Title: Secure Custom Fields plugin Last modified: October 21, 2024 --- # Secure Custom Fields plugin * Resolved [eyed11](https://wordpress.org/support/users/eyed11/) * (@eyed11) * [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/) * I updated the Secure Custom Fields plugin to the latest version, 6.3.6.3, but the warning doesn’t go away after the update. * The latest version on wpvulnerability is 6.3.9, but on Wordfence, it’s 6.3.6.3. * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-custom-fields/advanced-custom-fields-638-secure-custom-fields-6362-authenticated-admin-stored-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-custom-fields/advanced-custom-fields-638-secure-custom-fields-6362-authenticated-admin-stored-cross-site-scripting) Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/) * (@javiercasares) * [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/#post-18084909) * You need to download and install the official maintained ACF plugin from their website. * To fix it, if you were using [Advanced Custom Fields](https://www.advancedcustomfields.com/latest/), it’s better to have the official version from their website and upload manually. Thereafter, the message will disappear. - This reply was modified 1 year, 8 months ago by [Javier Casares](https://wordpress.org/support/users/javiercasares/). * Thread Starter [eyed11](https://wordpress.org/support/users/eyed11/) * (@eyed11) * [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/#post-18085047) * Thank you for your answer. * If I want to use Secure Custom Fields instead of Advanced Custom Fields, will I still be warned? * Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/) * (@javiercasares) * [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/#post-18085069) * Yes. * Plugin Author [Javier Casares](https://wordpress.org/support/users/javiercasares/) * (@javiercasares) * [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/#post-18085320) * _As extra information for futures references._ * There is no official way (WordPress function) to list the plugins / themes, but to detect the slug and know if it’s the local repository or an external one. Using the same slug for SCF (from ACF) creates an incompatibility. * Usually, when that happens, we (in general, the security community) decided to use the WordPress Plugins / Themes repository as the main one, but, when there are external plugins / themes with the same slug and more relevant, we go that way. * In this case, we (WPVulnerability) are going to maintain the versions for the Advanced Custom Fields, as is the maintained version of the plugin. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Secure Custom Fields plugin’ is closed to new replies. * ![](https://ps.w.org/wpvulnerability/assets/icon.svg?rev=3387690) * [WPVulnerability](https://wordpress.org/plugins/wpvulnerability/) * [Frequently Asked Questions](https://wordpress.org/plugins/wpvulnerability/#faq) * [Support Threads](https://wordpress.org/support/plugin/wpvulnerability/) * [Active Topics](https://wordpress.org/support/plugin/wpvulnerability/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wpvulnerability/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wpvulnerability/reviews/) * 5 replies * 2 participants * Last reply from: [Javier Casares](https://wordpress.org/support/users/javiercasares/) * Last activity: [1 year, 8 months ago](https://wordpress.org/support/topic/secure-custom-fields-plugin/#post-18085320) * Status: resolved