Critical WordPress Plugin Vulnerability Unleashed; Exploits Already Underway

Website security and monitoring platform Patchstack has recently disclosed a significant vulnerability in Advanced Custom Fields, a popular WordPress plugin. The flaw was made public on May 5 and came equipped with a Proof of Concept (PoC) exploit, highlighting the severity of the issue. The vulnerability, tracked as CVE-2023-30777 [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30777], is a critical reflected cross-site scripting (XSS) flaw that lets unauthenticated attackers steal se