Does ACF Permalinks have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ACF Permalinks compatible with WordPress 5.0.25?

According to WordPress.org data, ACF Permalinks 1.0.0 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

Is ACF Permalinks compatible with PHP 5.3+?

ACF Permalinks requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ACF Permalinks updated?

ACF Permalinks was last updated on Oct 24, 2018. Frequent updates are generally a positive security signal.

What is ACF Permalinks's security score?

ACF Permalinks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ACF Permalinks Security & Risk Analysis

wordpress.org/plugins/acf-permalinks

Plugin allows to use ACF values in permalink structure by adding %field_fieldname%, for posts, pages and custom post types.

300 active installs v1.0.0 PHP 5.3+ WP 4.5.0+ Updated Oct 24, 2018

acfadvanced-custom-fieldscustom-fieldspermalinkpermalinks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ACF Permalinks Safe to Use in 2026?

Generally Safe

Score 85/100

ACF Permalinks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

Based on the static analysis and vulnerability history, the acf-permalinks plugin version 1.0.0 exhibits an exceptionally strong security posture. The absence of any identified attack surface points, such as AJAX handlers, REST API routes, shortcodes, or cron events, significantly minimizes potential entry vectors for attackers. Furthermore, the code analysis reveals a complete lack of dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. There are no file operations, external HTTP requests, or any indications of missing nonce or capability checks within the analyzed code. This comprehensive adherence to secure coding practices, coupled with a clean vulnerability history, suggests a low-risk plugin.

Vulnerabilities

None known

ACF Permalinks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ACF Permalinks Release Timeline

v1.0.0Current

v0.0.1

Code Analysis

Analyzed Mar 16, 2026

ACF Permalinks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

ACF Permalinks Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_noticesincludes\admin\plugin-dependency-notice.php:34

filterwpcfp_get_post_metadata_singleincludes\main.php:43

actionplugins_loadedincludes\main.php:49

Maintenance & Trust

ACF Permalinks Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedOct 24, 2018

PHP min version5.3

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs300

Alternatives

ACF Permalinks Alternatives

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

ACF: Better Search

acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …

40K No CVEs

Developer Profile

ACF Permalinks Developer Profile

athlan

2 plugins · 900 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ACF Permalinks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ