In today’s SensCy Cyber Alert, your SensCy team recommends WordPress users review the following information regarding the WordPress Advanced Custom Fields plugin.
The SensCy team is discovering that threat actors and hackers are taking advantage of a WordPress Advanced Custom Fields plugin flaw. The vulnerability can be tracked as CVE-2023-30777 and is ranked as a high-severity reflected cross-site scripting (XSS), meaning an unauthenticated attacker to steal sensitive information and escalate their privilege across the WordPress accounts.
SensCy recommendation is to upgrade ‘Advanced Custom Fields’ free and pro plugins to version 5.12.6 (backported) and 6.1.6.
Based on wordpress.org stats, over 1.4 million websites using the impacted WordPress plugin have not upgraded to the latest version.
If you have any questions, please reach out to your Cyber Advocate.