WP-Safety

Advanced Custom Fields: Accordion Tab Field Security & Risk Analysis

wordpress.org/plugins/acf-accordion

An accordion field that lets you group multiple fields under accordion tabs. This makes a long ACF form break down with style.

900 active installs v1.1.1 PHP + WP 3.5+ Updated Apr 17, 2016
accordionacfadvanced-custom-fieldsoptionstabs
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Custom Fields: Accordion Tab Field Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Custom Fields: Accordion Tab Field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The acf-accordion v1.1.1 plugin exhibits a generally strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations and external HTTP requests within its core functionality (though two external requests were noted, their context is missing). The vulnerability history is clean, with no recorded CVEs, indicating a lack of publicly known security flaws.

However, there are areas for improvement and potential, albeit unconfirmed, risks. The 27% of output that is not properly escaped could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is reflected without sanitization. The absence of nonce checks and capability checks is a significant concern, as it implies that entry points, if they existed, would not be protected against CSRF or unauthorized access. While the current analysis shows zero entry points, this lack of fundamental security checks is a weakness that could be exploited if the plugin's functionality evolves or if a vulnerability is discovered that creates an entry point. The taint analysis showing zero flows is positive, but this might be due to the limited attack surface or the specific analysis depth.

In conclusion, while acf-accordion v1.1.1 appears to be robust and has a clean vulnerability history, the incomplete output escaping and the complete lack of nonce and capability checks are notable weaknesses. These weaknesses, combined with the lack of demonstrated taint flows, suggest a potentially good but not perfect security implementation. Further analysis of the external HTTP requests and the context of the unescaped output would be beneficial.

Key Concerns

  • Unescaped output detected
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Advanced Custom Fields: Accordion Tab Field Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Advanced Custom Fields: Accordion Tab Field Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

73% escaped11 total outputs
Attack Surface

Advanced Custom Fields: Accordion Tab Field Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionacf/include_field_typesacf-accordion.php:19
actionacf/register_fieldsacf-accordion.php:24
Maintenance & Trust

Advanced Custom Fields: Accordion Tab Field Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedApr 17, 2016
PHP min version
Downloads19K

Community Trust

Rating96/100
Number of ratings5
Active installs900
Alternatives

Advanced Custom Fields: Accordion Tab Field Alternatives

Advanced Custom Fields : CPT Options Pages

Advanced Custom Fields : CPT Options Pages

acf-cpt-options-pages

C
63

Small addon for ACF Options. Adds ACF location for each custom post type. New feature in the major version 2! Important! After update to v2+ you must …

2K 1 unpatched
ACF Tab Merge

ACF Tab Merge

acf-tab-merge

A
85

This plugin merges ACF tabs across field groups into a single tab list.

100 No CVEs
ACF Tab & Accordion Title Icons

ACF Tab & Accordion Title Icons

acf-tab-accordion-title-icons

A
92

Add icons to the titles of ACF Tabs and Accordions

80 No CVEs
ACF Content Analysis for Yoast SEO

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

A
100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
Developer Profile

Advanced Custom Fields: Accordion Tab Field Developer Profile

bogdand

2 plugins · 910 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Custom Fields: Accordion Tab Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-accordion/css/accordion-admin.css/wp-content/plugins/acf-accordion/js/input.js/wp-content/plugins/acf-accordion/css/input.css/wp-content/plugins/acf-accordion/js/select2/select2.min.js/wp-content/plugins/acf-accordion/js/select2/select2.css
Script Paths
/wp-content/plugins/acf-accordion/js/input.js/wp-content/plugins/acf-accordion/js/select2/select2.min.js
Version Parameters
acf-input-accordion?ver=acf-input-accordion?ver=acf-admin-accordion?ver=acf-select2-js?ver=acf-select2-css?ver=

HTML / DOM Fingerprints

CSS Classes
dashicons-beforeaccordiondashiconsselect2-container
Data Attributes
id="accordion-select"
JS Globals
jQueryselect2
Shortcode Output
<h2><span class="dashicons-before
FAQ

Frequently Asked Questions about Advanced Custom Fields: Accordion Tab Field