Does ACF: Yandex Maps Field have any unpatched vulnerabilities?

Yes — ACF: Yandex Maps Field currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is ACF: Yandex Maps Field compatible with WordPress 6.1.10?

According to WordPress.org data, ACF: Yandex Maps Field 1.1 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is ACF: Yandex Maps Field updated?

ACF: Yandex Maps Field was last updated on Jan 23, 2023. Frequent updates are generally a positive security signal.

What is ACF: Yandex Maps Field's security score?

ACF: Yandex Maps Field has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ACF: Yandex Maps Field Security & Risk Analysis

wordpress.org/plugins/acf-yandex-maps-field

ACF: Yandex Maps Field

800 active installs v1.1 PHP + WP 6.1.1+ Updated Jan 23, 2023

advanced-custom-fieldsfieldsmapyandexyandex-map

C · Use Caution

CVEs total1

Unpatched1

Last CVEJun 5, 2025

Plugin page Download

Safety Verdict

Is ACF: Yandex Maps Field Safe to Use in 2026?

Use With Caution

Score 63/100

ACF: Yandex Maps Field has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jun 5, 2025Updated 3yr ago

Risk Assessment

The acf-yandex-maps-field plugin, version 1.1, presents a mixed security posture. While the static analysis reveals a lack of exposed entry points like AJAX handlers, REST API routes, or shortcodes, and demonstrates a strong adherence to prepared statements for SQL queries, there are areas of concern. The presence of one unpatched medium severity vulnerability (Cross-site Scripting) is a significant risk, especially given its recent discovery. The output escaping, while high at 84%, still leaves a small percentage of outputs potentially vulnerable to XSS if an attacker can influence them. The lack of observed taint flows could be due to the limited attack surface or the nature of the analysis, but it doesn't negate the historical vulnerability pattern.

Key Concerns

Unpatched medium severity CVE (XSS)
Potential for XSS due to unescaped output (16%)

Vulnerabilities

ACF: Yandex Maps Field Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-30930medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ACF: Yandex Maps Field <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 5, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

ACF: Yandex Maps Field Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped62 total outputs

Attack Surface

ACF: Yandex Maps Field Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionacf/include_field_typesacf-yandex-map-fields.php:39

actionacf/register_fieldsacf-yandex-map-fields.php:40

actionadmin_initacf-yandex-map-fields.php:42

actionadmin_menuacf-yandex-map-fields.php:43

Maintenance & Trust

ACF: Yandex Maps Field Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedJan 23, 2023

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs800

Alternatives

ACF: Yandex Maps Field Alternatives

Simple Image XML Sitemap

simple-image-xml-sitemap

The Simple Image XML Sitemap plugin will generate a XML Sitemap for specifically for all images including images uploaded as Advanced Custom Fields (P …

1K No CVEs

Maps for WP

maps-for-wp

A handy plugin for inserting Yandex and Google maps using shortcode.

400 1 unpatched

Yandex Maps for Gutenberg

yamap-block-gutenberg

The plugin adds a simple Yandex Maps to your page. Do not forget to install the Gutenberg plugin (WordPress version 4.9.8 and below).

300 No CVEs

ACF: Google Maps Field (Multiple Markers)

acf-google-map-field-multiple-markers

An advanced Google Maps field for ACF that allows you to add multiple markers/pins to a single map field.

200 No CVEs

ShMapper by Teplitsa

shmapper-by-teplitsa

shMapper is a plugin, that allows you to create simple crowdsourcing maps based on OpenStreetMap and Yandex.Maps.

100 2 CVEs

Developer Profile

ACF: Yandex Maps Field Developer Profile

Unreal Themes

2 plugins · 800 total installs

trust score

Avg Security Score

74/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ACF: Yandex Maps Field

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/acf-yandex-maps-field/js/acf-yandex-map-frontend.js

Script Paths

//api-maps.yandex.com/2.1/?lang=/js/acf-yandex-map-frontend.js

Version Parameters

acf-yandex-map-frontend.js?ver=acf-yandex-map-api?ver=

HTML / DOM Fingerprints

CSS Classes

yandex-map

Data Attributes

data-zoom-controlldata-scroll-zoomymf_custom_data

JS Globals

ymf_options

Shortcode Output

<div class="yandex-map" id="

FAQ