Home › Forums › Bug Reports › ACF_Form() Security Issues › Reply To: ACF_Form() Security Issues
I realize this is an old thread, but not sure if there’s a better place to post. The behavior described by mkeys is still present, and while I understand it is a fundamental part of the functionality of acf_form, it is difficult to use acf_form in good conscience with this vulnerability. In addition to manipulating post authors, etc, it is possible to edit the data of other users in this manner using the user_$current_user->ID.
Is there is a practical solution to mitigate this issue? Or is there a reason I am missing that we shouldn’t be concerned with this?
I would love to use the acf_form functionality rather than implement a separate form plugin or writing a separate plugin from scratch.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
Helping others is a great way to earn karma, gain badges and help ACF development!
ACF wouldn’t be so widely used in WordPress if it didn’t have some pretty amazing capabilities. In this article, we look at a few of the features we’ll discuss during “7 things you didn’t know you could do with ACF” at #WPEDecode later this month. https://t.co/5lnsTxp81j pic.twitter.com/Yf0ThPG1QG— Advanced Custom Fields (@wp_acf) March 16, 2023
© 2023 Advanced Custom Fields.