Hi,
regarding this discovery https://0x62626262.wordpress.com/2016/05/01/advanced-custom-fields-auth-xss-vulnerability/ this fix should be on “To do list for version 5.0”.
But afaik there was no fix – at least there is no mention in the changelog.
Does anyone have more information on this topic?
thanks
Klaus
Hi @klausb
Looking at ACF Pro this is completely different now.
The file no longer exists and everything is generated through internal acf functions.