ACF does use add_query_arg(), but neither of the two places this is used depends on user input. The vulnerability reported by Sucuri was has to do with using user input without escaping it when using this function.
~JH
Viewing 2 posts - 1 through 2 (of 2 total)
The topic ‘add_query_arg XSS’ is closed to new replies.
Welcome
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users
We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.
