Does Advanced Custom Fields: Ninjaforms Add-on have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Custom Fields: Ninjaforms Add-on have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Custom Fields: Ninjaforms Add-on compatible with WordPress 4.8.28?

According to WordPress.org data, Advanced Custom Fields: Ninjaforms Add-on 1.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Advanced Custom Fields: Ninjaforms Add-on updated?

Advanced Custom Fields: Ninjaforms Add-on was last updated on Oct 4, 2017. Frequent updates are generally a positive security signal.

What is Advanced Custom Fields: Ninjaforms Add-on's security score?

Advanced Custom Fields: Ninjaforms Add-on has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Custom Fields: Ninjaforms Add-on Security & Risk Analysis

wordpress.org/plugins/acf-ninjaforms-add-on

Advanced Custom Field with which we can select Ninjaforms.

1K active installs v1.1 PHP + WP 4.6+ Updated Oct 4, 2017

formformsninja-formninja-formsninjaforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced Custom Fields: Ninjaforms Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Custom Fields: Ninjaforms Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The static analysis of acf-ninjaforms-add-on v1.1 reveals a seemingly clean codebase with no identified dangerous functions, SQL injection vulnerabilities, or file operations. Furthermore, the plugin has no recorded vulnerabilities in its history, indicating a strong track record. However, a significant concern arises from the complete lack of output escaping, with 100% of outputs being unescaped. This presents a high risk of cross-site scripting (XSS) vulnerabilities, as malicious data injected by an attacker could be rendered directly in the user's browser without sanitization. While the attack surface is minimal and no critical taint flows were found, the lack of output escaping is a severe oversight that undermines the overall security posture. The absence of nonce and capability checks, while not explicitly flagged as a direct vulnerability in this analysis, also contributes to a less robust security framework, especially if any new entry points were to be introduced in future versions.

Key Concerns

Unescaped output
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Advanced Custom Fields: Ninjaforms Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Advanced Custom Fields: Ninjaforms Add-on Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Attack Surface

Advanced Custom Fields: Ninjaforms Add-on Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionacf/include_field_typesresources\Init.php:18

actionacf/register_fieldsresources\Init.php:19

actionadmin_initresources\Init.php:20

actionadmin_noticesresources\Notices.php:28

actionadmin_noticesresources\Notices.php:29

Maintenance & Trust

Advanced Custom Fields: Ninjaforms Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedOct 4, 2017

PHP min version

Downloads19K

Community Trust

Rating100/100

Number of ratings1

Active installs1K

Alternatives

Advanced Custom Fields: Ninjaforms Add-on Alternatives

Ninja Forms Merge Tag Addon

nf-merge-tag-addon

Add new merge tags for WordPress Ninja Forms. More Tags are coming soon!

40 No CVEs

WPCasa Ninja Forms

wpcasa-ninja-forms

100

Adds support for Ninja Forms 3.0 an above to attach property details to the contact email sent from WPCasa listing pages. Support for Ninja Forms belo …

20 No CVEs

API for Ninja Forms

api-for-ninja-forms

100

A REST API for Ninja Forms that supports JSON and PDF output.

10 No CVEs

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms

cf7-mailchimp

100

Send Contact Form 7, WPforms, Elementor, Ninja Forms, CRM Perks Forms and many other contact form submissions to Mailchimp.

9K 1 CVE

Developer Profile

Advanced Custom Fields: Ninjaforms Add-on Developer Profile

DannyvanHolten

4 plugins · 31K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Custom Fields: Ninjaforms Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/acf-ninjaforms-add-on/resources/css/acf-ninjaforms-field.css/wp-content/plugins/acf-ninjaforms-add-on/resources/js/acf-ninjaforms-field.js

Script Paths

/wp-content/plugins/acf-ninjaforms-add-on/resources/js/acf-ninjaforms-field.js

Version Parameters

acf-ninjaforms-add-on/resources/css/acf-ninjaforms-field.css?ver=acf-ninjaforms-add-on/resources/js/acf-ninjaforms-field.js?ver=

HTML / DOM Fingerprints

FAQ