cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields (ACF), CVE-2025-54940

CVE, Research URL

CVE-2025-54940

Home page URL

Security reports for Advanced Custom Fields (ACF)

Application

Advanced Custom Fields (ACF)

Published on
Aug 08, 2025
Research Description
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
Affected versions
Min -, max 6.4.3.
Status
vulnerable
Previous vulnerability researches
Snow Storm (b9155ea27a956bb6aecadd924fc7ba8cfeaf37c3) , Mar 22, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025
New vulnerability
RentSyst – CRM solution for fleet management (CVE-2025-48152) , Aug 12, 2025
Mosaic Generator (CVE-2025-8621) , Aug 12, 2025
B Slider – Slider for your block editor (CVE-2025-8418) , Aug 12, 2025
AnWP Football Leagues (CVE-2025-8767) , Aug 12, 2025
User Language Switch (CVE-2025-49064) , Aug 12, 2025