## https://sploitus.com/exploit?id=66BF8631-36CD-538B-B1B1-E11B8C61AD67
# CVE-2025-13486
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function.