PT-2025-37120

The Ultimate Classified Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save custom fields function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access...

WordPress ACF Recent Posts Widget plugin <= 5.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin ACF Recent Posts Widget versions = 5.9.3...

WordPress Advanced Custom Fields Pro Plugin < 6.4.3 HTML Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfieldspro"; if descriptio...

WordPress Advanced Custom Fields Plugin < 6.4.3 HTML Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:advancedcustomfields:advancedcustomfields"; if description...

WordPress Advanced Custom Fields Plugin HTML Injection Vulnerability

WordPress Advanced Custom Fields Plugin is a powerful custom fields plugin for WordPress that allows you to add many types of custom fields such as images, checkboxes, files, text, etc. to posts, pages, categories, users, and other objects, and supports exporting to XML or PHP code, and can be...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Overview Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection WE-94 - CVE-2025-54940 Shogo Kumamaru of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

Summary of CVE-2025-54940 : A HTML injection vulnerability exists in WordPress plugin Advanced Custom Fields prior to version 6.4.3 . Attackers may have crafted HTML that is rendered, potentially tampering with page display. This vulnerability is evidenced across multiple feeds (NVD, RH, JVN, CNV...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered...

WordPress plugin Advanced Custom Fields 代码注入漏洞

WordPress Advanced Custom Fields Plugin is a powerful custom fields plugin for WordPress that allows you to add many types of custom fields such as images, checkboxes, files, text, etc. to posts, pages, categories, users, and other objects, and supports exporting to XML or PHP code, and can be...

PT-2025-32344 · WordPress · Advanced Custom Fields Pro

Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions prior to 6.4.3 Description: An HTML injection issue exists in the Advanced Custom Fields plugin. Exploitation of this issue may allow crafted HTML code to be rendered, potentially tampering with page display...

PT-2025-109: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to bypass access‑control in the Custom Fields module, performing actions not permitted for their role. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

JVN#21048820: WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection

Advanced Custom Fields provided by WPEngine, Inc. contains the following vulnerability. HTML injection CWE-94 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N Base Score 4.6 CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N Base Score 3.4 CVE-2025-54940 Impact Crafted HTML code may be...

CVE-2012-10025

The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...

CVE-2012-10025 WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion

The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...

CVE-2012-10025 WordPress Plugin Advanced Custom Fields <= 3.5.1 Remote File Inclusion

The WordPress plugin Advanced Custom Fields ACF version 3.5.1 and below contains a remote file inclusion RFI vulnerability in core/actions/export.php. When the PHP configuration directive allowurlinclude is enabled default: Off, an unauthenticated attacker can exploit the acfabspath POST paramete...

CVE-2012-10025

The CVE-2012-10025 entry concerns the WordPress plugin Advanced Custom Fields (ACF)

WordPress plugin Advanced Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...