WP-Safety

Codeideal Open Fields Security & Risk Analysis

wordpress.org/plugins/codeideal-open-fields

A free, modern custom fields plugin for WordPress. Build field groups with a visual editor — no code required.

0 active installs v0.4.2 PHP 7.4+ WP 6.0+ Updated Feb 24, 2026
custom-fieldscustom-metafield-buildermeta-fieldspost-meta
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Codeideal Open Fields Safe to Use in 2026?

Generally Safe

Score 100/100

Codeideal Open Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The code analysis for "codeideal-open-fields" v0.4.2 indicates a generally strong security posture. The plugin exhibits good practices by utilizing prepared statements for a high percentage of its SQL queries and properly escaping the vast majority of its outputs. Furthermore, the absence of any identified dangerous functions, file operations, or external HTTP requests is a significant positive. The presence of nonce and capability checks, while not comprehensive across all potential entry points (as there are none explicitly listed), suggests an awareness of WordPress security mechanisms.

The primary concern arising from the static analysis is the complete lack of identified entry points (AJAX handlers, REST API routes, shortcodes, cron events). While this on its face seems secure, it could indicate a very limited or non-existent functionality for the plugin, or that the analysis may have missed potential entry points that are less conventional. There are no taint analysis findings, which is excellent, and the plugin has no recorded vulnerability history, suggesting a well-maintained and secure development process.

Overall, "codeideal-open-fields" v0.4.2 presents as a secure plugin based on the provided data. The strengths lie in its robust SQL and output sanitization practices and a clean vulnerability history. The potential weakness is the absence of exposed attack surface, which warrants further investigation if the plugin is expected to perform dynamic actions. However, given the available data, the risk appears low.

Vulnerabilities
None known

Codeideal Open Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Codeideal Open Fields Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
73 prepared
Unescaped Output
27
441 escaped
Nonce Checks
3
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

92% prepared79 total queries

Output Escaping

94% escaped468 total outputs
Attack Surface

Codeideal Open Fields Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 32
actionplugins_loadedcodeideal-open-fields.php:53
actionadmin_menuincludes\admin\class-cofld-admin.php:47
actionadmin_initincludes\admin\class-cofld-admin.php:48
actionadmin_enqueue_scriptsincludes\admin\class-cofld-admin.php:50
actionadd_meta_boxesincludes\admin\class-cofld-meta-box.php:58
actionsave_postincludes\admin\class-cofld-meta-box.php:59
actionadmin_enqueue_scriptsincludes\admin\class-cofld-meta-box.php:60
actionadmin_initincludes\admin\class-cofld-meta-box.php:63
actionshow_user_profileincludes\admin\class-cofld-meta-box.php:66
actionedit_user_profileincludes\admin\class-cofld-meta-box.php:67
actionuser_new_formincludes\admin\class-cofld-meta-box.php:68
actionpersonal_options_updateincludes\admin\class-cofld-meta-box.php:69
actionedit_user_profile_updateincludes\admin\class-cofld-meta-box.php:70
actionuser_registerincludes\admin\class-cofld-meta-box.php:71
actioncofld_render_field_fileincludes\admin\field-renderers\file.php:142
actioncofld_render_field_galleryincludes\admin\field-renderers\gallery.php:147
actioncofld_render_field_imageincludes\admin\field-renderers\image.php:102
actioncofld_render_field_linkincludes\admin\field-renderers\link.php:98
actioncofld_render_field_post_objectincludes\admin\field-renderers\post-object.php:103
actioncofld_render_field_taxonomyincludes\admin\field-renderers\taxonomy.php:154
actioncofld_render_field_userincludes\admin\field-renderers\user.php:103
actionadmin_noticesincludes\api\functions.php:29
actionadmin_menuincludes\api\functions.php:1061
filtercofld_options_pagesincludes\api\functions.php:1091
actioninitincludes\api\functions.php:1134
actionadmin_enqueue_scriptsincludes\class-cofld-assets.php:49
actionadmin_enqueue_scriptsincludes\class-cofld-assets.php:50
actionwp_enqueue_scriptsincludes\class-cofld-assets.php:51
actioninitincludes\class-cofld-block.php:44
actionenqueue_block_editor_assetsincludes\class-cofld-block.php:45
actionrest_api_initincludes\class-cofld-rest-api.php:54
actioninitincludes\class-cofld.php:93
Maintenance & Trust

Codeideal Open Fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads171

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Codeideal Open Fields Alternatives

Custom Field Builder – WordPress custom fields plugin

Custom Field Builder – WordPress custom fields plugin

custom-field-builder

A
85

Custom Field Builder is a powerful and lightweight developer plugin to create custom meta boxes and custom fields for WordPress.

10 No CVEs
Bulk Meta Fields Update

Bulk Meta Fields Update

bulk-meta-fields-update

A
100

Bulk update or add custom meta fields to any post type using a CSV file with security and logging features.

0 No CVEs
Pure Metafields

Pure Metafields

pure-metafields

A
100

Pure Metafields is very light weight plugin tused to create custom metabox for any post type like page, post and your custom post type support it.

10K No CVEs
Post Meta Data Manager

Post Meta Data Manager

post-meta-data-manager

B
70

View, edit, search, and manage post meta, user meta, and taxonomy meta directly from WordPress edit screens—no database access needed.

1K 1 unpatched
Ultimate Fields

Ultimate Fields

ultimate-fields

A
85

Easy and powerful custom fields management: Post Meta, Options Pages, Repeaters and many field types!

900 No CVEs
Developer Profile

Codeideal Open Fields Developer Profile

shayancode

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Codeideal Open Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/codeideal-open-fields/assets/css/admin-style.css/wp-content/plugins/codeideal-open-fields/assets/js/admin.js/wp-content/plugins/codeideal-open-fields/assets/js/vendor/axios.min.js/wp-content/plugins/codeideal-open-fields/assets/js/vendor/vue.min.js
Script Paths
/wp-content/plugins/codeideal-open-fields/assets/js/admin.js/wp-content/plugins/codeideal-open-fields/assets/js/vendor/axios.min.js/wp-content/plugins/codeideal-open-fields/assets/js/vendor/vue.min.js
Version Parameters
codeideal-open-fields/assets/css/admin-style.css?ver=codeideal-open-fields/assets/js/admin.js?ver=codeideal-open-fields/assets/js/vendor/axios.min.js?ver=codeideal-open-fields/assets/js/vendor/vue.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
cofld-admin-wrapcofld-loadingcof-loading
Data Attributes
data-field-typedata-field-keydata-field-labeldata-field-requireddata-field-value
JS Globals
window.COFLD_Adminwindow.COFLD_FieldRendererwindow.COFLD_Settingswindow.COFLD_FieldGroupwindow.axioswindow.Vue
REST Endpoints
/wp-json/codeideal-open-fields/v1/fields/wp-json/codeideal-open-fields/v1/fieldsets
FAQ

Frequently Asked Questions about Codeideal Open Fields