress accounts.

SensCy recommendation is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.

Based on wordpress.org stats, over 1.4 million websites using the impacted WordPress plugin have not upgraded to the latest version.

If you have any questions, please reach out to your Cyber Advocate.

Related Posts

  • February 28, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Below are the new available [...]

  • February 13, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, February 13, 2023. Today’s Patch Tuesday comes fix [...]

  • February 7, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. The new update remediate two [...]