Home Forums ACF PRO Vulnerability Update (ACF Pro 5.6.2)


Vulnerability Update (ACF Pro 5.6.2)

  • Hi

    I am looking for some kind assistance to point me in the right direction.

    Let me start by saying I know VERY little about WordPress as I do not normally use it.

    However, a while ago I “inherited” a website that runs on WordPress. All was well until recently, when it alerted me that there was a vulnerability with ACF Pro and that it could not be updated. It advised to disable it – but this breaks the website.

    I don’t change the site at all (it works fine as it is) and I am not really sure why I even need ACF? Obviously, I want to rectify any vulnerabilities, but I also want the simplest and cheapest solution to do this.

    Is it easy to remove (or downgrade to free version) ACF Pro but keep the front end functional? Is it possible to patch only the vulnerability without buying a new licence (I don’t need new features or normal bug fixes)?

    Thank you so much for any assistance.

  • Can you give me more information on this vulnerability, I cannot find any information on something specific to 5.6.2.

  • Thanks for replying. I don’t have the details, but I think it said it applied to anything before 5.9.*?

  • There were 2 vulnerabilities corrected in 5.10. They can be seen in the changelog. While there might be a vulnerability, being a problem depends on whether or not the site has subscribers. If I were you I would look at these, they may not be a problem on your site and I would not worry about it and ignore whatever is telling you that there is a problem.

    As far as using the free version of ACF, this depends on whether any fields only available in Pro are used. This includes repeaters, acf blocks, flexible content, options pages, gallery field and clone field. If none of these features is used you can safely use the free version.

  • Thank you so much for this answer, sorry it took me so long to reply.

    It looks like the site uses flexible content on one of the pages and I don’t have the time to change that, so I will have to leave it as it is.

    The site does not have any subscribers and is a very simple static design so, from what you say, it looks like I will be okay to ignore the warning until I have the time to do something with it?

    Thank you again for taking the time to respond.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.