Does ACF For Gridsome have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ACF For Gridsome compatible with PHP 7.2+?

ACF For Gridsome requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ACF For Gridsome updated?

ACF For Gridsome was last updated on Jun 10, 2020. Frequent updates are generally a positive security signal.

What is ACF For Gridsome's security score?

ACF For Gridsome has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ACF For Gridsome Security & Risk Analysis

wordpress.org/plugins/acf-for-gridsome

Using with gridsome source worpdress https://gridsome.org/plugins/@gridsome/source-wordpress Use for custom acf fields get to rest api neccessery pl …

0 active installs v0.5 PHP 7.2+ WP 5.1+ Updated Jun 10, 2020

acfacf-rest-apigridsome

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ACF For Gridsome Safe to Use in 2026?

Generally Safe

Score 85/100

ACF For Gridsome has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The acf-for-gridsome plugin v0.5 exhibits a concerning security posture due to several critical weaknesses identified in the static analysis. While the plugin shows strength in avoiding dangerous functions and utilizing prepared statements for its SQL queries (though none are present), its handling of entry points is a significant drawback. The presence of a single unprotected REST API route represents a direct attack vector that could be exploited by unauthenticated users.

Furthermore, the complete lack of output escaping is a major red flag. This means that any data processed or displayed by the plugin could potentially be vulnerable to Cross-Site Scripting (XSS) attacks, allowing malicious actors to inject arbitrary code into web pages. The absence of nonce and capability checks further exacerbates these risks, as there are no built-in mechanisms to verify user permissions or prevent Cross-Site Request Forgery (CSRF) attacks. The plugin's vulnerability history being clean is a positive sign, but it does not mitigate the immediate risks presented by the current code's insecure practices.

In conclusion, while the plugin's SQL hygiene and lack of bundled libraries are commendable, the unprotected REST API route and universal lack of output escaping pose substantial security risks. These issues significantly outweigh the positive aspects, making the plugin vulnerable to common web attacks.

Key Concerns

Unprotected REST API route
No output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

ACF For Gridsome Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ACF For Gridsome Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

ACF For Gridsome Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

1 unprotected

ACF For Gridsome Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/acf-gridsome/v1/gridsomeindex.php:150

WordPress Hooks 6

filteracf/format_valueindex.php:10

filteracf/format_value/type=selectindex.php:27

filteracf/format_value/type=relationshipindex.php:35

filterrest_prepare_akillisaatindex.php:98

actionrest_api_initindex.php:100

actionrest_api_initindex.php:149

Maintenance & Trust

ACF For Gridsome Maintenance & Trust

Maintenance Signals

WordPress version tested

Last updatedJun 10, 2020

PHP min version7.2

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

ACF For Gridsome Alternatives

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 10 CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 5 CVEs

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE

ACF Photo Gallery Field

navz-photo-gallery

A lightweight extension of Advanced Custom Field (ACF) that adds Photo Gallery field to any post/pages on your WordPress website.

60K 4 CVEs

Developer Profile

ACF For Gridsome Developer Profile

Fuat POYRAZ

3 plugins · 80 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ACF For Gridsome

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

/acf-for-gridsome/style.css?ver=0.5/acf-for-gridsome/script.js?ver=0.5

HTML / DOM Fingerprints

REST Endpoints

/wp-json/acf-gridsome/v1/gridsome

FAQ