WordPress Plugin Vulnerability

Published On: May 15, 2023Categories: Cyber Alerts

In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the WordPress Advanced Custom Fields plugin.

The SensCy team is discovering that threat actors and hackers are taking advantage of a WordPress Advanced Custom Fields plugin flaw. The vulnerability can be tracked as CVE-2023-30777 and is ranked as a high-severity reflected cross-site scripting (XSS), meaning an unauthenticated attacker to steal sensitive information and escalate their privilege across the WordPress accounts.

SensCy recommendation is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.

Based on wordpress.org stats, over 1.4 million websites using the impacted WordPress plugin have not upgraded to the latest version.

If you have any questions, please reach out to your Cyber Advocate.

Related Posts

  • July 10, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Adobe latest release of security updates. We recommend installing those updates immediately if you are using [...]

  • July 9, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Brief, your SensCy team reviewed Microsoft’s latest series of patches released on Tuesday, May 14, 2024. This month Microsoft fixes four [...]

  • June 29, 2024

    Categories: Cyber Alerts

    In today’s SensCy Cyber Alert, your SensCy team is reviewing latest disclosure of vulnerabilities by WordPress. There were 183 vulnerabilities discovered, including 135 WordPress plugin [...]