Primary

Context

WordPress Advanced Custom Fields Plugin HTML Injection Vulnerability

Vulnerability

Patched

A vulnerability allowing HTML injection has been identified in the WordPress plugin Advanced Custom Fields, affecting versions prior to 6.4.3. This vulnerability allows crafted HTML to be rendered, potentially tampering with the page display.

Impact

Exploitation of this vulnerability could lead to unauthorized HTML being injected and rendered, allowing for manipulation of the page's appearance.

Remediation

Users are advised to update the Advanced Custom Fields plugin to version 6.4.3 or later.

Added: Aug 8, 2025, 5:19 AM

Updated: Aug 8, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.7

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

1.7

exploitability

4.7

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Advanced Custom Fields Plugin HTML Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WPEngine Advanced Custom Fields

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating