Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.
[
{
"vendor": "WP Engine",
"product": "Advanced Custom Fields",
"versions": [
{
"version": "versions 6.1.0 to 6.1.7",
"status": "affected"
}
]
},
{
"vendor": "WP Engine",
"product": "Advanced Custom Fields Pro",
"versions": [
{
"version": "versions 6.1.0 to 6.1.7",
"status": "affected"
}
]
}
]