Advanced Custom Fields version 6.7.1 is now available. This release contains several security fixes for ACF and ACF PRO, with fixes to the User, Post

Advanced Custom Fields (ACF) version 6.7.1 is a security release addressing multiple vulnerabilities in ACF and ACF PRO. The fixes target AJAX query handling in the User, Post Object, Page Link, and Relationship fields — enforcing role restrictions, search permission validation, and field-configured restrictions for post status, post type, and taxonomy. ACF PRO 6.8.0-beta3 also includes these fixes. All users are urged to update immediately.

ACF 6.7.1 Security Release