cleantalk
Vulnerabilities and Security Researches

Advanced Custom Fields (ACF), CVE-2025-54940

CVE, Research URL

CVE-2025-54940

Home page URL

Security reports for Advanced Custom Fields (ACF)

Application

Advanced Custom Fields (ACF)

Published on
Aug 08, 2025
Research Description
An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
Affected versions
Min -, max 6.4.3.
Status
vulnerable
Previous vulnerability researches
StoreKeeper for WooCommerce (CVE-2025-48148) , Aug 06, 2025
StoreKeeper for WooCommerce (CVE-2025-47687) , May 13, 2025
New vulnerability
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin (CVE-2025-4796) , Aug 09, 2025
Advanced Custom Fields (ACF) (CVE-2025-54940) , Aug 09, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! , Aug 08, 2025
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten – A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025