Plugin inspection:

Advanced Custom Fields: Table Field

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


The version of this plugin that this recommendation was based on is known to be vulnerable to attack:

This recommendation applies to version 1.1.12 of this plugin, but the most recent version is 1.3.22. These findings may no longer be correct.


  • Does not escape content correctly.

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • Does not escape content before outputting it meaning that a less privileged user can inject JavaScript into a field and it will be executed by any other users that visit the page the field is on. See advisory.

Failure criteria

  • Lack of proper output escaping

Read more about our failure criteria.