CVE 4.6 MEDIUM

CVE-2025-54940_CVE-2025-54940

August 8, 2025 invoker category_cve
4.6 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N

Description

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.

AI Analysis

An HTML injection vulnerability in the WordPress plugin 'Advanced Custom Fields' prior to version 6.4.3 allows attackers to inject HTML code, potentially altering webpage content.

Basic Information

ID CVE-2025-54940
Source jpcert
Published Aug 8, 2025 at 04:34

Affected Product

Vendor WPEngine, Inc.
Product Advanced Custom Fields
Version prior to 6.4.3
Affected Versions WPEngine, Inc. Advanced Custom Fields prior to 6.4.3

CWE Classification

CWE-94

AI Assessment

AI Severity Medium
Vendor WordPress Community
Product Advanced Custom Fields
Version 6.4.3

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.