[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8Zb-b-Ddvy2VnqPYze1eYNhWhH0hSmBdRlnn9xatxrM":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2025-54940","advanced-custom-fields-html-injection","Advanced Custom Fields \u003C= 6.4.2. - HTML Injection","The Advanced Custom Fields (ACF®) plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 6.4.2. This is due to the plugin nor properly neutralizing unsafe HTML. This makes it possible for authenticated attackers, with administrator-level access and above, to inject potentially malicious HTML.","advanced-custom-fields",null,"\u003C=6.4.2","6.4.3","medium",4.1,"CVSS:3.0\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:N\u002FI:L\u002FA:N","Improper Input Validation","2025-08-08 00:00:00","2025-08-25 15:55:47",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0f5a48ec-da62-4a9d-a8a5-30da7b6d23f6?source=api-prod",18]