CVE Daily

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fiel...

Low CVSS 3.4

Overview

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.

CWE: CWE-94 Published: 2025-08-08T05:15:32.317
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 3.4 (LOW)
  • Detected tags: wordpress (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags