CVE-2025-54940

Summary

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.

Affected Software

VendorProductVersion RangeStatus
WPEngine, Inc.Advanced Custom Fieldsprior to 6.4.3affected

Weaknesses

  • CWE-94: Code injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References