Custom Field Value Exposure Through Parsed Shortcode from User Input vulnerability discovered by Juan Hoffmann in WordPress Advanced Custom Fields plugin (versions 3.1.1 - 6.0.2).
Update the WordPress Advanced Custom Fields plugin to the latest available version (at least 6.0.3).