Good morning,
I need some help please. iThemes Security keeps showing me the following messages:
Known vulnerabilities
Advanced Custom Field Pro < 5.9.1 – Authenticated Reflected Cross-Site Scripting (XSS)
Advanced Custom Fields < 5.11 – Subscriber+ Arbitrary ACF Data/Field Groups View and Fields Move
Advanced Custom Fields < 5.12.1 – Contributor+ Database Information Access
Advanced Custom Fields 5.0-5.12.2 – Unauthenticated File Upload
Can I do something about it?
Thanks for the help and best regards Carsten
As long as you have version installed grader then 5.11 you should be fine, if you have one of those versions installed then you should update.
I am currently using version 5.6.10. However, no update is displayed in WordPress either. Can you please help me?
Best regards Carsten
are you using the pro of free version. If you are using the pro version you’ll need have, or purchase, a valid key to get updates.
Good morning,
According to the admin area, the Pro version is used because it is included with my theme. But I’m not sure if functions of the Pro are used at all. What can I do now?
Best regards Carsten
If pro is included in the theme then its features are probably required. You will either need to contact the developer for an update to the theme or you will have to buy a license and install it separately. If the developer did it correctly when you install the plugin on the site normally it should override the plugin in the theme. But you should still contact the developer of the theme because there isn’t any way to know if the theme will be compatible. You should probably contact theme and see if there is an updated theme available.
Thanks for the detailed answer. I spoke to the theme developer. Unfortunately there are plugin updates when a theme update is deployed. But I can’t update the theme.
Do I maybe have another option?
Best regards Carsten
You can purchase a license for ACF pro and install the plugin.
