CVE-2025-54940

CVSS v3.1

3.4

Low

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields versions prior to 6.4.3

Description An HTML injection issue exists in the Advanced Custom Fields plugin. Exploitation of this issue may allow crafted HTML code to be rendered, potentially tampering with page display.

Recommendations Update Advanced Custom Fields to version 6.4.3 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-54940

Affected Products

Advanced Custom Fields Pro

CVE-2025-54940

Weakness Enumeration

Related Identifiers

Affected Products

References · 7