diff --git a/acf.php b/acf.php
index 3f40ee17..a7dae29f 100644
--- a/acf.php
+++ b/acf.php
@@ -9,7 +9,7 @@
  * Plugin Name:   Advanced Custom Fields
  * Plugin URI:    https://www.advancedcustomfields.com
  * Description:   Customize WordPress with powerful, professional and intuitive fields.
- * Version:       6.1.7
+ * Version:       6.1.8
  * Author:        WP Engine
  * Author URI:    https://wpengine.com/?utm_source=wordpress.org&utm_medium=referral&utm_campaign=plugin_directory&utm_content=advanced_custom_fields
  * Text Domain:   acf
@@ -33,7 +33,7 @@ class ACF {
 		 *
 		 * @var string
 		 */
-		public $version = '6.1.7';
+		public $version = '6.1.8';
 
 		/**
 		 * The plugin settings array.
diff --git a/includes/post-types/class-acf-post-type.php b/includes/post-types/class-acf-post-type.php
index c2718657..69a0c3d5 100644
--- a/includes/post-types/class-acf-post-type.php
+++ b/includes/post-types/class-acf-post-type.php
@@ -363,6 +363,7 @@ public function get_post_type_args( $post ) {
 			// Make sure any provided labels are strings and not empty.
 			$labels = array_filter( $post['labels'] );
 			$labels = array_map( 'strval', $labels );
+			$labels = array_map( 'esc_html', $labels );
 
 			if ( ! empty( $labels ) ) {
 				$args['labels'] = $labels;
diff --git a/includes/post-types/class-acf-taxonomy.php b/includes/post-types/class-acf-taxonomy.php
index 2a9f69be..afba393e 100644
--- a/includes/post-types/class-acf-taxonomy.php
+++ b/includes/post-types/class-acf-taxonomy.php
@@ -190,10 +190,10 @@ public function get_settings_array() {
 				),
 				'description'            => '',
 				'capabilities'           => array(
-					'manage_terms'    => 'manage_categories',
-					'edit_terms'      => 'manage_categories',
-					'delete_terms'    => 'manage_categories',
-					'assign_terms'    => 'edit_posts',
+					'manage_terms' => 'manage_categories',
+					'edit_terms'   => 'manage_categories',
+					'delete_terms' => 'manage_categories',
+					'assign_terms' => 'edit_posts',
 				),
 				'public'                 => true,
 				'publicly_queryable'     => true,
@@ -309,6 +309,7 @@ public function get_taxonomy_args( $post ) {
 			// Make sure any provided labels are strings and not empty.
 			$labels = array_filter( $post['labels'] );
 			$labels = array_map( 'strval', $labels );
+			$labels = array_map( 'esc_html', $labels );
 
 			if ( ! empty( $labels ) ) {
 				$args['labels'] = $labels;
diff --git a/readme.txt b/readme.txt
index dcdcd29d..d8626f11 100644
--- a/readme.txt
+++ b/readme.txt
@@ -2,9 +2,9 @@
 Contributors: deliciousbrains, wpengine, elliotcondon, mattshaw, lgladdy, antpb, andrewbotz, dalewilliams, polevaultweb
 Tags: acf, fields, custom fields, meta, repeater
 Requires at least: 4.7
-Tested up to: 6.2
+Tested up to: 6.3
 Requires PHP: 5.6
-Stable tag: 6.1.7
+Stable tag: 6.1.8
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
@@ -92,6 +92,11 @@ From your WordPress dashboard
 
 == Changelog ==
 
+= 6.1.8 =
+*Release Date 3rd August 2023*
+
+* Security Fix - This release resolves a stored XSS vulnerability in admin screens with ACF post type and taxonomy labels (Thanks to Satoo Nakano and Ryotaro Imamura)
+
 = 6.1.7 =
 *Release Date 27th June 2023*
 
@@ -114,7 +119,7 @@ From your WordPress dashboard
 = 6.1.6 =
 *Release Date 4th May 2023*
 
-* Security Fix - This release resolves an XSS vulnerability in ACF’s admin pages (Thanks to Rafie Muhammad for the responsible disclosure)
+* Security Fix - This release resolves an XSS vulnerability in ACF's admin pages (Thanks to Rafie Muhammad for the responsible disclosure)
 * Fix - Duplicating fields in a new field group with field setting tabs disabled now behaves correctly
 
 = 6.1.5 =