ACF Additional Hint Security & Risk Analysis
wordpress.org/plugins/acf-additional-hintThis plugin enables you to add hint text in ACF field.
Is ACF Additional Hint Safe to Use in 2026?
Generally Safe
Score 85/100ACF Additional Hint has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'acf-additional-hint' plugin version 1.3 presents a mixed security profile. On the positive side, the plugin exhibits no known vulnerabilities (CVEs) and has a minimal attack surface with no registered AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all identified SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, indicating good practices in these areas. Taint analysis also revealed no unsanitized paths or critical/high severity flows.
However, a significant concern arises from the output escaping. With 3 total outputs and 0% properly escaped, this indicates a strong potential for Cross-Site Scripting (XSS) vulnerabilities. If user-supplied data or dynamic content is displayed without proper sanitization, attackers could inject malicious scripts. Additionally, the complete absence of nonce checks and capability checks on any potential (though currently undocumented) entry points means that even if new entry points were to be introduced in the future, they would likely be unprotected, posing a risk of unauthorized actions or access.
In conclusion, while the plugin demonstrates strengths in its limited attack surface, secure SQL practices, and lack of historical vulnerabilities, the critical issue of unescaped output is a major weakness. The absence of nonces and capability checks, while not immediately exploitable due to the current lack of entry points, represents a latent risk. Developers should prioritize addressing the output escaping and consider implementing robust authentication and authorization checks for any future additions to the plugin's functionality.
Key Concerns
- Unescaped output found
- Missing nonce checks
- Missing capability checks
ACF Additional Hint Security Vulnerabilities
ACF Additional Hint Code Analysis
Output Escaping
ACF Additional Hint Attack Surface
WordPress Hooks 3
Maintenance & Trust
ACF Additional Hint Maintenance & Trust
Maintenance Signals
Community Trust
ACF Additional Hint Alternatives
ACF Content Analysis for Yoast SEO
acf-content-analysis-for-yoast-seo
WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.
Advanced Custom Fields: Font Awesome Field
advanced-custom-fields-font-awesome
Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.
Table Field Add-on for ACF and SCF
advanced-custom-fields-table-field
A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.
ACF: Better Search
acf-better-search
This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.
WP All Import – Import Add-On for ACF
csv-xml-import-for-acf
Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …
ACF Additional Hint Developer Profile
20 plugins · 100 total installs
How We Detect ACF Additional Hint
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/acf-additional-hint/css/style.css/wp-content/plugins/acf-additional-hint/js/main.js/wp-content/plugins/acf-additional-hint/js/main.jsacf-additional-hint/css/style.css?ver=acf-additional-hint/js/main.js?ver=HTML / DOM Fingerprints
btn-areabtn-texthint-btnswitch-circlehint-textacf-hint-tooltiphint-icondashicons-editor-help+1 moredata-iddata-key<div class="btn-area">
<span class="btn-text">HELP</span>
<div class="hint-btn" data-id="" data-key="">
<div class="switch-circle"></div>
</div>
</div><div class="hint-text" data-key="