Advanced Custom Fields Pro - WordPress Plugin v6.8.0 Nulled

Advanced Custom Fields Pro v6.4.3 - WordPress Plugin
v6.4.3
Release Date 22nd July 2025

• Security - Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor
• Security - HTML is now escaped from field group labels when output in the ACF admin
• Security - Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles
• Security - The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour
• Security - Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure
• Security - An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4

Advanced Custom Fields Pro v6.4.2 - WordPress Plugin
= v6.4.2 = Release Date 20th May 2025
* New - In ACF PRO, fields can now be added to WooCommerce Subscriptions when using HPOS
* Security - Changing a field type no longer enables the "Allow Access to Value in Editor UI" setting
* Fix - Paginated Repeater fields no longer save duplicate values when saving to a WooCommerce Order with HPOS disabled
* Fix - Blocks registered via acf_register_block_type() with a `parent` value of `null` no longer fail to register

Advanced Custom Fields Pro v6.4.1 - WordPress Plugin
= v6.4.1 = Release Date 8th May 2025
* New - Select fields can now be configured to allow creating new options when editing the field's value (requires the "Stylized UI" and "Multiple" field settings to be enabled)
* Enhancement - The "Escaped HTML" warning notice [introduced in ACF 6.2.5](https://www.advancedcustomfields.com/blog/acf-6-2-5-security-release/) is now disabled by default
* Enhancement - The Icon Picker field now supports supplying an array of icons to a custom tab via a new `acf/fields/icon_picker/{tab_name}/icons` filter
* Fix - ACF Blocks are now forced into preview mode when editing a synced pattern
* Fix - The free ACF plugin once again works with the Classic Widgets plugin and the legacy ACF Options Page addon
* Fix - ACF no longer causes an infinite loop in bbPress when editing replies

Advanced Custom Fields Pro v6.3.12 - WordPress Plugin
= 6.3.12 =
*Release Date 21st January 2025*

* Enhancement - Error messages that occur when field validation fails due an insufficient security nonce now have additional context
* Fix - Duplicated ACF blocks no longer lose their field values after the initial save when block preloading is enabled
* Fix - ACF Blocks containing complex field types now behave correctly when React StrictMode is enabled

• Enhancement - Field Group keys are now copyable on click
• Fix - Repeater tables with fields hidden by conditional logic now render correctly
• Fix - ACF Blocks now behave correctly in React StrictMode
• Fix - Edit mode is no longer available to ACF Blocks with an WordPress Block API version of 3 as field editing is not supported in the iframe

• Security - Setting a metabox callback for custom post types and taxonomies now requires being an admin, or super admin for multisite installs
• Security - Field specific ACF nonces are now prefixed, resolving an issue where third party nonces could be treated as valid for AJAX calls
• Enhancement - A new “Close and Add Field” option is now available when editing a field group, inserting a new field inline after the field being edited
• Enhancement - ACF and ACF PRO now share the same plugin updater for improved reliability and performance
• Fix - Exporting post types and taxonomies containing metabox callbacks now correctly exports the user defined callback

• Security - Editing an ACF Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure
• Security - Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.8 further
• Fix - ACF fields now correctly validate when used in the block editor and attached to the sidebar

• Security - ACF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure)

• Security - ACF Free now uses its own update mechanism from WP Engine servers

• Security - Newly added fields now have to be explicitly set to allow access in the content editor (when using the ACF shortcode or Block Bindings) to increase the security around field permissions.
  You do not have permission to view link please Log in or Register
• Security Fix - Field labels are now correctly escaped when rendered in the Field Group editor, to prevent a potential XSS issue. Thanks to Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. for the responsible disclosure
• Fix - Validation and Block AJAX requests nonces will no longer be overridden by third party plugins
• Fix - Detection of third party select2 libraries will now default to v4 rather than v3
• Fix - Block previews will now display an error if the render template PHP file is not found