The latest version of ACF is a security release that fixes an insecurity with how unsafe HTML is escaped in their shortcode. Many of our customers use ACF and ACF Pro in their websites so it’s been necessary to take special care that any theme incompatibilities are fixed as they crop up before the next few versions break the sites.

In practice, this means:

1. Upgrading to 6.2.5
2. Checking the site dashboard for an ACF notification that upgrading might break the site.
3. Assessing whether the update will break the site and take action if needed.
4. Updating the theme if required.
5. Updating the plugin to 6.2.7 (expected February 2024)
6. Manually testing the site homepage and subpages work.
7. Dealing with any unforeseen issues that may come up with legacy code through our support system.

Most of our customers are not using ACF fields for iframes or scripts thankfully, but it’s still a good idea to check things over BEFORE they break. Predicting issues is the only way to avoid them, all part of what we do here for customers. Read more about the changes here.

Author Info: Lisa Karvonen

Lissu is a full-stack developer who started working in WordPress in 2003. Since then she has coded plugins, themes and applications for companies and organizations in both WordPress and Multisite as well as other PHP/MySQL applications.

She started developing the WP-Ensure platform in 2017 as a response to customer site attacks and has been steadily improving and growing the company and platform since then.

She's originally from Scotland but lives in Finland with her husband, son, two dogs, two cats and a reef tank.