CVE-2025-54940

CVSS 4.6 MEDIUMEPSS 0.2%CWE-94

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Produtos afetados

WPEngine, Inc. · Advanced Custom Fields

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://jvn.jp/en/jp/JVN21048820/https://www.advancedcustomfields.com/blog/acf-6-4-3-security-release/