PT-2025-43308 · WordPress · Advanced Custom Fields : Cpt Options Pages

Najib Sinjari

Published

2025-10-22

Updated

2025-10-22

CVE-2025-60208

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Advanced Custom Fields : CPT Options Pages versions through 2.0.9

Description A Cross-Site Request Forgery (CSRF) issue exists in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages that allows Object Injection. This impacts the application’s ability to securely handle requests, potentially allowing an attacker to perform actions on behalf of an authenticated user without their knowledge.

Recommendations Update Advanced Custom Fields : CPT Options Pages to a version later than 2.0.9.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-60208

Affected Products

Advanced Custom Fields : Cpt Options Pages

PT-2025-43308 · WordPress · Advanced Custom Fields : Cpt Options Pages

CVE-2025-60208

Weakness Enumeration

Related Identifiers

Affected Products

References · 5