WordPress Plugin Vulnerability

Published On: May 15, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the WordPress Advanced Custom Fields plugin.

The SensCy team is discovering that threat actors and hackers are taking advantage of a WordPress Advanced Custom Fields plugin flaw. The vulnerability can be tracked as CVE-2023-30777 and is ranked as a high-severity reflected cross-site scripting (XSS), meaning an unauthenticated attacker to steal sensitive information and escalate their privilege across the WordPress accounts.

SensCy recommendation is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.

Based on wordpress.org stats, over 1.4 million websites using the impacted WordPress plugin have not upgraded to the latest version.

If you have any questions, please reach out to your Cyber Advocate.

Related Posts

  • Apple Zero-Day Vulnerability

    September 22, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team urges Apple product users to install the new updates immediately. The new update remediates THREE new zero-day [...]

  • Microsoft Patch Tuesday

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, September 12, 2023. Today’s Patch Tuesday comes with [...]

  • Google Chrome 116 Update

    September 12, 2023

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team recommends Google Chrome Browser users to install the new Chrome Version immediately. Google announced a new update [...]