Does Advanced Custom Fields Viewer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Custom Fields Viewer compatible with WordPress 4.9.29?

According to WordPress.org data, Advanced Custom Fields Viewer 1.2.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Advanced Custom Fields Viewer updated?

Advanced Custom Fields Viewer was last updated on Nov 13, 2017. Frequent updates are generally a positive security signal.

What is Advanced Custom Fields Viewer's security score?

Advanced Custom Fields Viewer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Custom Fields Viewer Security & Risk Analysis

wordpress.org/plugins/advanced-custom-fields-viewer

View Advanced Custom Fields names & data on the front end of your theme while developing.

100 active installs v1.2.2 PHP + WP 3.5.0+ Updated Nov 13, 2017

acfadvanced-custom-fieldscustomcustom-fieldfield

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced Custom Fields Viewer Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Custom Fields Viewer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The plugin "advanced-custom-fields-viewer" v1.2.2 presents a generally good security posture, with no reported CVEs and a clean taint analysis. The static analysis reveals a very small attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events exposed. Furthermore, all identified SQL queries utilize prepared statements, indicating a strong defense against SQL injection vulnerabilities. The absence of dangerous functions, file operations, and external HTTP requests further bolsters its security profile.

However, a significant concern arises from the output escaping signals. With 100% of outputs not properly escaped (4 total outputs), this plugin is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. This is a critical oversight that could allow attackers to inject malicious scripts into the WordPress site through the plugin's output, potentially leading to session hijacking, defacement, or other malicious actions. While the plugin has no known historical vulnerabilities, this lack of proper output escaping represents a substantial and unaddressed risk within its current codebase.

Key Concerns

All outputs are unescaped

Vulnerabilities

None known

Advanced Custom Fields Viewer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Advanced Custom Fields Viewer Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Advanced Custom Fields Viewer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

Advanced Custom Fields Viewer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filterplugin_row_metaadmin\general.php:12

actionadmin_initadmin\options.php:13

actionadmin_menuadmin\options.php:15

actionwp_footerviewer.php:87

actionwp_enqueue_scriptsviewer.php:105

Maintenance & Trust

Advanced Custom Fields Viewer Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedNov 13, 2017

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

Advanced Custom Fields Viewer Alternatives

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

ACF: Better Search

acf-better-search

This plugin adds to default WordPress search engine the ability to search by content from selected fields of Advanced Custom Fields plugin.

40K 1 CVE

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and …

40K No CVEs

Developer Profile

Advanced Custom Fields Viewer Developer Profile

Joe Fusco

4 plugins · 2K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Custom Fields Viewer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-custom-fields-viewer/themes/dark.css/wp-content/plugins/advanced-custom-fields-viewer/themes/light.css/wp-content/plugins/advanced-custom-fields-viewer/themes/transparent.css/wp-content/plugins/advanced-custom-fields-viewer/js/acfv-frontend.js

Script Paths

/wp-content/plugins/advanced-custom-fields-viewer/js/acfv-frontend.js

HTML / DOM Fingerprints

CSS Classes

acfv-btnacfv-btn-iconacfv-btn-colacfv-spaceracfv-linkacfv-footeracfv-wrapacfv-click-layer+7 more

HTML Comments

Data Attributes

id="acfv-toggle"id="acfv-click-layer"id="acfv-wrap"id="acfv-btn-close"id="acfv-btn-custom"id="acfv-btn-current"+8 more

JS Globals

var acfv

Shortcode Output

<pre id="acfv-current-viewer"><pre id="acfv-options-viewer"><pre id="acfv-custom-viewer">

FAQ