Volerion logoVolerion
Volerion logoVolerion

WP Engine Advanced Custom Fields PRO Code Injection Vulnerability

Vulnerability

A code injection vulnerability allowing arbitrary code execution has been identified in the WP Engine Advanced Custom Fields PRO plugin, affecting versions prior to 6.2.10. This vulnerability arises from improper control over code generation, which could be exploited by contributors to execute malicious code remotely.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected WordPress site.

Remediation

Users of the Advanced Custom Fields PRO WordPress plugin should update to version 6.2.10 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: May 15, 2026, 9:33 AM
Updated: May 15, 2026, 9:33 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
10.0
exploitability
4.7
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.