Does Metaly for ACF and SCF have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Metaly for ACF and SCF compatible with WordPress 6.9.4?

According to WordPress.org data, Metaly for ACF and SCF 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Metaly for ACF and SCF compatible with PHP 7.4+?

Metaly for ACF and SCF requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Metaly for ACF and SCF updated?

Metaly for ACF and SCF was last updated on Apr 15, 2026. Frequent updates are generally a positive security signal.

What is Metaly for ACF and SCF's security score?

Metaly for ACF and SCF has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Metaly for ACF and SCF Security & Risk Analysis

wordpress.org/plugins/metaly-for-acf-and-scf

Supercharge ACF/SCF with modern, production-ready field types designed for real-world content workflows.

0 active installs v1.0.0 PHP 7.4+ WP 6.6+ Updated Apr 15, 2026

acfcustom-fieldsfield-typesrest-apisecure-custom-fields

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Metaly for ACF and SCF Safe to Use in 2026?

Generally Safe

Score 100/100

Metaly for ACF and SCF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "metaly-for-acf-and-scf" plugin v1.0.0 exhibits a concerning security posture primarily due to its unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as 100% proper output escaping and the use of prepared statements for SQL queries, the presence of three AJAX handlers without any authentication checks represents a significant entry point for potential attacks. This lack of authorization could allow unauthenticated users to trigger arbitrary actions within the plugin, leading to various security issues depending on the functionality exposed. The absence of known CVEs and successful taint analysis for critical or high vulnerabilities is a positive sign, suggesting that the core code might be relatively clean or that the specific functionality doesn't lend itself to common exploitation patterns. However, this does not negate the immediate risk posed by the unprotected AJAX endpoints. The plugin's vulnerability history being clean is reassuring, but it's important to remember that new vulnerabilities can emerge, especially with the identified attack surface.

Key Concerns

3 unprotected AJAX handlers

Vulnerabilities

None known

Metaly for ACF and SCF Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Metaly for ACF and SCF Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Metaly for ACF and SCF Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

422 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

Output Escaping

100% escaped422 total outputs

Attack Surface

3 unprotected

Metaly for ACF and SCF Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_metaly_sku_lookup_searchincludes/class-metaly.php:165

authwp_ajax_metaly_sku_lookup_getincludes/class-metaly.php:166

authwp_ajax_metaly_button_field_runincludes/class-metaly.php:167

WordPress Hooks 5

actionadmin_enqueue_scriptsincludes/class-metaly.php:158

actionadmin_enqueue_scriptsincludes/class-metaly.php:159

actionacf/include_field_typesincludes/class-metaly.php:161

actionwp_enqueue_scriptsincludes/class-metaly.php:183

actionwp_enqueue_scriptsincludes/class-metaly.php:184

Maintenance & Trust

Metaly for ACF and SCF Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 15, 2026

PHP min version7.4

Downloads19

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Metaly for ACF and SCF Alternatives

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

Sekura REST Bridge for ACF

sekura-rest-bridge-for-acf

100

Expose Advanced Custom Fields in the WordPress REST API with proper access control.

10 No CVEs

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 10 CVEs

ACF Content Analysis for Yoast SEO

acf-content-analysis-for-yoast-seo

100

WordPress plugin that adds the content of all ACF fields to the Yoast SEO score analysis.

100K No CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 5 CVEs

Developer Profile

Metaly for ACF and SCF Developer Profile

racmanuel.dev

8 plugins · 190 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Metaly for ACF and SCF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/metaly-for-acf-and-scf/admin/css/metaly-admin.css/wp-content/plugins/metaly-for-acf-and-scf/admin/js/metaly-admin.js

Script Paths

admin/js/metaly-admin.js

Version Parameters

metaly-admin.css?ver=metaly-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

+13 more

Data Attributes

data-address-fielddata-html-fielddata-qr-code-fielddata-code-scan-fielddata-likert-scale-fielddata-signature-field+11 more

JS Globals

metaly_fs

FAQ