A vulnerability was found in justinkruit Advanced Custom Fields Plugin up to 5.0.2 on WordPress and classified as problematic . This vulnerability affects the function update_preview . The manipulation results in cross site scripting. This vulnerability was named CVE-2026-6415 . The attack may be performed from remote. There is no available exploit.