WP-Safety

Custom post types for WordPress – ACPT Lite Security & Risk Analysis

wordpress.org/plugins/acpt-lite

Create and manage custom post types and taxonomies in seconds. Use the meta fields builder to create complex websites with just a few clicks.

100 active installs v2.0.11 PHP 7.4+ WP 5.1+ Updated Feb 10, 2025
custom-post-typecustom-post-typesmeta-boxtaxonomiestaxonomy
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom post types for WordPress – ACPT Lite Safe to Use in 2026?

Generally Safe

Score 92/100

Custom post types for WordPress – ACPT Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "acpt-lite" v2.0.11 plugin exhibits a generally good security posture, with no known historical vulnerabilities (CVEs) and a robust approach to handling entry points. The static analysis reveals a commendable use of prepared statements for SQL queries (84%) and a significant number of output escaping routines (128). Furthermore, all identified entry points (AJAX handlers, REST API routes, shortcodes) appear to have authentication checks, and there are no critical or high-severity taint flows detected, which are positive indicators of secure coding practices. However, there are specific areas that warrant attention. The presence of two instances of the `unserialize()` function is a significant concern, as it can lead to remote code execution vulnerabilities if malicious data is passed to it. While the taint analysis found no critical or high severity issues, the fact that all four analyzed flows had unsanitized paths suggests a potential for vulnerabilities if these paths are exposed to user-controlled input. Additionally, the output escaping is not consistently applied, with only 59% of outputs being properly escaped, leaving room for potential Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, "acpt-lite" v2.0.11 is not currently known to be vulnerable, and its developers have implemented several good security practices. The absence of historical vulnerabilities is a strong point. However, the use of `unserialize()` without explicit sanitization and the moderate rate of proper output escaping present potential risks that should be addressed to further strengthen the plugin's security. The unsanitized paths in taint flows, while not critical, highlight a need for increased vigilance in input validation and sanitization across all potential user-influenced data.

Key Concerns

  • Dangerous function unserialize() used
  • Unsanitized paths in taint flows
  • Output escaping not properly applied (59%)
Vulnerabilities
None known

Custom post types for WordPress – ACPT Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom post types for WordPress – ACPT Lite Code Analysis

Dangerous Functions
2
Raw SQL Queries
5
26 prepared
Unescaped Output
52
76 escaped
Nonce Checks
2
Capability Checks
2
File Operations
16
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$value = unserialize($value);src\Integrations\WooCommerce\Generators\WooCommerceProductVariationMetaField.php:55
unserializereturn unserialize($_SESSION[$key]);src\Utils\PHP\Session.php:46

SQL Query Safety

84% prepared31 total queries

Output Escaping

59% escaped128 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
addColumns (src\Core\Generators\Comment\CommentAdminColumnsGenerator.php:15)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Custom post types for WordPress – ACPT Lite Attack Surface

Entry Points5
Unprotected0

Shortcodes 5

[acpt] src\Admin\ACPT_Lite_Admin.php:606
[acpt_user] src\Admin\ACPT_Lite_Admin.php:607
[acpt_tax] src\Admin\ACPT_Lite_Admin.php:608
[acpt_media] src\Admin\ACPT_Lite_Admin.php:609
[acpt_comm] src\Admin\ACPT_Lite_Admin.php:610
WordPress Hooks 54
actionadmin_noticesacpt-lite.php:143
filterplugin_action_linkssrc\Admin\ACPT_Lite_Admin.php:534
filterscript_loader_tagsrc\Admin\ACPT_Lite_Admin.php:535
filterblock_categories_allsrc\Admin\ACPT_Lite_Admin.php:536
filterredirect_post_locationsrc\Core\CQRS\Command\AbstractSaveMetaCommand.php:164
actioninitsrc\Core\Generators\AbstractGenerator.php:27
filterpost_type_linksrc\Core\Generators\AbstractGenerator.php:35
actionadmin_initsrc\Core\Generators\AbstractGenerator.php:44
filterwoocommerce_product_data_tabssrc\Core\Generators\AbstractGenerator.php:52
filterwoocommerce_product_data_panelssrc\Core\Generators\AbstractGenerator.php:60
filterwoocommerce_process_product_metasrc\Core\Generators\AbstractGenerator.php:68
filterwoocommerce_product_tabssrc\Core\Generators\AbstractGenerator.php:76
actionadmin_headsrc\Core\Generators\AbstractGenerator.php:84
filterattachment_fields_to_editsrc\Core\Generators\Attachment\AttachmentMetaBoxGenerator.php:39
actionedit_attachmentsrc\Core\Generators\Attachment\AttachmentMetaBoxGenerator.php:40
filtermanage_edit-comments_columnssrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:23
filtermanage_edit-comments_sortable_columnssrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:42
actionmanage_comments_custom_columnsrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:61
actionpre_get_commentssrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:81
actionrestrict_manage_commentssrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:115
filterthe_editorsrc\Core\Generators\Comment\CommentAdminColumnsGenerator.php:168
filtercomment_form_defaultssrc\Core\Generators\Comment\CommentMetaBoxGenerator.php:30
actioncomment_postsrc\Core\Generators\Comment\CommentMetaGroupsGenerator.php:25
actionedit_commentsrc\Core\Generators\Comment\CommentMetaGroupsGenerator.php:30
actionpre_get_postssrc\Core\Generators\CustomPostType\CustomPostTypeAdminColumnsGenerator.php:137
actionrestrict_manage_postssrc\Core\Generators\CustomPostType\CustomPostTypeAdminColumnsGenerator.php:251
actionquick_edit_custom_boxsrc\Core\Generators\CustomPostType\CustomPostTypeAdminColumnsGenerator.php:339
actionbulk_edit_custom_boxsrc\Core\Generators\CustomPostType\CustomPostTypeAdminColumnsGenerator.php:348
actionadmin_noticessrc\Core\Generators\CustomPostType\CustomPostTypeGenerator.php:76
filterpost_updated_messagessrc\Core\Generators\CustomPostType\CustomPostTypeGenerator.php:241
filterbulk_post_updated_messagessrc\Core\Generators\CustomPostType\CustomPostTypeGenerator.php:242
actionpost_edit_form_tagsrc\Core\Generators\CustomPostType\CustomPostTypeMetaBoxGenerator.php:30
actionpost_edit_form_tagsrc\Core\Generators\CustomPostType\CustomPostTypeMetaGroupGenerator.php:108
actionpost_edit_form_tagsrc\Core\Generators\CustomPostType\CustomPostTypeMetaGroupGenerator.php:197
actionquick_edit_custom_boxsrc\Core\Generators\Taxonomy\TaxonomyAdminColumnsGenerator.php:96
actionadmin_print_footer_scripts-edit-tags.phpsrc\Core\Generators\Taxonomy\TaxonomyAdminColumnsGenerator.php:115
filtermanage_users_columnssrc\Core\Generators\User\UserAdminColumnsGenerator.php:22
filtermanage_users_custom_columnsrc\Core\Generators\User\UserAdminColumnsGenerator.php:38
actionshow_user_profilesrc\Core\Generators\User\UserMetaBoxGenerator.php:47
actionedit_user_profilesrc\Core\Generators\User\UserMetaBoxGenerator.php:48
actionpersonal_options_updatesrc\Core\Generators\User\UserMetaBoxGenerator.php:49
actionedit_user_profile_updatesrc\Core\Generators\User\UserMetaBoxGenerator.php:50
actionplugins_loadedsrc\Core\Generators\User\UserMetaGroupsGenerator.php:36
actionplugins_loadedsrc\Includes\ACPT_Lite_Internalization.php:53
actionelementor/controls/registersrc\Integrations\Elementor\ACPT_Lite_Elementor.php:50
actionelementor/elements/categories_registeredsrc\Integrations\Elementor\ACPT_Lite_Elementor.php:51
actionelementor/widgets/registersrc\Integrations\Elementor\ACPT_Lite_Elementor.php:52
actioninitsrc\Integrations\Gutenberg\ACPT_Lite_Gutenberg.php:25
filtermodify_post_type_namesrc\Integrations\WooCommerce\Filters\WooCommerceFilters.php:25
filteradd_woo_product_data_to_acpt_listsrc\Integrations\WooCommerce\Filters\WooCommerceFilters.php:43
filteradd_cpt_to_acpt_listsrc\Integrations\WooCommerce\Filters\WooCommerceFilters.php:64
actionwoocommerce_product_after_variable_attributessrc\Integrations\WooCommerce\Generators\WooCommerceProductVariationMetaGroups.php:37
actionwoocommerce_save_product_variationsrc\Integrations\WooCommerce\Generators\WooCommerceProductVariationMetaGroups.php:59
filterscript_loader_tagsrc\Utils\Vite\Assets.php:21
Maintenance & Trust

Custom post types for WordPress – ACPT Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedFeb 10, 2025
PHP min version7.4
Downloads10K

Community Trust

Rating98/100
Number of ratings24
Active installs100
Alternatives

Custom post types for WordPress – ACPT Lite Alternatives

Custom Post Type Mapper – Register post ypes, taxonomies, meta boxes without coding

Custom Post Type Mapper – Register post ypes, taxonomies, meta boxes without coding

cpt-mapper

A
85

DEMO

0 No CVEs
Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs
Custom Post Type UI

Custom Post Type UI

custom-post-type-ui

A
93

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs
Pods – Custom Content Types and Fields

Pods – Custom Content Types and Fields

pods

A
87

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs
Essential Content Types

Essential Content Types

essential-content-types

A
100

Essential Content Types allows you to feature the impressive content through different content/post types on your website just the way you want it.

20K No CVEs
Developer Profile

Custom post types for WordPress – ACPT Lite Developer Profile

mauretto1978

1 plugin · 100 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom post types for WordPress – ACPT Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/acpt-lite/assets/static/css/admin.css/wp-content/plugins/acpt-lite/assets/vendor/selectize/selectize.default.min.css/wp-content/plugins/acpt-lite/assets/vendor/selectize/selectize.min.js/wp-content/plugins/acpt-lite/assets/static/js/admin.js
Script Paths
/wp-content/plugins/acpt-lite/assets/vendor/selectize/selectize.min.js/wp-content/plugins/acpt-lite/assets/static/js/admin.js

HTML / DOM Fingerprints

CSS Classes
acpt-lite-field-wrapperacpt-lite-meta-box
Data Attributes
data-acpt-lite-field-id
JS Globals
acpt_lite_settings
REST Endpoints
/wp-json/acpt-lite/v1/settings
Shortcode Output
[acpt_meta][acpt_taxonomy_meta][acpt_attachment_meta][acpt_comment_meta]
FAQ

Frequently Asked Questions about Custom post types for WordPress – ACPT Lite