Forum: Too Lazy BBS

ACF plugin bug gives hackers admin on 50,000 WordPress sites

From BleepingComputer to All on Tue Jan 20 18:33:50 2026

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. [...]

https://www.bleepingcomputer.com/news/security/acf-plugin-bug-gives-hackers-admin-on-50-000-wordpress-sites/