Does ACF WPML Theme Options have any unpatched vulnerabilities?

No. All known vulnerabilities in ACF WPML Theme Options have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ACF WPML Theme Options compatible with WordPress 4.9.29?

According to WordPress.org data, ACF WPML Theme Options 1.0.0 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is ACF WPML Theme Options updated?

ACF WPML Theme Options was last updated on Nov 16, 2017. Frequent updates are generally a positive security signal.

What is ACF WPML Theme Options's security score?

ACF WPML Theme Options has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ACF WPML Theme Options Security & Risk Analysis

wordpress.org/plugins/acf-wpml-theme-options

Plugin which adds another way of displaying global options created with ACF on websites which use WPML for multilanguage purposes.

10 active installs v1.0.0 PHP + WP 3.0+ Updated Nov 16, 2017

acfacfprosettingsthemewpml

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ACF WPML Theme Options Safe to Use in 2026?

Generally Safe

Score 85/100

ACF WPML Theme Options has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "acf-wpml-theme-options" v1.0.0 plugin exhibits a concerning security posture despite a clean vulnerability history and a limited attack surface. While it boasts no AJAX handlers, REST API routes, cron events, or external HTTP requests, and has only one shortcode entry point, the code analysis reveals significant weaknesses. The presence of `unserialize` is a major red flag, especially without any evident nonce or capability checks. Furthermore, all SQL queries are executed without prepared statements, and a substantial number of output variables are not properly escaped. The taint analysis, while not flagging critical or high-severity issues in this specific run, highlights flows with unsanitized paths, which, when combined with the other identified weaknesses, creates a potentially exploitable environment. The lack of any recorded vulnerabilities in its history could indicate a lack of prior auditing or a very new plugin, rather than inherent security. Overall, the plugin has critical flaws in data handling and execution that outweigh its minimal attack surface and clean history, demanding immediate attention.

Key Concerns

Dangerous unserialize function found
SQL queries lack prepared statements
Output escaping is not properly implemented
No nonce checks present
No capability checks present
Taint flows with unsanitized paths

Vulnerabilities

None known

ACF WPML Theme Options Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

ACF WPML Theme Options Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$rules = unserialize($postcontent);admin\controllers\interface.class.php:69

SQL Query Safety

0% prepared6 total queries

Output Escaping

0% escaped26 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

notice_content (admin\views\interface.views.class.php:30)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ACF WPML Theme Options Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[get_field_option] acf-wpml-theme-options.php:59

WordPress Hooks 15

actionadmin_enqueue_scriptsadmin\controllers\config.class.php:10

actionadmin_menuadmin\controllers\config.class.php:11

actionadmin_initadmin\controllers\config.class.php:12

actionplugins_loadedadmin\controllers\config.class.php:13

filterplugin_action_links_acf-wpml-theme-options/acf-wpml-theme-options.phpadmin\controllers\config.class.php:14

actionadmin_noticesadmin\controllers\interface.class.php:8

filtermanage_acf_wpml_to_posts_columnsadmin\controllers\interface.class.php:9

actionplugins_loadedadmin\controllers\interface.class.php:10

actionadmin_noticesadmin\controllers\interface.class.php:11

actionadd_meta_boxesadmin\controllers\interface.class.php:17

filtermanage_acf_wpml_to_posts_columnsadmin\controllers\interface.class.php:18

actionmanage_acf_wpml_to_posts_custom_columnadmin\controllers\interface.class.php:19

actioninitglobals\controllers\globals.class.php:10

actionadmin_noticesglobals\controllers\reqs.class.php:5

actionadmin_initglobals\controllers\reqs.class.php:6

Maintenance & Trust

ACF WPML Theme Options Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 16, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

ACF WPML Theme Options Alternatives

One Click Demo Import

one-click-demo-import

Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.

1.0M 2 CVEs

OptionTree

option-tree

Theme Options UI Builder for WordPress. A simple way to create & save Theme Options and Meta Boxes for free or premium themes.

60K 5 CVEs

Import / Export Customizer Settings

astra-import-export

100

Astra theme customizer offers several settings for header/footer layout, sidebar and blog designs, colors, backgrounds, typography and much more.

50K 1 CVE

ACF RGBA Color Picker

acf-rgba-color-picker

A RGBA-Color-Picker field for Advanced Custom Fields

6K No CVEs

Catch Themes Demo Import

catch-themes-demo-import

Catch Themes Demo Import is a simple and easy-to-use demo importer WordPress plugin that allows you to import the theme demo data Based on One Click D …

6K 2 CVEs

Developer Profile

ACF WPML Theme Options Developer Profile

railmedia

3 plugins · 2K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect ACF WPML Theme Options

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/acf-wpml-theme-options/admin/assets/css/acf-wpml-theme-options.css/wp-content/plugins/acf-wpml-theme-options/admin/assets/js/acf-wpml-settings.js/wp-content/plugins/acf-wpml-theme-options/admin/assets/js/set-acf-wpml-post-active.js

Script Paths

//malsup.github.io/jquery.blockUI.js

Version Parameters

acf-wpml-theme-options.css?ver=acf-wpml-settings.js?ver=set-acf-wpml-post-active.js?ver=

HTML / DOM Fingerprints

CSS Classes

acf-wpml-to-activeacf-wpml-to-active-linkacf-wpml-to-active-icon

HTML Comments

+3 more

Data Attributes

data-post-iddata-ajax-url

JS Globals

postactive

Shortcode Output

[get_field_option

FAQ