Vulnerability Database

300,214

Total vulnerabilities in the database

CVE-2025-54940

An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.

Published: Aug 8, 2025
Updated: Aug 9, 2025
CVE: CVE-2025-54940
Exploit:

No technical information available.

CWEs:

CWE-94

Affected Software
References

No affected software listed.

https://jvn.jp/en/jp/JVN21048820/
https://www.advancedcustomfields.com/blog/acf-6-4-3-security-release/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo