Advanced Forms for ACF version released

Version is now live for both Advanced Forms and Advanced Forms Pro. This is a small security release and we recommend everyone update to this version.

Form export security enhancements

This release adds some capability and nonce checks to the form JSON export routine to prevent unauthorized export of form structural JSON data. It was discovered that an attacker could utilise the admin-post.php endpoint with the right combination of arguments and a form ID to export the JSON file containing a form’s structure.

Note, form submissions and data submitted via a form were not affected by this vulnerability.

Thanks to the Wordfence team for discovering and reporting this vulnerability on February 2nd and providing a thorough explanation and suggestions.


  • Added capability and nonce checks to prevent unauthorized export of form JSON

About the author

Phil Kurth is a web developer living in Melbourne, Australia. Phil has a long history of WordPress development and enjoys building tools to empower others in their web design/development practice.

When not working with the web, Phil is usually spending time with his two young sons or is out hiking through the Australian bush.

Good dev stuff, delivered.

Product news, tips, and other cool things we make.

We never share your data. Read our Privacy Policy

© 2016 – 2024 Hookturn Digital. All rights reserved.