ACF does use add_query_arg(), but neither of the two places this is used depends on user input. The vulnerability reported by Sucuri was has to do with using user input without escaping it when using this function.
Viewing 2 posts - 1 through 2 (of 2 total)
The topic ‘add_query_arg XSS’ is closed to new replies.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users