Does Custom field finder have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom field finder have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom field finder compatible with WordPress 6.9.4?

According to WordPress.org data, Custom field finder 0.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Custom field finder updated?

Custom field finder was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Custom field finder's security score?

Custom field finder has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom field finder Security & Risk Analysis

wordpress.org/plugins/custom-field-finder

Allows you to easily find the custom fields (including hidden custom fields) and their values for a post, page or custom post type post.

2K active installs v0.4 PHP + WP 6.7+ Updated Dec 1, 2025

custom-fields

A · Safe

CVEs total1

Unpatched0

Last CVEApr 25, 2024

Plugin page Download

Safety Verdict

Is Custom field finder Safe to Use in 2026?

Generally Safe

Score 98/100

Custom field finder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 25, 2024Updated 4mo ago

Risk Assessment

The plugin 'custom-field-finder' v0.4 exhibits a mixed security posture. On the positive side, the static analysis reveals a very limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries are correctly implemented using prepared statements, and there are no file operations or external HTTP requests, which are common vectors for exploitation. The presence of a nonce check and the absence of dangerous functions are also good signs.

However, a significant concern arises from the output escaping. With 18 total outputs, only 33% are properly escaped, indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This lack of proper output sanitization can allow malicious code to be injected and executed within the browser of users interacting with the plugin's output.

The vulnerability history shows a past high-severity vulnerability related to 'Deserialization of Untrusted Data,' with the last known vulnerability being recent. While currently unpatched vulnerabilities are zero, this history suggests a pattern of introducing significant security flaws. The combination of a lack of robust output escaping and a history of critical vulnerability types warrants careful attention, despite the otherwise minimal attack surface.

Key Concerns

Insufficient output escaping (33% properly escaped)
Past high-severity vulnerability (Deserialization)

Vulnerabilities

Custom field finder Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2024-33641high · 8.8Deserialization of Untrusted Data

Custom field finder <= 0.3 - Authenticated (Author+) PHP Object Injection

Apr 25, 2024 Patched in 0.4 (7d)

Code Analysis

Analyzed Mar 16, 2026

Custom field finder Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

33% escaped18 total outputs

Attack Surface

Custom field finder Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menucff.php:24

Maintenance & Trust

Custom field finder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version

Downloads24K

Community Trust

Rating100/100

Number of ratings5

Active installs2K

Alternatives

Custom field finder Alternatives

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Checkout Field Editor (Checkout Manager) for WooCommerce

woo-checkout-field-editor-pro

Checkout Field Editor (Checkout Manager) for WooCommerce – The best WooCommerce checkout manager plugin to manage WooCommerce checkout fields.

500K 3 CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 4 CVEs

Developer Profile

Custom field finder Developer Profile

Yoast

7 plugins · 14.2M total installs

trust score

Avg Security Score

93/100

Avg Patch Time

1884 days

View full developer profile

Detection Fingerprints

How We Detect Custom field finder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

cffoutputkeyvalue

Data Attributes

for="post_id"name="post_id"id="post_id"name="_wpnonce"

FAQ