On January 16, 2024, the ACF 6.2.5 security release fixed a security issue whereby the output of the [acf field="[...]"/]
shortcode has its content run through wp_kses()
. This removes all <script>
and <iframe>
tags. However, there are still situations where you may need to echo these tags when you have a site where you're confident you can trust every user on your site with contributor or higher access. Hence, this shortcode allows you to do this.
Retrieves the value of a specified Advanced Custom Field (ACF) based on given attributes.
This function is designed to be used as a shortcode handler for retrieving ACF field values.