Does ACF Tooltip have any unpatched vulnerabilities?

No. All known vulnerabilities in ACF Tooltip have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ACF Tooltip compatible with WordPress 6.7.5?

According to WordPress.org data, ACF Tooltip 1.2.5 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is ACF Tooltip updated?

ACF Tooltip was last updated on Dec 22, 2024. Frequent updates are generally a positive security signal.

What is ACF Tooltip's security score?

ACF Tooltip has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ACF Tooltip Security & Risk Analysis

wordpress.org/plugins/acf-tooltip

Displays ACF field instructions as tooltips

2K active installs v1.2.5 PHP + WP 4.7+ Updated Dec 22, 2024

acfacfproadvanced-custom-fieldsinstructionstooltip

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ACF Tooltip Safe to Use in 2026?

Generally Safe

Score 92/100

ACF Tooltip has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "acf-tooltip" plugin v1.2.5 exhibits a strong security posture from a static analysis perspective, with no identified dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), or file operations. The plugin also appears to have a minimal attack surface with no registered AJAX handlers, REST API routes, shortcodes, or cron events. This lack of direct entry points significantly reduces the potential for external exploitation.

However, a critical concern arises from the output escaping analysis. With 100% of identified outputs not being properly escaped, this plugin presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by this plugin, even if originating from trusted sources, could potentially be manipulated to inject malicious scripts into a user's browser session. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a history of secure development or low discoverability of flaws. Nevertheless, the unescaped output is a significant weakness that demands immediate attention.

In conclusion, while the plugin's limited attack surface and use of prepared SQL statements are commendable security practices, the pervasive lack of output escaping creates a substantial XSS risk. The vulnerability history is clean, but this doesn't mitigate the clear and present danger of unescaped output. Addressing the output escaping issue is paramount to securing this plugin.

Key Concerns

Unescaped output detected (3/3)

Vulnerabilities

None known

ACF Tooltip Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ACF Tooltip Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

ACF Tooltip Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_initacf-tooltip.php:44

actionacf/input/admin_enqueue_scriptsacf-tooltip.php:47

filter_dhz_plugins_listacf-tooltip.php:52

actionadd_meta_boxes_acf-field-groupacf-tooltip.php:55

actionadmin_noticesacf-tooltip.php:83

Maintenance & Trust

ACF Tooltip Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 22, 2024

PHP min version

Downloads15K

Community Trust

Rating100/100

Number of ratings5

Active installs2K

Alternatives

ACF Tooltip Alternatives

ACF Simple Tooltip

acf-simple-tooltip

Displays ACF field instructions as tooltips using only CSS.

100 No CVEs

ACF Columns

acf-columns

With the ACF Columns plugin it is possible to arrange ACF fields in column groups in the post editor.

5K No CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

Developer Profile

ACF Tooltip Developer Profile

dreihochzwo

6 plugins · 16K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ACF Tooltip

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/acf-tooltip/assets/css/acf-tooltip.css/wp-content/plugins/acf-tooltip/assets/vendor/qtip/jquery.qtip.min.css/wp-content/plugins/acf-tooltip/assets/vendor/qtip/jquery.qtip.min.js/wp-content/plugins/acf-tooltip/assets/js/acf-tooltip.js

Script Paths

assets/js/acf-tooltip.jsassets/vendor/qtip/jquery.qtip.min.js

Version Parameters

acf-tooltip.css?ver=acf-tooltip.js?ver=

HTML / DOM Fingerprints

CSS Classes

acf-tooltip-qtip-acf

Data Attributes

data-qtip-acf-styledata-qtip-acf-mydata-qtip-acf-atdata-qtip-acf-classdata-qtip-acf-exclude-classdata-qtip-acf-fieldeditor+1 more

JS Globals

acfTooltip

FAQ