Home Forums Bug Reports ACF_Form() Security Issues Reply To: ACF_Form() Security Issues

  • In the meantime while this vulnerability is addressed officially, I have found a solid workaround for myself.

    I made a duplicate of the acf_form_head() (renamed of course) and put it into my plugin.

    I kept everything the same, except that instead of reading the values of the ‘_acf_form’ field from the $_POST data, I rely on my own hard coded values in my version of the function.

    This allows me to still utilize the great ACF field types and functionality, without allowing people to modify the functionality of the form beyond the scope I defined.