Does Advanced Members for ACF have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Members for ACF have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Members for ACF compatible with WordPress 6.8.5?

According to WordPress.org data, Advanced Members for ACF 1.2.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Advanced Members for ACF compatible with PHP 7.1+?

Advanced Members for ACF requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Members for ACF updated?

Advanced Members for ACF was last updated on Mar 11, 2026. Frequent updates are generally a positive security signal.

What is Advanced Members for ACF's security score?

Advanced Members for ACF has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Members for ACF Security & Risk Analysis

wordpress.org/plugins/advanced-members

A Lightweight & Powerful Membership Plugin for ACF Users. Seamlessly Use ACF Field Groups as Membership Forms

40 active installs v1.2.5 PHP 7.1+ WP 5.8+ Updated Mar 11, 2026

accountacfadvanced-custom-fieldsmembersregistration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Advanced Members for ACF Safe to Use in 2026?

Generally Safe

Score 100/100

Advanced Members for ACF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago

Risk Assessment

The advanced-members plugin version 1.2.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices by extensively utilizing prepared statements for SQL queries (91%) and generally performing output escaping (78%). The absence of known CVEs and critical or high severity taint flows is also a strong indicator of a well-maintained codebase.

However, there are significant concerns regarding its attack surface. The plugin exposes 5 unprotected AJAX handlers, which represent a direct pathway for attackers to potentially inject malicious data or execute unintended actions without proper authentication or authorization. Additionally, while the overall output escaping is decent, the presence of unsanitized paths in taint analysis, even without critical severity, warrants careful review as it could lead to path traversal or file inclusion vulnerabilities.

Given the lack of historical vulnerabilities, the plugin appears to have been developed with security in mind. Nevertheless, the unprotected AJAX handlers are a substantial weakness that elevates the risk profile. A balanced conclusion is that while the plugin has a clean vulnerability history and good SQL/output handling, the identified unprotected entry points require immediate attention to mitigate potential exploits.

Key Concerns

Unprotected AJAX handlers found
Taint flows with unsanitized paths
Significant number of unprotected entry points

Vulnerabilities

None known

Advanced Members for ACF Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Advanced Members for ACF Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

275 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared11 total queries

Output Escaping

78% escaped351 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

user_mail_active (core\class-user.php:478)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Advanced Members for ACF Attack Surface

Entry Points15

Unprotected5

AJAX Handlers 7

authwp_ajax_amem/add_default_ruleadmin\class-admin-options.php:21

authwp_ajax_acf/validate_save_postcore\forms\submissions.php:30

noprivwp_ajax_acf/validate_save_postcore\forms\submissions.php:31

authwp_ajax_amem_submissioncore\forms\submissions.php:34

noprivwp_ajax_amem_submissioncore\forms\submissions.php:35

authwp_ajax_amem_avatar_cropcore\modules\class-avatar.php:57

authwp_ajax_amem/recaptcha/key_verifycore\modules\class-recaptcha.php:56

REST API Routes 3

POST/wp-json/amem/avatar/v1/uploadcore\modules\class-avatar.php:414

POST/wp-json/amem/avatar/v1/cropcore\modules\class-avatar.php:421

POST/wp-json/amem/avatar/v1/cancelCropcore\modules\class-avatar.php:428

Shortcodes 5

[advanced-members-account] core\class-account.php:41

[advanced-members-account-password] core\class-account.php:42

[advanced-members-account-delete] core\class-account.php:43

[advanced-members-pwreset] core\class-password-reset.php:32

[advanced-members] core\forms\render.php:18

WordPress Hooks 207

actionacf/input/form_dataacf\fields\class-avatar.php:61

filteracf/load_field/type=textacf\fields\class-display-name.php:31

actionacf/save_postacf\fields\class-display-name.php:146

filteracf/load_field/type=textacf\fields\class-first-name.php:24

actionacf/save_postacf\fields\class-first-name.php:64

filteracf/load_field/type=textacf\fields\class-last-name.php:24

actionacf/save_postacf\fields\class-last-name.php:59

filteracf/load_field/type=textacf\fields\class-nickname.php:23

actionacf/save_postacf\fields\class-nickname.php:64

actionacf/input/admin_print_footer_scriptsacf\fields\class-recaptcha.php:39

filteracf/load_field/type=textareaacf\fields\class-user-bio.php:31

actionacf/save_postacf\fields\class-user-bio.php:68

filteracf/load_field/type=emailacf\fields\class-user-email.php:24

actionacf/save_postacf\fields\class-user-email.php:124

filteracf/load_field/type=passwordacf\fields\class-user-password-confirm.php:21

filteracf/load_field/type=passwordacf\fields\class-user-password-current.php:21

filteracf/load_field/type=passwordacf\fields\class-user-password.php:26

actionacf/save_postacf\fields\class-user-password.php:121

actionacf/save_postacf\fields\class-user-url.php:47

filteracf/load_field/type=textacf\fields\class-username.php:27

actionsave_post_pageadmin\class-admin-form.php:42

filteracf/prepare_field/name=amem_form_shortcode_messageadmin\class-admin-form.php:113

filteradd_post_metadataadmin\class-admin-form.php:114

actionacf/add_meta_boxesadmin\class-admin-form.php:116

actionin_admin_headeradmin\class-admin-forms.php:68

filterpre_get_postsadmin\class-admin-forms.php:74

actionadmin_initadmin\class-admin-options.php:17

actionadmin_initadmin\class-admin-options.php:18

actionadmin_menuadmin\class-admin-options.php:19

filterparent_fileadmin\class-admin-options.php:20

actionadmin_enqueue_scriptsadmin\class-admin-options.php:22

filteracf/admin/toolbaradmin\class-admin-options.php:23

actionadmin_initadmin\class-admin-options.php:26

actionadmin_body_classadmin\class-admin-options.php:85

actionadmin_print_scriptsadmin\class-admin-options.php:86

actionload-post.phpadmin\class-admin-post.php:90

actionload-post-new.phpadmin\class-admin-post.php:91

actionedit_form_after_titleadmin\class-admin-post.php:93

actionacf/add_meta_boxesadmin\class-admin-post.php:95

filterget_user_option_screen_layout_amem-formadmin\class-admin-post.php:97

actionadd_meta_boxesadmin\class-admin-post.php:99

actionin_admin_headeradmin\class-admin-posts.php:64

actionadmin_body_classadmin\class-admin-posts.php:66

filterdisplay_post_statesadmin\class-admin-posts.php:72

filterpost_row_actionsadmin\class-admin-posts.php:91

filterdisplay_post_statesadmin\class-admin.php:20

actionadmin_noticesadmin\class-admin.php:21

actionshow_user_profileadmin\class-admin.php:23

actionedit_user_profileadmin\class-admin.php:24

actionamem_doaction_install_core_pagesadmin\class-admin.php:26

actionamem_doaction_not_install_core_pagesadmin\class-admin.php:27

actionadmin_initadmin\class-admin.php:30

actioncurrent_screenadmin\class-admin.php:33

actionsave_post_acf-field-groupadmin\class-admin.php:34

actionacf/input/admin_headadmin\class-admin.php:35

actionshow_user_profileadmin\class-admin.php:117

actionedit_user_profileadmin\class-admin.php:118

filterrequestadmin\class-admin.php:274

actionshutdownadmin\class-admin.php:278

actionwp_nav_menu_item_custom_fieldsadmin\class-menu.php:20

actionwp_update_nav_menu_itemadmin\class-menu.php:21

actionadmin_enqueue_scriptsadmin\class-menu.php:23

actionwp_nav_menu_item_custom_fields_customize_templateadmin\class-menu.php:27

actionsetup_themeadvanced-members.php:100

actionadmin_noticesadvanced-members.php:227

actionadmin_noticesadvanced-members.php:232

actionacf/initadvanced-members.php:239

filteramem/form/acf_data/type=passwordresetcore\abstracts\action.php:46

actionamem/form/validate/type=accountcore\actions\account.php:21

actionamem/form/validate/type=accountcore\actions\account.php:22

actionamem/form/submit/type=accountcore\actions\account.php:23

actionamem/account/content/generalcore\actions\account.php:25

actionamem/account/content/deletecore\actions\account.php:26

actionamem/account/content/passwordcore\actions\account.php:27

actionamem/account/content/logged_outcore\actions\account.php:28

actionamem/account/updatecore\actions\account.php:32

actionamem/form/hidden_fields/type=accountcore\actions\account.php:34

actionamem/form/create_submission/before/type=accountcore\actions\account.php:36

filteramem/form/from_local/type=accountcore\actions\account.php:38

filteramem/form/from_post/type=accountcore\actions\account.php:39

filteramem/error/messagescore\actions\account.php:41

filteramem/form/submit/redirect/accountcore\actions\account.php:228

filteramem/form/submit/redirect/accountcore\actions\account.php:252

actionamem/form/after_fields/type=accountcore\actions\account.php:483

actionamem/form/after_field_wrappercore\actions\account.php:484

actionamem/form/local_fields/type=accountcore\actions\account.php:498

actionamem/form/after_field_wrappercore\actions\account.php:499

actionamem/form/local_fields/type=accountcore\actions\account.php:508

actionamem/form/after_field_wrappercore\actions\account.php:509

actionamem/form/validate/type=logincore\actions\login.php:23

actionamem/form/validate/type=logincore\actions\login.php:24

actionamem/form/validate/type=logincore\actions\login.php:27

actionamem/form/submit/type=logincore\actions\login.php:29

actionamem/user/logincore\actions\login.php:31

filteramem/form/from_post/type=logincore\actions\login.php:33

filteramem/form/button_html/type=logincore\actions\login.php:35

filteramem/error/messagescore\actions\login.php:37

actionamem/form/validate/type=passwordresetcore\actions\password-reset.php:23

actionamem/form/validate/type=passwordresetcore\actions\password-reset.php:24

actionamem/form/submit/type=passwordresetcore\actions\password-reset.php:26

actionamem/user/passwordresetcore\actions\password-reset.php:28

filteramem/form/button_html/type=passwordresetcore\actions\password-reset.php:30

actionamem/form/hidden_fields/type=passwordresetcore\actions\password-reset.php:32

filteramem/form/from_local/type=passwordresetcore\actions\password-reset.php:34

actionamem/form/validate/type=registrationcore\actions\registration.php:21

actionamem/form/submit/type=registrationcore\actions\registration.php:22

actionamem/user/registrationcore\actions\registration.php:24

filteramem/form/from_post/type=registrationcore\actions\registration.php:26

filteramem/error/messagescore\actions\registration.php:28

filteramem/form/submit/redirect/registrationcore\actions\registration.php:176

filteramem/form/args/type=accountcore\class-account.php:38

filteramem/form/acf_data/type=accountcore\class-account.php:39

actionamem/form/create_submission/precore\class-account.php:45

actioninitcore\class-blocks.php:29

actionenqueue_block_editor_assetscore\class-blocks.php:31

actionenqueue_block_assetscore\class-blocks.php:32

filterblock_categoriescore\class-blocks.php:35

filterblock_categories_allcore\class-blocks.php:37

actioninitcore\class-errors.php:44

actionacf/include_field_typescore\class-fields.php:37

filteracf/get_field_typescore\class-fields.php:39

filteracf/localized_field_categoriescore\class-fields.php:41

actionacf/register_scriptscore\class-fields.php:43

actionacf/enqueue_scriptscore\class-fields.php:45

actionsave_post_acf-field-groupcore\class-fields.php:47

actionacf/render_field_settingscore\class-fields.php:49

filteracf/get_field_labelcore\class-fields.php:50

filteracf/load_fieldcore\class-fields.php:51

actiontemplate_redirectcore\class-logout.php:21

actionamem/email/send/beforecore\class-mail.php:33

actionamem/email/send/aftercore\class-mail.php:34

filterpassword_change_emailcore\class-mail.php:36

filterwp_mail_content_typecore\class-mail.php:53

filteramem/template/merge_tagscore\class-mail.php:93

filteramem/template/merge_tags/replacecore\class-mail.php:94

actionupdate_option_amem_modulescore\class-options.php:33

actionamem/form/create_submission/precore\class-password-reset.php:34

actiontemplate_redirectcore\class-password-reset.php:36

filteramem/error/messagescore\class-password-reset.php:38

actionrest_api_initcore\class-rest.php:20

actioninitcore\class-user.php:44

actioninitcore\class-user.php:46

actionwpmu_delete_usercore\class-user.php:49

actiondelete_usercore\class-user.php:51

filteruser_row_actionscore\class-user.php:55

filterhandle_bulk_actions-userscore\class-user.php:56

actionadmin_noticescore\class-user.php:57

filteramem/template/merge_tagscore\class-user.php:244

filteramem/template/merge_tags/replacecore\class-user.php:245

actionamem/form/submissioncore\forms\actions.php:17

actionamem/form/submit/aftercore\forms\actions.php:18

actionamem/form/argscore\forms\actions.php:20

actionamem/form/validatecore\forms\actions.php:22

filteramem/merge_tags/resolvecore\forms\actions.php:24

filteramem/form/valid_formcore\forms\actions.php:26

filteramem/form/from_postcore\forms\actions.php:27

actionamem/form/to_postcore\forms\actions.php:28

filteramem/form/acf_datacore\forms\actions.php:30

filteramem/form/restrictioncore\forms\actions.php:32

actionamem/register_actionscore\forms\actions.php:34

actionamem/form/hidden_fieldscore\forms\actions.php:36

filteramem/form/submit/redirect_urlcore\forms\actions.php:38

filteramem/form/login/extra_button/urlcore\forms\actions.php:78

actionamem/form/rendercore\forms\render.php:20

filterwp_kses_allowed_htmlcore\forms\render.php:22

actioninitcore\forms\submissions.php:38

actionacf/validate_save_postcore\forms\submissions.php:41

filteracf/upload_prefiltercore\forms\submissions.php:43

filtershow_admin_barcore\modules\class-adminbar.php:24

actionamem/register_addonscore\modules\class-avatar.php:53

actionrest_api_initcore\modules\class-avatar.php:55

filteracf/upload_prefilter/type=amem_avatarcore\modules\class-avatar.php:59

filteracf/validate_attachment/type=amem_avatarcore\modules\class-avatar.php:60

filteracf/upload_prefilter/type=amem_avatarcore\modules\class-avatar.php:62

filteracf/update_value/type=amem_avatarcore\modules\class-avatar.php:64

filterget_avatar_urlcore\modules\class-avatar.php:66

filterget_avatar_datacore\modules\class-avatar.php:67

filteravatar_defaultscore\modules\class-avatar.php:68

filterupload_dircore\modules\class-avatar.php:190

filterupload_dircore\modules\class-avatar.php:568

filterjpeg_qualitycore\modules\class-avatar.php:649

actionamem/register_addonscore\modules\class-recaptcha.php:44

filteramem/fields/hidden_typescore\modules\class-recaptcha.php:46

filteramem/form/from_postcore\modules\class-recaptcha.php:48

filteramem/form/from_localcore\modules\class-recaptcha.php:49

actionamem/form/after_fieldscore\modules\class-recaptcha.php:52

actionamem/form/create_submission/beforecore\modules\class-recaptcha.php:54

actionamem/admin/enqueue_scriptscore\modules\class-recaptcha.php:58

actionamem/form/enqueue_scriptscore\modules\class-recaptcha.php:60

filteramem/form/from_postcore\modules\class-redirects.php:25

filteramem/form/from_localcore\modules\class-redirects.php:26

filteramem/redirects/logoutcore\modules\class-redirects.php:27

filteramem/form/submit/redirect/logincore\modules\class-redirects.php:29

filteramem/option/get/restriction/methodscore\modules\class-restriction.php:36

filteramem/option/get/restriction/methods/redirect_logincore\modules\class-restriction.php:44

actionadd_meta_boxescore\modules\class-restriction.php:51

actionsave_postcore\modules\class-restriction.php:53

filterthe_contentcore\modules\class-restriction.php:56

filterget_the_excerptcore\modules\class-restriction.php:58

actiontemplate_redirectcore\modules\class-restriction.php:60

actionadmin_enqueue_scriptscore\modules\class-restriction.php:66

actionedit_termcore\modules\class-restriction.php:69

filterexcerpt_morecore\modules\class-restriction.php:489

filterthe_contentcore\modules\class-restriction.php:494

filterget_the_excerptcore\modules\class-restriction.php:495

filterwp_setup_nav_menu_itemcore\modules\menu\class-items.php:25

filterwp_get_nav_menu_itemscore\modules\menu\class-items.php:27

Maintenance & Trust

Advanced Members for ACF Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 11, 2026

PHP min version7.1

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs40

Alternatives

Advanced Members for ACF Alternatives

Korea Address Field for AMem

amem-address-kr

100

Adds Korea address field to Advanced Members and ACF

0 No CVEs

POI ACF for WP

poi-acf-for-wp

Allows you to add fields to the WooCommerce Checkout and My Account pages, or display fields you setup on a Product Category, on the Archive Product p …

0 No CVEs

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

ultimate-member

Membership & community plugin with user profiles, registration & login, member directories, content restriction, user roles and much more.

200K 70 CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Font Awesome Field

advanced-custom-fields-font-awesome

Adds a new 'Font Awesome Icon' field to the popular Advanced Custom Fields plugin.

100K 1 CVE

Developer Profile

Advanced Members for ACF Developer Profile

danbilabs

3 plugins · 40 total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Members for ACF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-members/build/assets/css/frontend.css/wp-content/plugins/advanced-members/build/assets/css/editor.css/wp-content/plugins/advanced-members/build/assets/js/frontend.js/wp-content/plugins/advanced-members/build/assets/js/editor.js/wp-content/plugins/advanced-members/build/assets/js/admin.js

Script Paths

/wp-content/plugins/advanced-members/build/assets/js/frontend.js/wp-content/plugins/advanced-members/build/assets/js/editor.js/wp-content/plugins/advanced-members/build/assets/js/admin.js

Version Parameters

advanced-members/build/assets/css/frontend.css?ver=advanced-members/build/assets/css/editor.css?ver=advanced-members/build/assets/js/frontend.js?ver=advanced-members/build/assets/js/editor.js?ver=advanced-members/build/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

amem-formamem-form-wrapperamem-field-wrap

Data Attributes

data-amem-form-iddata-amem-field-id

JS Globals

AMemFrontendAMemEditor

REST Endpoints

/wp-json/advanced-members/v1/submit

Shortcode Output

[amem_form[advanced_members_form

FAQ