Support

Account

Home Forums ACF PRO WordPress.com removed advanced-custom-fields-pro

Solving

WordPress.com removed advanced-custom-fields-pro

    • mattwi

    • April 19, 2021 at 10:55 am

    Hi there,

    We just got the following message from WordPress.com over the weekend,
    Has anyone else had this issue?

    “A recent security scan identified and immediately fixed an issue on your site: https://______.com.au
    WordPress.com found that the advanced-custom-fields-pro plugin contains a vulnerability. In order to protect your site and your visitors, the security system automatically removed the entire extension. Since this may have altered the appearance of your site, we recommend you review your site for changes.
    Our Happiness Engineers are standing by if you have any questions or concerns. Simply reply to this email to get in touch with us!
    Reference _________
    – The WordPress.com Team”

  • Don’t know where the email came from but is is suspect and I would assume phishing.

  • I can confirm this behaviour I just a had a chat with a support tech who said this:

    So the threat was detected on 2021-04-05 and the plugin version was 5.8.13 it seems. It was removed since it had a vulnerability.

    They removed the plugin completely without any notification, so it broke my website

  • Ah, I see now that I look again. wordpress.com.

    I am not familiar with what the vulnerably was in that version but I cannot find any information about it. Elliot might know.

  • Confirmed I have the same issue. WP.com team went ahead and removed the entire plugin completely breaking my website.
    I’m sooo annoyed by what the did without any warning…

  • Hi, ya’ll!

    I’m sorry to hear of the issues reported here and the impact this has had.

    As for the reported removals, please update to the latest version of ACF Pro to prevent this. WordPress.com has built-in security scanning which alerts our team for installations of ACF Pro below 5.9.1.

    This is due to the vulnerability that was reported: https://wpscan.com/vulnerability/d1e9c995-37bd-4952-b88e-945e02e3c83f

    Also, please feel free to contact WordPress.com support for more on this.

    Best,

    Joshua

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them in our Cookie Policy. If you continue to use this site, you consent to our use of cookies.