Plugin inspection:

Advanced Custom Fields

No issues found

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

We didn't find anything worrying in this plugin. It's probably safe. Read more about this recommendation.


This recommendation applies to version 4.1.6 of this plugin, but the most recent version is 4.4.3. These findings may no longer be correct.


This plugin is of high quality. There are some unescaped outputs in javascript code that could lead to XSS, but these would only be exploitable by an administrator so are not of concern.

Failure criteria

  • Lack of proper output escaping

Read more about our failure criteria.