Does Opal Estate Custom Fields have any unpatched vulnerabilities?

No. All known vulnerabilities in Opal Estate Custom Fields have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Opal Estate Custom Fields compatible with WordPress 5.2.24?

According to WordPress.org data, Opal Estate Custom Fields 1.0.5 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Opal Estate Custom Fields compatible with PHP 5.6+?

Opal Estate Custom Fields requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Opal Estate Custom Fields updated?

Opal Estate Custom Fields was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Opal Estate Custom Fields's security score?

Opal Estate Custom Fields has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Opal Estate Custom Fields Security & Risk Analysis

wordpress.org/plugins/opal-estate-custom-fields

Create custom fields for Opal Estate Pro plugin. This plugin allows you control and manage fields and used for searchable.

50 active installs v1.0.5 PHP 5.6+ WP 4.9+ Updated Unknown

estateopal-estate-custom-fieldsopalestate_addon

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Opal Estate Custom Fields Safe to Use in 2026?

Generally Safe

Score 100/100

Opal Estate Custom Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "opal-estate-custom-fields" plugin v1.0.5 exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, the presence of six AJAX handlers without any authentication or authorization checks presents a critical attack vector. This means that any unauthenticated user could potentially interact with these handlers and trigger unintended actions, leading to various security risks depending on the functionality they expose. The absence of known CVEs and taint analysis findings is positive, suggesting a lack of publicly disclosed vulnerabilities and a clean codebase in those specific areas. However, this does not mitigate the immediate risk posed by the unprotected AJAX endpoints. The plugin's vulnerability history is clean, which is a strength, but it does not excuse the current exploitable design flaws. In conclusion, while the plugin uses secure coding practices for database interactions and output, the significant number of unprotected AJAX entry points creates a substantial risk that outweighs these positives. Remediation of these unprotected handlers should be a top priority.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without auth checks
AJAX handlers without auth checks
AJAX handlers without auth checks
AJAX handlers without auth checks
AJAX handlers without auth checks

Vulnerabilities

None known

Opal Estate Custom Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Opal Estate Custom Fields Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

82 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped88 total outputs

Attack Surface

6 unprotected

Opal Estate Custom Fields Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_creator_custom_typeinc\Admin\Ajax.php:13

noprivwp_ajax_creator_custom_typeinc\Admin\Ajax.php:14

authwp_ajax_create_option_selectinc\Admin\Ajax.php:15

noprivwp_ajax_create_option_selectinc\Admin\Ajax.php:16

authwp_ajax_setting_searchinc\Admin\Settings.php:14

noprivwp_ajax_setting_searchinc\Admin\Settings.php:15

WordPress Hooks 14

actionadmin_initinc\Admin\Admin.php:10

actionadmin_menuinc\Admin\Admin.php:11

filteropalestate_postype_property_metaboxes_fields_infoinc\Admin\Metaboxes.php:18

filteropalestate_metaboxes_public_info_fieldsinc\Admin\Metaboxes.php:19

filteropalestate_property_meta_iconinc\Admin\Metaboxes.php:20

filteropalestate_settings_tabsinc\Admin\Settings.php:9

filteropalestate_registered_short_meta_settingsinc\Admin\Settings.php:11

filteropalestate_registered_searcharea_settingsinc\Admin\Settings.php:12

filteropalestate_search_select_type_optionsinc\Handler.php:9

actionplugins_loadedinc\Plugin.php:37

actionadmin_noticesopal-estate-custom-fields.php:41

actionadmin_noticesopal-estate-custom-fields.php:63

actionplugins_loadedopal-estate-custom-fields.php:96

actionadmin_noticesopal-estate-custom-fields.php:103

Maintenance & Trust

Opal Estate Custom Fields Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedUnknown

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Opal Estate Custom Fields Alternatives

Opal Estate Packages

opal-estate-packages

100

Opal Estate Packages Plugin for WordPress websites with the best services and awesome features.

10 No CVEs

Estatik Real Estate Plugin

estatik

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K 2 unpatched

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

wpvr

Create stunning 360 virtual tours to impress visitors and get more clients using WPVR - the easiest virtual tour creator in WordPress.

10K 14 CVEs

Essential Real Estate

essential-real-estate

Completely plugins Real Estate. Management system which allows you to own and maintain a real estate marketplace, intro website.

8K 3 unpatched

Optima Express IDX

optima-express

100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE

Developer Profile

Opal Estate Custom Fields Developer Profile

wpopal

19 plugins · 3K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

50 days

View full developer profile

Detection Fingerprints

How We Detect Opal Estate Custom Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/opal-estate-custom-fields/inc/frontend/js/main.js/wp-content/plugins/opal-estate-custom-fields/inc/frontend/css/main.css

Script Paths

/wp-content/plugins/opal-estate-custom-fields/inc/frontend/js/main.js

Version Parameters

opal-estate-custom-fields/inc/frontend/js/main.js?ver=opal-estate-custom-fields/inc/frontend/css/main.css?ver=

HTML / DOM Fingerprints

CSS Classes

opal-custom-field-wrapopal-estate-cf-rowopal-estate-cf-field-groupopal-estate-cf-field-contentopal-estate-cf-field-labelopal-estate-cf-field-inputopal-estate-cf-field-descopal-estate-cf-field-icon+10 more

Data Attributes

data-field-iddata-field-typedata-field-requireddata-field-default

JS Globals

opalestate_cf_params

FAQ