WP-Safety

Admin Columns for ACF Fields Security & Risk Analysis

wordpress.org/plugins/admin-columns-for-acf-fields

Allows you to enable columns for your ACF fields in post and taxonomy overviews (e.g. "All Posts") in the Wordpress admin backend.

9K active installs v0.3.2 PHP 5.6.2+ WP 4.6+ Updated Jan 17, 2025
acfadmin-columnsadvanced-custom-fields
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Columns for ACF Fields Safe to Use in 2026?

Generally Safe

Score 92/100

Admin Columns for ACF Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "admin-columns-for-acf-fields" plugin v0.3.2 exhibits a strong security posture based on the provided static analysis. The absence of any detected entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the attack surface. Furthermore, the code signals indicate good practices in database interaction with all SQL queries utilizing prepared statements, and no dangerous functions, file operations, or external HTTP requests were identified. The lack of any recorded vulnerabilities in its history is also a positive indicator.

However, a critical concern arises from the output escaping analysis, where 100% of the detected outputs are not properly escaped. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or data processed by the plugin could be rendered in the browser without sanitization, allowing attackers to inject malicious scripts. While the plugin has a clean vulnerability history and a limited attack surface, this lack of output escaping is a serious deficiency that needs immediate attention.

In conclusion, the plugin demonstrates good practices in many security areas, particularly in its limited attack surface and secure database handling. However, the complete lack of output escaping is a substantial weakness that overshadows these strengths and creates a tangible risk of XSS vulnerabilities. Addressing this output escaping issue should be the top priority for improving the plugin's security.

Key Concerns

  • Outputs not properly escaped (XSS risk)
Vulnerabilities
None known

Admin Columns for ACF Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Admin Columns for ACF Fields Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped2 total outputs
Attack Surface

Admin Columns for ACF Fields Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionacf/initacf_admin_columns.php:44
actionparse_requestacf_admin_columns.php:47
actionpre_get_termsacf_admin_columns.php:48
actionpre_get_usersacf_admin_columns.php:49
actionpre_get_postsacf_admin_columns.php:51
filterposts_joinacf_admin_columns.php:151
filterposts_whereacf_admin_columns.php:152
filterposts_distinctacf_admin_columns.php:153
filtermanage_users_columnsacf_admin_columns.php:159
filtermanage_users_custom_columnacf_admin_columns.php:160
actionadmin_headacf_admin_columns.php:163
Maintenance & Trust

Admin Columns for ACF Fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 17, 2025
PHP min version5.6.2
Downloads52K

Community Trust

Rating98/100
Number of ratings20
Active installs9K
Alternatives

Admin Columns for ACF Fields Alternatives

ACF Content Analysis for Yoast SEO

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

A
100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs
Advanced Custom Fields: Font Awesome Field

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

A
99

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE
Table Field Add-on for ACF and SCF

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A
98

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs
ACF: Better Search

ACF: Better Search

acf-better-search

A
99

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE
WP All Import – Import Add-On for ACF

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

A
100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …

40K No CVEs
Developer Profile

Admin Columns for ACF Fields Developer Profile

Florian Eickhorst

1 plugin · 9K total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Columns for ACF Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-columns-for-acf-fields/css/acf-admin-columns.css/wp-content/plugins/admin-columns-for-acf-fields/js/acf-admin-columns.js
Script Paths
/wp-content/plugins/admin-columns-for-acf-fields/js/acf-admin-columns.js
Version Parameters
admin-columns-for-acf-fields/css/acf-admin-columns.css?ver=admin-columns-for-acf-fields/js/acf-admin-columns.js?ver=

HTML / DOM Fingerprints

CSS Classes
column-acf_acf-field-settings
Data Attributes
data-acf-admin-column-iddata-acf-admin-column-name
JS Globals
acfAdminColumns
FAQ

Frequently Asked Questions about Admin Columns for ACF Fields