PatchSiren

ACPT CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL ACPT CVE published 2026-06-17

CVE-2026-25470

The ACPT (Pro) - Custom Post Types Plugin for WordPress has a Code Injection vulnerability, allowing remote code inclusion due to improper control of code generation. This issue affects versions from n/a through 2.0.47. Users of affected versions should apply patches or upgrade to fixed versions. The vulnerability has a critical severity score of 10 and is considered high priority due to the risk of remot [truncated]