Security researchers warn that the ‘Advanced Custom Fields’ and ‘Advanced Custom Fields Pro’ WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS).
ACF has released a patch, but it can be installed with Cwicly update only. Any chance to get unplanned Cwicly update?