Does Modern Fields • Custom Fields for Gutenberg have any unpatched vulnerabilities?

No. All known vulnerabilities in Modern Fields • Custom Fields for Gutenberg have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Modern Fields • Custom Fields for Gutenberg compatible with WordPress 6.9.4?

According to WordPress.org data, Modern Fields • Custom Fields for Gutenberg 0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Modern Fields • Custom Fields for Gutenberg compatible with PHP 8.1+?

Modern Fields • Custom Fields for Gutenberg requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Modern Fields • Custom Fields for Gutenberg updated?

Modern Fields • Custom Fields for Gutenberg was last updated on Mar 4, 2026. Frequent updates are generally a positive security signal.

What is Modern Fields • Custom Fields for Gutenberg's security score?

Modern Fields • Custom Fields for Gutenberg has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Modern Fields • Custom Fields for Gutenberg Security & Risk Analysis

wordpress.org/plugins/modern-fields

Custom Fields, options pages and metaboxes for the block Editor to improve your full site editing experience.

0 active installs v0.7 PHP 8.1+ WP 6.8+ Updated Mar 4, 2026

acfblock-bindingscustom-fieldsmetaboxoptions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Modern Fields • Custom Fields for Gutenberg Safe to Use in 2026?

Generally Safe

Score 100/100

Modern Fields • Custom Fields for Gutenberg has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The static analysis of "modern-fields" v0.7 reveals a generally strong security posture with several good practices in place. Notably, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of secure development or diligent patching. The absence of external HTTP requests and the overwhelming majority of SQL queries using prepared statements are positive indicators. Furthermore, the plugin exhibits a high percentage of properly escaped output, which is crucial for preventing cross-site scripting (XSS) vulnerabilities. The presence of nonce and capability checks on some entry points is also a positive sign.

However, the presence of 10 'Dangerous functions' specifically identified as 'unserialize' is a significant concern. While the attack surface appears to be zero in terms of AJAX handlers, REST API routes, shortcodes, and cron events, the 'unserialize' function itself is a known vector for deserialization vulnerabilities if used with untrusted input. The lack of taint analysis results in this report (0 flows analyzed) makes it impossible to confirm if 'unserialize' is being used in a vulnerable manner, but its mere presence warrants caution. The limited number of non-protected entry points is excellent, but the overall count of entry points is also zero, which could be an artifact of the analysis or indicate a very limited plugin functionality. The lack of bundled libraries is a positive, as it avoids risks associated with outdated third-party code.

In conclusion, while "modern-fields" v0.7 demonstrates good security hygiene in many areas, the presence of the 'unserialize' function without further analysis of its usage creates a potential risk. The zero recorded CVEs and generally good practices are strengths, but the potential for deserialization vulnerabilities due to 'unserialize' is a weakness that requires further investigation. Without more detailed taint analysis or context on how 'unserialize' is implemented, a definitive risk assessment is challenging, but the potential for a severe vulnerability exists.

Key Concerns

Dangerous function 'unserialize' found
Taint analysis did not find vulnerable flows
All SQL queries use prepared statements
High percentage of output escaping
Nonce checks present
Capability checks present
No external HTTP requests
No bundled libraries
No recorded CVEs

Vulnerabilities

None known

Modern Fields • Custom Fields for Gutenberg Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Modern Fields • Custom Fields for Gutenberg Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$meta = unserialize($content);vendor-prefixed\symfony\config\ResourceCheckerConfigCache.php:167

unserialize$definition = unserialize(serialize($definition)); // deep clonevendor-prefixed\symfony\dependency-injection\Compiler\ResolveDecoratorStackPass.php:103

unserialize$definition = unserialize($definition);vendor-prefixed\symfony\dependency-injection\Compiler\ResolveInstanceofConditionalsPass.php:122

unserialize$definition->setBindings(unserialize(serialize($defaults->getBindings())));vendor-prefixed\symfony\dependency-injection\Loader\Configurator\PrototypeConfigurator.php:49

unserialize$definition->setBindings(unserialize(serialize($defaults->getBindings())));vendor-prefixed\symfony\dependency-injection\Loader\Configurator\ServicesConfigurator.php:91

unserialize$definition = unserialize($definition);vendor-prefixed\symfony\dependency-injection\Loader\Configurator\Traits\ParentTrait.php:39

unserialize$this->setDefinition($class, $definition = unserialize($serializedPrototype));vendor-prefixed\symfony\dependency-injection\Loader\FileLoader.php:127

unserialize$bindings = array_merge(unserialize(serialize($defaults->getBindings())), $bindings);vendor-prefixed\symfony\dependency-injection\Loader\XmlFileLoader.php:370

unserialize$bindings += isset($defaults['bind']) ? unserialize(serialize($defaults['bind'])) : [];vendor-prefixed\symfony\dependency-injection\Loader\YamlFileLoader.php:659

unserialize$reproducibleEntropy = unserialize(serialize($this->parameters));vendor-prefixed\symfony\dependency-injection\ParameterBag\EnvPlaceholderParameterBag.php:70

SQL Query Safety

100% prepared7 total queries

Output Escaping

92% escaped36 total outputs

Attack Surface

Modern Fields • Custom Fields for Gutenberg Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 53

actioninitincludes\FieldGroups\Hooks\BindingSources.php:30

actioninitincludes\FieldGroups\Hooks\FieldGroupsPostType.php:31

actionadmin_menuincludes\FieldGroups\Hooks\FieldGroupsPostType.php:32

actionadmin_menuincludes\FieldGroups\Hooks\FieldGroupsPostType.php:33

actioninitincludes\FieldGroups\Hooks\FieldGroupsPostType.php:34

actionadmin_enqueue_scriptsincludes\FieldGroups\Hooks\FieldGroupsPostType.php:35

actionadmin_enqueue_scriptsincludes\FieldGroups\Hooks\FieldGroupsPostType.php:36

actionenqueue_block_editor_assetsincludes\FieldGroups\Hooks\FieldGroupsPostType.php:37

actionadd_meta_boxesincludes\FieldGroups\Hooks\FieldGroupsPostType.php:38

filterwp_theme_json_data_themeincludes\FieldGroups\Hooks\FieldGroupsPostType.php:39

actionload-edit.phpincludes\FieldGroups\Hooks\FieldGroupsPostType.php:40

actioninitincludes\FieldGroups\Hooks\FieldPostType.php:28

actioninitincludes\FieldGroups\Hooks\FieldPostType.php:29

actioninitincludes\FieldGroups\Hooks\RegisterMetas.php:30

actionrest_api_initincludes\FieldGroups\Hooks\RegisterMetas.php:31

actionsave_postincludes\FieldGroups\Hooks\SaveGroup.php:31

actioninitincludes\FieldGroups\Hooks\SaveGroup.php:32

actionadmin_initincludes\FieldGroups\Locations\Hooks\MediaLocation.php:40

actionadd_meta_boxesincludes\FieldGroups\Locations\Hooks\MediaLocation.php:41

actionadmin_enqueue_scriptsincludes\FieldGroups\Locations\Hooks\MediaLocation.php:42

actionedit_attachmentincludes\FieldGroups\Locations\Hooks\MediaLocation.php:43

filterwp_theme_json_data_defaultincludes\FieldGroups\Locations\Hooks\MediaLocation.php:44

actionadmin_menuincludes\FieldGroups\Locations\Hooks\OptionsLocation.php:38

actionadmin_enqueue_scriptsincludes\FieldGroups\Locations\Hooks\OptionsLocation.php:39

actionrest_api_initincludes\FieldGroups\Locations\Hooks\OptionsLocation.php:40

filterwp_theme_json_data_defaultincludes\FieldGroups\Locations\Hooks\OptionsLocation.php:41

actionadd_meta_boxesincludes\FieldGroups\Locations\Hooks\PostLocation.php:40

actionadmin_enqueue_scriptsincludes\FieldGroups\Locations\Hooks\PostLocation.php:41

filterwp_theme_json_data_defaultincludes\FieldGroups\Locations\Hooks\PostLocation.php:42

actionadmin_enqueue_scriptsincludes\FieldGroups\Locations\Hooks\TermLocation.php:39

actioninitincludes\FieldGroups\Locations\Hooks\TermLocation.php:40

actionedited_termincludes\FieldGroups\Locations\Hooks\TermLocation.php:41

actioncreated_termincludes\FieldGroups\Locations\Hooks\TermLocation.php:42

filterwp_theme_json_data_defaultincludes\FieldGroups\Locations\Hooks\TermLocation.php:43

actionadmin_enqueue_scriptsincludes\FieldGroups\Locations\Hooks\UserLocation.php:40

actionshow_user_profileincludes\FieldGroups\Locations\Hooks\UserLocation.php:41

actionedit_user_profileincludes\FieldGroups\Locations\Hooks\UserLocation.php:42

actionuser_new_formincludes\FieldGroups\Locations\Hooks\UserLocation.php:43

actionpersonal_options_updateincludes\FieldGroups\Locations\Hooks\UserLocation.php:44

actionedit_user_profile_updateincludes\FieldGroups\Locations\Hooks\UserLocation.php:45

actionuser_registerincludes\FieldGroups\Locations\Hooks\UserLocation.php:46

filterwp_theme_json_data_defaultincludes\FieldGroups\Locations\Hooks\UserLocation.php:47

actionadmin_menuincludes\Settings\Hooks\Settings.php:43

actionrest_api_initincludes\Settings\Hooks\Settings.php:44

actionadmin_enqueue_scriptsincludes\Settings\Hooks\Settings.php:45

filterwp_theme_json_data_defaultincludes\Settings\Hooks\Settings.php:46

actionrest_api_initincludes\WordPress\Endpoints\Hooks\PostTypes.php:33

actionrest_api_initincludes\WordPress\Endpoints\Hooks\Roles.php:28

actioninitincludes\WordPress\Hooks\Blocks.php:33

filterblock_categories_allincludes\WordPress\Hooks\Blocks.php:34

filterallowed_block_types_allincludes\WordPress\Hooks\Blocks.php:35

actionenqueue_block_editor_assetsincludes\WordPress\Hooks\EditorScripts.php:23

filteradmin_footer_textincludes\WordPress\Hooks\Signature.php:29

Maintenance & Trust

Modern Fields • Custom Fields for Gutenberg Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version8.1

Downloads348

Community Trust

Rating100/100

Number of ratings7

Active installs0

Alternatives

Modern Fields • Custom Fields for Gutenberg Alternatives

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Advanced Custom Fields : CPT Options Pages

acf-cpt-options-pages

Small addon for ACF Options. Adds ACF location for each custom post type. New feature in the major version 2! Important! After update to v2+ you must …

2K 1 unpatched

Advanced Custom Fields: Accordion Tab Field

acf-accordion

An accordion field that lets you group multiple fields under accordion tabs. This makes a long ACF form break down with style.

900 No CVEs

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs

CMB2

cmb2

CMB2 is a metabox, custom fields, and forms library for WordPress that will blow your mind.

300K 1 CVE

Developer Profile

Modern Fields • Custom Fields for Gutenberg Developer Profile

maximebj

3 plugins · 110 total installs

trust score

Avg Security Score

90/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Modern Fields • Custom Fields for Gutenberg

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/modern-fields/assets/css/main.css/wp-content/plugins/modern-fields/assets/js/main.js/wp-content/plugins/modern-fields/assets/js/admin.js/wp-content/plugins/modern-fields/assets/css/admin.css

Script Paths

/wp-content/plugins/modern-fields/assets/js/main.js/wp-content/plugins/modern-fields/assets/js/admin.js

Version Parameters

modern-fields/assets/css/main.css?ver=modern-fields/assets/js/main.js?ver=modern-fields/assets/js/admin.js?ver=modern-fields/assets/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

mf-post-list-root

Data Attributes

data-mf-post-typedata-mf-field-groupdata-mf-rest-base

JS Globals

ModernFields

REST Endpoints

/wp-json/modern-fields/v1/field-groups/wp-json/modern-fields/v1/fields

FAQ