ACF Post Types TMC Security & Risk Analysis

wordpress.org/plugins/acf-post-types-tmc

Select field for choosing a WordPress Post Types for a radio populated with post types. Add-on for Advanced Custom Fields.

0 active installs v1.0.2 PHP + WP 4.3.0+ Updated Aug 31, 2018
acfadd-onadvanced-custom-fieldradio-boxselect-post-type
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is ACF Post Types TMC Safe to Use in 2026?

Generally Safe

Score 85/100

ACF Post Types TMC has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "acf-post-types-tmc" plugin, version 1.0.2, demonstrates a strong security posture based on the provided static analysis. The plugin has zero identified attack surface entry points (AJAX, REST API, shortcodes, cron events) that are unprotected. Furthermore, it exhibits excellent code hygiene by avoiding dangerous functions, performing all SQL queries using prepared statements, properly escaping all identified output, and not engaging in file operations or external HTTP requests. Taint analysis also reveals no critical or high severity issues, indicating a lack of unsanitized data flows.

The vulnerability history is also exceptionally clean, with no known CVEs associated with this plugin. This lack of historical vulnerabilities, combined with the robust static analysis findings, suggests that the developers have prioritized security. However, it is worth noting that the plugin has zero capability checks and zero nonce checks. While the absence of entry points currently mitigates the risk associated with these omissions, any future expansion of functionality that introduces new entry points without proper authentication and authorization mechanisms could introduce significant vulnerabilities.

In conclusion, the "acf-post-types-tmc" plugin v1.0.2 is currently highly secure. Its strengths lie in its minimal attack surface and diligent coding practices concerning SQL and output handling. The primary weakness, though currently not exploitable due to the lack of exposed functionality, is the absence of nonces and capability checks, which could become a concern if the plugin's features expand without corresponding security enhancements.

Key Concerns

  • No capability checks found
  • No nonce checks found
Vulnerabilities
None known

ACF Post Types TMC Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ACF Post Types TMC Release Timeline

v1.0.0
Code Analysis
Analyzed Apr 6, 2026

ACF Post Types TMC Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped4 total outputs
Attack Surface

ACF Post Types TMC Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionacf/field_group/admin_enqueue_scriptssrc/App.php:44
actionacf/include_field_typessrc/App.php:45
actionacf/register_fieldssrc/App.php:46
Maintenance & Trust

ACF Post Types TMC Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedAug 31, 2018
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

ACF Post Types TMC Developer Profile

themastercut

3 plugins · 1K total installs

87
trust score
Avg Security Score
82/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect ACF Post Types TMC

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acf-post-types-tmc/assets/js/fieldGroupsModificator.js
Script Paths
/wp-content/plugins/acf-post-types-tmc/assets/js/fieldGroupsModificator.js
Version Parameters
acf-post-types-tmc/assets/js/fieldGroupsModificator.js?ver=

HTML / DOM Fingerprints

HTML Comments
ACF v5ACF v4
FAQ

Frequently Asked Questions about ACF Post Types TMC