CVE-2025-13486 | Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress prepare_form Remote Code Execution

A vulnerability described as critical has been identified in Advanced Custom Fields Plugin up to 0.9.1.1 on WordPress. Affected by this vulnerability is the function prepare_form. Such manipulation leads to Remote Code Execution.

This vulnerability is documented as CVE-2025-13486. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More