WP-Safety

Advanced Custom Fields: CommonMark Field Security & Risk Analysis

wordpress.org/plugins/acf-commonmark

Markdown (CommonMark) field for Advanced Custom Fields

10 active installs v1.0.11 PHP 5.3+ WP 4.9.0+ Updated Jul 12, 2018
acfadvanced-custom-fieldsmarkdown
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Custom Fields: CommonMark Field Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Custom Fields: CommonMark Field has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The acf-commonmark plugin version 1.0.11 exhibits a strong security posture based on the static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code analysis reveals no dangerous functions, all SQL queries use prepared statements, and there are no external HTTP requests or critical taint flows. This indicates a conscientious development approach towards secure coding practices.

However, the analysis does highlight areas for improvement. With only 33% of output properly escaped, there is a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not consistently sanitized before being displayed. The plugin also performs file operations, which, while not inherently insecure, can become a vector for attack if not handled with extreme care. The lack of documented vulnerabilities in its history is a positive sign, suggesting a stable and well-maintained codebase, but this should not lead to complacency.

In conclusion, acf-commonmark appears to be a secure plugin with a minimal attack surface and good SQL handling. The primary concern lies in the incomplete output escaping, which requires further investigation and remediation to mitigate potential XSS risks. The file operations should also be scrutinized for proper sanitization and validation.

Key Concerns

  • Low percentage of properly escaped output
  • Presence of file operations
Vulnerabilities
None known

Advanced Custom Fields: CommonMark Field Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Advanced Custom Fields: CommonMark Field Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

33% escaped6 total outputs
Attack Surface

Advanced Custom Fields: CommonMark Field Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionacf/include_field_typesacf-commonmark.php:52
Maintenance & Trust

Advanced Custom Fields: CommonMark Field Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJul 12, 2018
PHP min version5.3
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Advanced Custom Fields: CommonMark Field Alternatives

ACF Content Analysis for Yoast SEO

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

A
100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
Table Field Add-on for ACF and SCF

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A
98

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs
ACF: Better Search

ACF: Better Search

acf-better-search

A
99

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE
WP All Import – Import Add-On for ACF

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

A
100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …

40K No CVEs
Developer Profile

Advanced Custom Fields: CommonMark Field Developer Profile

joppuyo

6 plugins · 30K total installs

90
trust score
Avg Security Score
94/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Custom Fields: CommonMark Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-commonmark/assets/dist/script.js/wp-content/plugins/acf-commonmark/assets/dist/style.css
Script Paths
/wp-content/plugins/acf-commonmark/assets/dist/script.js
Version Parameters
acf-commonmark/assets/dist/style.css?ver=acf-commonmark/assets/dist/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
js-acf-field-commonmarkacf-field-commonmark__code-tabacf-field-commonmark__tab-containeracf-field-commonmark__tabacf-field-commonmark__tab--activeacf-field-commonmark__tab--lastacf-field-commonmark__spaceracf-field-commonmark__textarea+6 more
Data Attributes
data-targetdata-title
JS Globals
acf.add_filter
FAQ

Frequently Asked Questions about Advanced Custom Fields: CommonMark Field