CVE-2026-25470
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk33th percentile — higher than 33% of all known CVEs
Summary
The ACPT (Pro) - Custom Post Types Plugin for WordPress has a vulnerability due to improper control of code generation, allowing for remote code injection.
Risk Assessment
An attacker could exploit this vulnerability to execute code remotely on the server, potentially leading to serious security breaches.
Recommendation
It is recommended to update the ACPT (Pro) plugin to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT (Pro) - Custom Post Types Plugin for WordPress: from n/a through 2.0.47.

