CT Divi ACF Object Loop Security & Risk Analysis

wordpress.org/plugins/ct-divi-acf-object-loop

Add a new module to the Divi collection to show ACF Post Object or Relationship field info in a grid.

100 active installs v1.0.8 PHP 7.4+ WP 6.0+ Updated Apr 10, 2025
acfdivipost-objectrelationship
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is CT Divi ACF Object Loop Safe to Use in 2026?

Generally Safe

Score 92/100

CT Divi ACF Object Loop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "ct-divi-acf-object-loop" plugin v1.0.8 exhibits a strong security posture based on the static analysis and vulnerability history provided. The code adheres to several best practices, including the complete absence of dangerous functions, SQL queries using prepared statements, properly escaped output, and the presence of a nonce check. Furthermore, the plugin has no recorded vulnerabilities, indicating a history of secure development or diligent patching by its maintainers.

While the static analysis reveals a single AJAX handler, it is notably "unprotected" in terms of explicit capability checks, which represents a potential area of concern. However, the fact that there are zero AJAX handlers without auth checks suggests that this single handler may be secured by default WordPress mechanisms or is intended for public access. The absence of taint analysis findings, file operations, and external HTTP requests further bolsters confidence in its current security. The plugin's strength lies in its clean code and lack of historical vulnerabilities. The primary weakness is the absence of explicit capability checks on the identified AJAX handler, which warrants careful consideration.

Key Concerns

  • AJAX handler without explicit capability checks
Vulnerabilities
None known

CT Divi ACF Object Loop Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CT Divi ACF Object Loop Release Timeline

v1.0.8Current
v1.0.7
v1.0.6
v1.0.5
Code Analysis
Analyzed Mar 16, 2026

CT Divi ACF Object Loop Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
8 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped8 total outputs
Attack Surface

CT Divi ACF Object Loop Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ctaol_get_acf_post_object_datamodules\Utils.php:14
WordPress Hooks 8
actioninitmodules\ACFObjectLoop\ACFObjectLoop.php:21
filterdivi_frontend_assets_dynamic_assets_late_global_assets_listmodules\ACFObjectLoop\ACFObjectLoopTrait\RenderCallbackTrait.php:53
actioninitmodules\Modules.php:13
actiondivi_module_library_modules_dependency_treemodules\Modules.php:23
actionwp_enqueue_scriptsmodules\Utils.php:11
actiondivi_visual_builder_assets_before_enqueue_scriptsmodules\Utils.php:12
filteret_builder_load_actionsmodules\Utils.php:13
actiondivi_extensions_initmodules\Utils.php:15
Maintenance & Trust

CT Divi ACF Object Loop Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedApr 10, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Developer Profile

CT Divi ACF Object Loop Developer Profile

Divi Coding

2 plugins · 300 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CT Divi ACF Object Loop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ct-divi-acf-object-loop/scripts/frontend.js/wp-content/plugins/ct-divi-acf-object-loop/styles/bundle.css/wp-content/plugins/ct-divi-acf-object-loop/scripts/bundle.js/wp-content/plugins/ct-divi-acf-object-loop/styles/vb-bundle.css/wp-content/plugins/ct-divi-acf-object-loop/scripts/frontend-bundle.min.js/wp-content/plugins/ct-divi-acf-object-loop/styles/backend-style.min.css/wp-content/plugins/ct-divi-acf-object-loop/scripts/builder-bundle.min.js/wp-content/plugins/ct-divi-acf-object-loop/styles/style-dbp.min.css+1 more
Script Paths
/wp-content/plugins/ct-divi-acf-object-loop/scripts/frontend.js/wp-content/plugins/ct-divi-acf-object-loop/scripts/bundle.js/wp-content/plugins/ct-divi-acf-object-loop/scripts/frontend-bundle.min.js/wp-content/plugins/ct-divi-acf-object-loop/scripts/builder-bundle.min.js
Version Parameters
ct-divi-acf-object-loop/scripts/frontend.js?ver=ct-divi-acf-object-loop/styles/bundle.css?ver=ct-divi-acf-object-loop/scripts/bundle.js?ver=ct-divi-acf-object-loop/styles/vb-bundle.css?ver=ct-divi-acf-object-loop/scripts/frontend-bundle.min.js?ver=ct-divi-acf-object-loop/styles/backend-style.min.css?ver=ct-divi-acf-object-loop/scripts/builder-bundle.min.js?ver=ct-divi-acf-object-loop/styles/style-dbp.min.css?ver=ct-divi-acf-object-loop/styles/style.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
ctaol-post-term
Data Attributes
data-ctaol-nonce
JS Globals
window.ctaol_get_acf_post_object_data
REST Endpoints
/wp-json/ctaol/v1/get_acf_post_object_data
FAQ

Frequently Asked Questions about CT Divi ACF Object Loop