WP-Safety

ACF Booster Security & Risk Analysis

wordpress.org/plugins/acf-booster

"ACF Booster" is a plugin which boosts up the functionality of Advanced Custom Fields.

0 active installs v1.0 PHP 7.1.23+ WP 4.9+ Updated Jan 10, 2020
acfacf-countercustom-fields
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is ACF Booster Safe to Use in 2026?

Generally Safe

Score 85/100

ACF Booster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The ACF Booster v1.0 plugin presents a significant security risk due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas, such as using prepared statements for SQL queries and having no recorded vulnerabilities, the absence of authentication checks on two AJAX handlers creates a substantial attack surface. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or data manipulation if the logic within these handlers is not robustly secured. The taint analysis also indicates flows with unsanitized paths, though currently assessed as not critical or high severity, this warrants attention in conjunction with the unprotected entry points. The lack of nonce checks and capability checks on these AJAX handlers further exacerbates the risk, leaving them vulnerable to CSRF attacks and privilege escalation if not properly handled. Overall, the plugin has strengths in its SQL handling and lack of historical vulnerabilities, but the unprotected AJAX endpoints are a critical weakness that needs immediate attention.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without nonce checks
  • AJAX handlers without capability checks
  • Taint flows with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

ACF Booster Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

ACF Booster Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

20% escaped5 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
check_words (acf-booster.php:164)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

ACF Booster Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_check_wordsacf-booster.php:35
noprivwp_ajax_check_wordsacf-booster.php:36
WordPress Hooks 10
actionplugins_loadedacf-booster.php:27
actionacf/render_field_settings/type=textareaacf-booster.php:29
actionacf/render_field_settings/type=textacf-booster.php:30
actionacf/field_group/admin_enqueue_scriptsacf-booster.php:32
actionacf/input/admin_enqueue_scriptsacf-booster.php:33
actionacf/validate_value/type=textacf-booster.php:38
actionacf/validate_value/type=textareaacf-booster.php:39
actionacf/render_field/type=textacf-input-counter.php:10
actionacf/render_field/type=textareaacf-input-counter.php:11
actionacf/initbooster-load.php:5
Maintenance & Trust

ACF Booster Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedJan 10, 2020
PHP min version7.1.23
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

ACF Booster Alternatives

Advanced Custom Fields (ACF®)

Advanced Custom Fields (ACF®)

advanced-custom-fields

A
93

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs
ACF Content Analysis for Yoast SEO

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

A
100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs
Advanced Custom Fields: Extended

Advanced Custom Fields: Extended

acf-extended

B
84

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 4 CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
Table Field Add-on for ACF and SCF

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A
98

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs
Developer Profile

ACF Booster Developer Profile

PRESSMAN

20 plugins · 100 total installs

87
trust score
Avg Security Score
90/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ACF Booster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-booster/acf-counter.css/wp-content/plugins/acf-booster/js/acf-input-counter.js/wp-content/plugins/acf-booster/js/acf-word-check.js/wp-content/plugins/acf-booster/js/render-counter-setting.js/wp-content/plugins/acf-booster/js/render-ngword-setting.js
Script Paths
js/acf-input-counter.jsjs/acf-word-check.jsjs/render-counter-setting.jsjs/render-ngword-setting.js
Version Parameters
acf-input-counter.js?ver=acf-counter.css?ver=acf-word-check.js?ver=render-ngword-setting.js?ver=render-counter-setting.js?ver=

HTML / DOM Fingerprints

Data Attributes
name="ng-type-select"name="unique_ng_word"name="show_count"
REST Endpoints
/wp-json/acf-booster/check_words
FAQ

Frequently Asked Questions about ACF Booster