Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Security & Risk Analysis
wordpress.org/plugins/acf-viewsDisplay content with full control over selection and layout. Lightweight and compatible with any theme or page builder.
Is Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Safe to Use in 2026?
Generally Safe
Score 98/100Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… has a strong security track record. Known vulnerabilities have been patched promptly.
The 'acf-views' plugin version 3.8.3 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of dangerous functions and critical/high severity taint flows is also a significant strength, indicating a generally well-written codebase.
However, notable concerns arise from the plugin's attack surface. Specifically, one AJAX handler lacks authentication checks, presenting a potential entry point for unauthorized actions. While there are no active unpatched CVEs, the presence of one past high-severity vulnerability, categorized as 'Improper Neutralization of Special Elements Used in a Template Engine', suggests that the plugin has historically been susceptible to complex injection attacks. This history, combined with the unprotected AJAX handler, warrants careful consideration.
In conclusion, while 'acf-views' v3.8.3 shows commendable security development practices in areas like SQL and output handling, the unprotected AJAX endpoint and the history of a high-severity template engine vulnerability are weaknesses that could be exploited. Vigilance is recommended, especially regarding the uncovered AJAX endpoint.
Key Concerns
- Unprotected AJAX handler
- Past high severity vulnerability
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Advanced Views – Display Posts, Custom Fields, and More <= 3.7.19 - Authenticated (Author+) Remote Code Execution via SSTI
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Attack Surface
AJAX Handlers 1
REST API Routes 1
WordPress Hooks 4
Maintenance & Trust
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Maintenance & Trust
Maintenance Signals
Community Trust
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Alternatives
Elite Stay Helper – Create Cpts and taxonomy for rooms
elite-stay-helper
The plugin by Kamaldhari Infotech streamlines hotel management, offering custom post types, taxonomy, and meta fields. Easily handle rooms,testimonial …
Custom Post Type UI
custom-post-type-ui
Admin UI for creating custom content types like post types and taxonomies
Essential Content Types
essential-content-types
Essential Content Types allows you to feature the impressive content through different content/post types on your website just the way you want it.
Posts in Page
posts-in-page
Easily add one or more posts to any page using simple shortcodes.
Post Grid Master — Post Grids & AJAX Filters
ajax-filter-posts
Create post grids with AJAX filters, pagination, load more, infinite scroll, and custom post type support.
Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver… Developer Profile
1 plugin · 2K total installs
How We Detect Advanced Views – Display Custom Fields (ACF, Pods, MetaBox), Posts, CPT and Woo Products anywhere in Gutenberg, Elementor, Divi, Beaver…
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/acf-views/src/assets/css/admin.css/wp-content/plugins/acf-views/src/assets/css/admin-layout-edit.css/wp-content/plugins/acf-views/src/assets/css/layout-select.css/wp-content/plugins/acf-views/src/assets/css/layout-view.css/wp-content/plugins/acf-views/src/assets/css/post-selection-edit.css/wp-content/plugins/acf-views/src/assets/css/post-selection-view.css/wp-content/plugins/acf-views/src/assets/css/views.css/wp-content/plugins/acf-views/src/assets/js/admin.js+6 more/wp-content/plugins/acf-views/src/assets/js/admin.js/wp-content/plugins/acf-views/src/assets/js/admin-layout-edit.js/wp-content/plugins/acf-views/src/assets/js/admin-post-selection-edit.js/wp-content/plugins/acf-views/src/assets/js/layout-select.js/wp-content/plugins/acf-views/src/assets/js/live-reloader.js/wp-content/plugins/acf-views/src/assets/js/post-selection-select.js+1 more/wp-content/plugins/acf-views/src/assets/css/admin.css?ver=/wp-content/plugins/acf-views/src/assets/css/admin-layout-edit.css?ver=/wp-content/plugins/acf-views/src/assets/css/layout-select.css?ver=/wp-content/plugins/acf-views/src/assets/css/layout-view.css?ver=/wp-content/plugins/acf-views/src/assets/css/post-selection-edit.css?ver=/wp-content/plugins/acf-views/src/assets/css/post-selection-view.css?ver=/wp-content/plugins/acf-views/src/assets/css/views.css?ver=/wp-content/plugins/acf-views/src/assets/js/admin.js?ver=/wp-content/plugins/acf-views/src/assets/js/admin-layout-edit.js?ver=/wp-content/plugins/acf-views/src/assets/js/admin-post-selection-edit.js?ver=/wp-content/plugins/acf-views/src/assets/js/layout-select.js?ver=/wp-content/plugins/acf-views/src/assets/js/live-reloader.js?ver=/wp-content/plugins/acf-views/src/assets/js/post-selection-select.js?ver=/wp-content/plugins/acf-views/src/assets/js/views.js?ver=HTML / DOM Fingerprints
acf-views-admin-layout-editacf-views-admin-post-selection-editacf-views-layout-selectacf-views-layout-viewacf-views-post-selection-editacf-views-post-selection-viewacf-views-field-wrapperacf-views-layout-wrapper+1 more<!-- ACF Views --><!-- ACF Views Layout --><!-- ACF Views Post Selection -->data-acf-views-layout-iddata-acf-views-post-selection-iddata-acf-views-live-reloaderacf_views_admin_layout_editacf_views_admin_post_selection_editacf_views_layout_selectacf_views_live_reloaderacf_views_post_selection_select/wp-json/acf-views/v1/layouts/wp-json/acf-views/v1/post-selections[acf_views_layout][acf_views_post_selection]