WordPress custom field plugin bug exposes over 1M sites to XSS attacks
Security researchers warn that the ‘Advanced Custom Fields’ and ‘Advanced Custom Fields Pro’ WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).