CVE-2025-54940
CVE-2025-54940
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Affected products
WPEngine, Inc. · Advanced Custom FieldsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →