WP-Safety

ACF Onyx Poll Security & Risk Analysis

wordpress.org/plugins/acf-onyx-poll

Create polls widgets, blocks and modals based on regular Wordpress and acf (advanced custom fields) functionalities.

90 active installs v1.2.0 PHP 7.0+ WP 4.7+ Updated Jun 11, 2025
acfaoponyxpollpolls
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 12, 2025
Plugin page Download
Safety Verdict

Is ACF Onyx Poll Safe to Use in 2026?

Generally Safe

Score 99/100

ACF Onyx Poll has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 12, 2025Updated 9mo ago
Risk Assessment

The acf-onyx-poll v1.2.0 plugin exhibits a generally positive security posture due to its use of prepared statements for all SQL queries and the absence of dangerous functions or file operations. However, a significant concern arises from the low rate of proper output escaping (45%), indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by its vulnerability history, which includes a past medium-severity XSS vulnerability. The plugin has no unpatched CVEs currently, which is a strength, but the consistent pattern of XSS suggests an ongoing weakness in how user-provided data is handled before being displayed to users. While the attack surface is small and protected, the lack of comprehensive output escaping is a critical oversight that could be exploited.

Key Concerns

  • Low rate of output escaping
  • Past medium severity XSS vulnerability
  • No nonce checks on entry points
Vulnerabilities
1

ACF Onyx Poll Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-5841medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter

Jun 12, 2025 Patched in 1.2.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

ACF Onyx Poll Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
9 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

45% escaped20 total outputs
Attack Surface

ACF Onyx Poll Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[onyx-poll] onyx-poll.php:167
WordPress Hooks 16
actionacf/initadmin\poll-block.php:10
actionadmin_footeradmin\poll-block.php:21
filteracf/fields/post_object/result/key=field_5ed174c6b5a8fadmin\poll-block.php:31
filteracf/fields/post_object/quer/key=field_5ed174c6b5a8fadmin\poll-block.php:38
actionpre_get_postsadmin\poll-type.php:40
actioninitadmin\poll-type.php:203
actionwidgets_initadmin\poll-widget.php:144
actionrest_api_initapi\poll-api.php:36
actioninitapi\poll-api.php:255
actionadmin_initonyx-poll.php:119
actionadmin_noticesonyx-poll.php:121
actionacf/initonyx-poll.php:133
actionwp_footeronyx-poll.php:155
actionadmin_headonyx-poll.php:158
actionwp_footeronyx-poll.php:159
actiononyx-poll-crononyx-poll.php:170

Scheduled Events 1

onyx-poll-cron
Maintenance & Trust

ACF Onyx Poll Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 11, 2025
PHP min version7.0
Downloads6K

Community Trust

Rating100/100
Number of ratings4
Active installs90
Alternatives

ACF Onyx Poll Alternatives

Crowdsignal Forms

Crowdsignal Forms

crowdsignal-forms

A
99

The Crowdsignal Forms plugin allows you to create and manage polls right from within the block editor.

100K 1 CVE
Crowdsignal Dashboard – Polls, Surveys & more

Crowdsignal Dashboard – Polls, Surveys & more

polldaddy

A
96

Manage your Crowdsignal polls, surveys, quizzes, and ratings directly from the WordPress dashboard.

100K 9 CVEs
WP-Polls

WP-Polls

wp-polls

B
84

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.

40K 6 CVEs
YOP Poll

YOP Poll

yop-poll

A
92

Use a full option polling solution to get the answers you need. YOP Poll is the perfect, easy to use poll plugin for your WordPress site.

10K 14 CVEs
Democracy Poll

Democracy Poll

democracy-poll

B
75

WordPress polls plugin with multiple-choice, custom answers, cache compatibility, widgets, and shortcodes.

7K 1 unpatched
Developer Profile

ACF Onyx Poll Developer Profile

andremacola

1 plugin · 90 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect ACF Onyx Poll

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-onyx-poll/assets/css/admin.min.css/wp-content/plugins/acf-onyx-poll/assets/js/onyx-poll.min.js/wp-content/plugins/acf-onyx-poll/assets/css/onyx-poll.min.css
Script Paths
assets/js/onyx-poll.min.js
Version Parameters
acf-onyx-poll/assets/css/admin.min.css?ver=acf-onyx-poll/assets/js/onyx-poll.min.js?ver=acf-onyx-poll/assets/css/onyx-poll.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
onyx-pollonyx-poll-modalonyx-poll-widgetonyx-poll-invalid
Data Attributes
data-poll
JS Globals
OnyxPolls
REST Endpoints
/wp-json/acf-onyx-poll
Shortcode Output
<div id="onyx-poll- class="onyx-poll onyx-poll-widget active show data-poll="</div>
FAQ

Frequently Asked Questions about ACF Onyx Poll