WP-Safety

ACF Media Cluster Security & Risk Analysis

wordpress.org/plugins/acf-media-cluster

ACF Media Cluster is an extension for Advance Custom Fields which adds the feature to add multiple media to post/pages.

10 active installs v1.0.0 PHP + WP 3.6.0+ Updated Nov 2, 2022
acfimagesmediapdfword
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is ACF Media Cluster Safe to Use in 2026?

Generally Safe

Score 85/100

ACF Media Cluster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The acf-media-cluster v1.0.0 plugin exhibits a concerning security posture due to a significant number of unprotected entry points. While the plugin demonstrates good practices by avoiding dangerous functions, performing only prepared SQL queries, and not making external HTTP requests, the lack of authentication checks on three out of four total entry points is a major weakness. This exposes the plugin to potential unauthorized access and manipulation. The taint analysis shows four flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, warrant further investigation as they represent potential avenues for data manipulation if not handled correctly by the application layer. The plugin's vulnerability history is clean, indicating no previously discovered CVEs. This is a positive sign, but it does not negate the risks presented by the current code analysis.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Output escaping is below 70%
  • Missing nonce checks on AJAX
  • Missing capability checks on AJAX
Vulnerabilities
None known

ACF Media Cluster Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ACF Media Cluster Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

ACF Media Cluster Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
28
32 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

53% escaped60 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
acf_mc_cluster_edit_save_field (acf-media-cluster.php:133)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

ACF Media Cluster Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_acf_mc_cluster_field_groupacf-media-cluster.php:125
authwp_ajax_acf_mc_cluster_edit_fieldsacf-media-cluster.php:131
authwp_ajax_acf_mc_cluster_edit_save_fieldacf-media-cluster.php:176

Shortcodes 1

[acf-media-cluster] acf-media-cluster.php:266
WordPress Hooks 8
actionadmin_initacf-media-cluster.php:41
filteracf/media-cluster-edit-fieldsacf-media-cluster.php:42
actionacf/include_field_typesacf-media-cluster.php:53
actionacf/register_fieldsacf-media-cluster.php:54
actionsave_postacf-media-cluster.php:118
actionsave_postacf-media-cluster.php:120
actionwp_footeracf-media-cluster.php:259
actioninitacf-media-cluster.php:264
Maintenance & Trust

ACF Media Cluster Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedNov 2, 2022
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

ACF Media Cluster Alternatives

Media Carousel ACF Field

Media Carousel ACF Field

media-carousel-acf-field

A
92

Displays images and videos in a carousel fetched from Advanced Custom Fields (ACF).

0 No CVEs
ACF Galerie 4

ACF Galerie 4

acf-galerie-4

A
99

Enhance your WordPress website with ACF Galerie 4, a powerful and customizable gallery plugin.

1K 1 CVE
WP Image Importer

WP Image Importer

wp-image-importer

A
85

WP Image Importer plugin allows you to easily insert image into your wordpress post from facebook, flickr and pixabay

30 No CVEs
ACF My Media Cluster

ACF My Media Cluster

acf-my-media-cluster

A
100

ACF My Media Cluster is an extension for the Advance Custom Fields plugin, which adds the ability to create groups of media files for download on a pa …

0 No CVEs
FileBird – WordPress Media Library Folders & File Manager

FileBird – WordPress Media Library Folders & File Manager

filebird

A
89

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs
Developer Profile

ACF Media Cluster Developer Profile

Navneil Naicker

5 plugins · 61K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
194 days
View full developer profile
Detection Fingerprints

How We Detect ACF Media Cluster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-media-cluster/assets/css/acf-media-cluster.css/wp-content/plugins/acf-media-cluster/assets/js/acf-media-cluster.js
Script Paths
/wp-content/plugins/acf-media-cluster/assets/js/acf-media-cluster.js
Version Parameters
acf-media-cluster.css?ver=acf-media-cluster.js?ver=

HTML / DOM Fingerprints

CSS Classes
acf-mc-sc-outputacf-mc-sc-output-rowacf-mc-sc-output-titleacf-mc-sc-output-captionacf-mc-sc-output-download
Data Attributes
data-acf-mc-field-key
JS Globals
acf_media_cluster_optsacf_mc_cluster_edit_save_field_ajax
REST Endpoints
/wp-json/acf/v1/media-cluster-edit-fields/wp-json/acf/v1/acf_mc_cluster_field_group/wp-json/acf/v1/acf_mc_cluster_edit_fields/wp-json/acf/v1/acf_mc_cluster_edit_save_field
Shortcode Output
<div class="acf-mc-sc-output<thead class="acf-mc-sc-output-row"><th class="acf-mc-sc-output-title">Title</th><th class="acf-mc-sc-output-caption">Caption</th>
FAQ

Frequently Asked Questions about ACF Media Cluster