An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display may be tampered.
https://www.advancedcustomfields.com/blog/acf-6-4-3-security-release/
Published: 2025-08-08
Updated: 2025-08-08
Base Score: 3.3
Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:N
Severity: Low
Base Score: 3.4
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
Severity: Low
Base Score: 4.6
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Severity: Medium
EPSS: 0.0003