Hi Support,
I have a CPT called Landing Pages with a mandatory Custom Field of Radio Button - it forces the user to select a contact form shortcode. The option values are specified as 3rd-party [shortcodes] - one each on a separate line. The customer selects the appropriate Radio Button and the form-shortcode is output on the frontend.
However, the recent MB update (5.9.3 – 2024-02-02) broke down these third-party forms.
As an emergency resolution, I have inserted the recommended snippet on youir Changelog page as add_filter( ‘rwmb_meta_shortcode_secure’, ‘__return_false’ );.
The snippet "disables escaping". So, my questoin is - is using this snippet a security issue and if so, is there another way to allow form shortcodes without disabling the new security fix?
Kind regards,
.
