WP-Safety

ACF: Better Search Security & Risk Analysis

wordpress.org/plugins/acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K active installs v4.4.1 PHP 7.0+ WP 5.0+ Updated Dec 8, 2025
acf-searchadvanced-custom-fieldsbetter-searchextended-searchsearch
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 27, 2019
Plugin page Download
Safety Verdict

Is ACF: Better Search Safe to Use in 2026?

Generally Safe

Score 99/100

ACF: Better Search has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 27, 2019Updated 3mo ago
Risk Assessment

The ACF Better Search plugin, version 4.4.1, exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is commendable. Importantly, all SQL queries are prepared, and all detected outputs are properly escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and XSS. The presence of nonce checks also indicates an awareness of security best practices.

However, the taint analysis reveals a potential area of concern: 3 flows with unsanitized paths were identified. While no critical or high severity issues were flagged in the taint analysis, the presence of unsanitized paths, even if not immediately exploitable in this version, warrants attention as it could indicate potential weaknesses in how the plugin handles file or path operations under different conditions or future updates.

The vulnerability history shows a single past CVE, a Cross-Site Request Forgery, which was patched. The fact that there are no currently unpatched CVEs is a positive sign. The plugin has a history of addressing its vulnerabilities, which is a good indicator of maintenance. Overall, ACF Better Search v4.4.1 appears to be a secure plugin with good coding practices, but the identified unsanitized paths in the taint analysis should be monitored for potential future risks.

Key Concerns

  • Flows with unsanitized paths detected
Vulnerabilities
1

ACF: Better Search Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2019-14682high · 8.8Cross-Site Request Forgery (CSRF)

ACF Better Search <= 3.3.0 - Cross-Site Request Forgery

Jun 27, 2019 Patched in 3.3.1 (1671d)
Code Analysis
Analyzed Mar 16, 2026

ACF: Better Search Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
84 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped84 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
save_fields_types (src\Settings\Save.php:35)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ACF: Better Search Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 13
actionadmin_enqueue_scriptssrc\Admin\Assets.php:29
actionadmin_enqueue_scriptssrc\Admin\Assets.php:30
actionadmin_initsrc\Notice\NoticeIntegration.php:33
actionadmin_noticessrc\Notice\NoticeIntegration.php:52
actionnetwork_admin_noticessrc\Notice\NoticeIntegration.php:54
actioninitsrc\Search\Init.php:16
filterposts_joinsrc\Search\Join.php:27
filterpre_get_postssrc\Search\Query.php:16
filterposts_distinctsrc\Search\Request.php:16
filterposts_searchsrc\Search\Where.php:27
actionacf/render_field_settingssrc\Settings\Acf.php:16
filteracfbs_configsrc\Settings\Config.php:30
actionadmin_menusrc\Settings\Page.php:35
Maintenance & Trust

ACF: Better Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 8, 2025
PHP min version7.0
Downloads810K

Community Trust

Rating98/100
Number of ratings164
Active installs40K
Alternatives

ACF: Better Search Alternatives

WP Fast Total Search – The Power of Indexed Search

WP Fast Total Search – The Power of Indexed Search

fulltext-search

A
94

Extends the default fulltext search with relevance, jet speed and ability to search any posts, metadata, taxonomy, shortcode content and more data.

1K 8 CVEs
Relevanssi – A Better Search

Relevanssi – A Better Search

relevanssi

B
82

Relevanssi replaces the default search with a partial-match search that sorts results by relevance. It also indexes comments and shortcode content.

100K 17 CVEs
Ajax Search Lite – Live Search & Filter

Ajax Search Lite – Live Search & Filter

ajax-search-lite

B
83

The Best Ajax Live Search and Filter for WordPress. Live suggestions, Custom Post types, Custom fields, Categories, WooCommerce & Elementor support

80K 11 CVEs
Better Search – Relevant search results for WordPress

Better Search – Relevant search results for WordPress

better-search

B
83

Better Search replaces the default WordPress search with a better search engine that gives contextual results sorted by relevance.

5K 8 CVEs
SearchIQ – The Search Solution

SearchIQ – The Search Solution

searchiq

A
96

Our FREE plugin makes your website’s search fast and more relevant. searchIQ helps you to manage content more effectively with real-time analytics.

1K 7 CVEs
Developer Profile

ACF: Better Search Developer Profile

Mateusz Gbiorczyk

3 plugins · 541K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
962 days
View full developer profile
Detection Fingerprints

How We Detect ACF: Better Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-better-search/assets/build/css/styles.css/wp-content/plugins/acf-better-search/assets/build/js/scripts.js
Script Paths
/wp-content/plugins/acf-better-search/assets/build/js/scripts.js
Version Parameters
acf-better-search/assets/build/css/styles.css?ver=acf-better-search/assets/build/js/scripts.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about ACF: Better Search