cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields (ACF), CVE-2025-54940

CVE, Research URL

CVE-2025-54940

Home page URL

Security reports for Advanced Custom Fields (ACF)

Application

Advanced Custom Fields (ACF)

Published on
Aug 08, 2025
Research Description
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
Affected versions
Min -, max 6.4.3.
Status
vulnerable
Previous vulnerability researches
Blogger Buzz (CVE-2025-54680) , Aug 02, 2025
Blogger Buzz (115f6bdb0e5c21979d308193f82caf8fb7388640) , Jun 11, 2024
Blogger Buzz (CVE-2023-30476) , Jun 10, 2024
New vulnerability
Visit Counter (CVE-2025-49065) , Aug 10, 2025
OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) (CVE-2025-6572) , Aug 09, 2025
Prevent files / folders access (CVE-2025-53561) , Aug 09, 2025
Porn Videos Embed (CVE-2025-49061) , Aug 09, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-4796) , Aug 09, 2025