Does Secure Custom Fields have any unpatched vulnerabilities?

No. All known vulnerabilities in Secure Custom Fields have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Secure Custom Fields compatible with WordPress 6.9.4?

According to WordPress.org data, Secure Custom Fields 6.8.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Secure Custom Fields compatible with PHP 7.4+?

Secure Custom Fields requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Secure Custom Fields updated?

Secure Custom Fields was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Secure Custom Fields's security score?

Secure Custom Fields has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Secure Custom Fields Security & Risk Analysis

wordpress.org/plugins/secure-custom-fields

Secure Custom Fields boosts content management with custom fields and options. It deactivates Advanced Custom Fields to prevent duplicate code errors.

60K active installs v6.8.1 PHP 7.4+ WP 6.2+ Updated Mar 10, 2026

custom-fieldsfieldsmetascf

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Secure Custom Fields Safe to Use in 2026?

Generally Safe

Score 100/100

Secure Custom Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 23d ago

Risk Assessment

The secure-custom-fields plugin exhibits a mixed security posture. On the positive side, it demonstrates strong practices with 100% of SQL queries utilizing prepared statements and a high percentage of output escaping. The absence of known CVEs and a clean vulnerability history is a significant strength, suggesting a generally well-maintained codebase.

However, there are notable areas of concern. The plugin exposes a substantial attack surface with 33 AJAX handlers, 17 of which lack authentication checks. This represents a significant risk, as unauthenticated users could potentially trigger these handlers and cause unintended actions or expose sensitive information. Furthermore, the presence of the `unserialize` function, while not explicitly shown to be vulnerable in the taint analysis, is inherently dangerous when handling user-supplied data and warrants careful scrutiny. The taint analysis itself, while showing no critical or high severity flows, did identify flows with unsanitized paths, which could lead to issues if not properly handled within the AJAX endpoints.

Overall, the plugin has a solid foundation in secure coding practices for database interactions and output handling. Nevertheless, the significant number of unprotected AJAX endpoints is a critical weakness that could be exploited. Addressing these unauthenticated entry points should be the highest priority to improve the plugin's security.

Key Concerns

17 unprotected AJAX handlers
Presence of unserialize function
Flows with unsanitized paths
Bundled outdated Select2 library

Vulnerabilities

None known

Secure Custom Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Secure Custom Fields Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

151

541 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn @unserialize( trim( $data ), array( 'allowed_classes' => false ) ); //phpcs:ignore -- allowedincludes\acf-helper-functions.php:607

Bundled Libraries

Select23.5.2TinyMCE

SQL Query Safety

100% prepared26 total queries

Output Escaping

78% escaped692 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths

submit (includes\admin\tools\class-acf-admin-tool-import.php:145)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

17 unprotected

Secure Custom Fields Attack Surface

Entry Points34

Unprotected17

AJAX Handlers 33

authwp_ajax_acf/link_field_groupsincludes\admin\admin-internal-post-type.php:47

authwp_ajax_acf/field_group/render_field_settingsincludes\admin\post-types\admin-field-group.php:44

authwp_ajax_acf/field_group/render_location_ruleincludes\admin\post-types\admin-field-group.php:45

authwp_ajax_acf/field_group/move_fieldincludes\admin\post-types\admin-field-group.php:46

authwp_ajax_acf/create_options_pageincludes\admin\post-types\class-acf-admin-ui-options-page.php:37

authwp_ajax_acf/fields/clone/queryincludes\fields\class-acf-field-clone.php:68

authwp_ajax_acf/fields/flexible_content/layout_titleincludes\fields\class-acf-field-flexible-content.php:59

noprivwp_ajax_acf/fields/flexible_content/layout_titleincludes\fields\class-acf-field-flexible-content.php:60

authwp_ajax_acf/fields/gallery/get_attachmentincludes\fields\class-acf-field-gallery.php:54

noprivwp_ajax_acf/fields/gallery/get_attachmentincludes\fields\class-acf-field-gallery.php:55

authwp_ajax_acf/fields/gallery/update_attachmentincludes\fields\class-acf-field-gallery.php:57

noprivwp_ajax_acf/fields/gallery/update_attachmentincludes\fields\class-acf-field-gallery.php:58

authwp_ajax_acf/fields/gallery/get_sort_orderincludes\fields\class-acf-field-gallery.php:60

noprivwp_ajax_acf/fields/gallery/get_sort_orderincludes\fields\class-acf-field-gallery.php:61

authwp_ajax_acf/fields/oembed/searchincludes\fields\class-acf-field-oembed.php:51

noprivwp_ajax_acf/fields/oembed/searchincludes\fields\class-acf-field-oembed.php:52

authwp_ajax_acf/fields/page_link/queryincludes\fields\class-acf-field-page_link.php:37

noprivwp_ajax_acf/fields/page_link/queryincludes\fields\class-acf-field-page_link.php:38

authwp_ajax_acf/fields/post_object/queryincludes\fields\class-acf-field-post_object.php:33

noprivwp_ajax_acf/fields/post_object/queryincludes\fields\class-acf-field-post_object.php:34

authwp_ajax_acf/fields/relationship/queryincludes\fields\class-acf-field-relationship.php:37

noprivwp_ajax_acf/fields/relationship/queryincludes\fields\class-acf-field-relationship.php:38

authwp_ajax_acf/ajax/query_repeaterincludes\fields\class-acf-field-repeater.php:62

authwp_ajax_acf/fields/select/queryincludes\fields\class-acf-field-select.php:43

noprivwp_ajax_acf/fields/select/queryincludes\fields\class-acf-field-select.php:44

authwp_ajax_acf/fields/taxonomy/queryincludes\fields\class-acf-field-taxonomy.php:44

noprivwp_ajax_acf/fields/taxonomy/queryincludes\fields\class-acf-field-taxonomy.php:45

authwp_ajax_acf/fields/taxonomy/add_termincludes\fields\class-acf-field-taxonomy.php:46

authwp_ajax_acf/fields/user/queryincludes\fields\class-acf-field-user.php:40

noprivwp_ajax_acf/fields/user/queryincludes\fields\class-acf-field-user.php:41

authwp_ajax_query-attachmentsincludes\media.php:31

authwp_ajax_acf/validate_save_postincludes\validation.php:31

noprivwp_ajax_acf/validate_save_postincludes\validation.php:32

Shortcodes 1

[acf] includes\api\api-template.php:1127

WordPress Hooks 337

actionplugins_loadedincludes\abilities\class-scf-abilities-integration.php:29

actionwp_abilities_api_categories_initincludes\abilities\class-scf-field-abilities.php:64

actionwp_abilities_api_initincludes\abilities\class-scf-field-abilities.php:65

actionwp_abilities_api_categories_initincludes\abilities\class-scf-internal-post-type-abilities.php:74

actionwp_abilities_api_initincludes\abilities\class-scf-internal-post-type-abilities.php:75

filteracf/fields/select/query/key=_acf_bidirectional_targetincludes\acf-bidirectional-functions.php:206

filteracf/validate_fieldincludes\acf-field-functions.php:334

filterwp_unique_post_slugincludes\acf-field-functions.php:1107

actionwp_untrash_post_statusincludes\acf-field-functions.php:1272

actionacf/save_postincludes\acf-form-functions.php:170

filterwp_kses_allowed_htmlincludes\acf-input-functions.php:105

actionswitch_blogincludes\acf-utility-functions.php:104

actionacf/get_invalid_field_valueincludes\acf-value-functions.php:396

actionadmin_enqueue_scriptsincludes\admin\admin-commands.php:82

actioncurrent_screenincludes\admin\admin-internal-post-type-list.php:83

actiontrashed_postincludes\admin\admin-internal-post-type-list.php:86

actionuntrashed_postincludes\admin\admin-internal-post-type-list.php:87

actiondeleted_postincludes\admin\admin-internal-post-type-list.php:88

actionadmin_enqueue_scriptsincludes\admin\admin-internal-post-type-list.php:155

filteradmin_body_classincludes\admin\admin-internal-post-type-list.php:156

filterdisplay_post_statesincludes\admin\admin-internal-post-type-list.php:160

actionadmin_footerincludes\admin\admin-internal-post-type-list.php:162

filterpage_row_actionsincludes\admin\admin-internal-post-type-list.php:165

actionadmin_footerincludes\admin\admin-internal-post-type-list.php:170

actioncurrent_screenincludes\admin\admin-internal-post-type.php:45

filteruse_block_editor_for_post_typeincludes\admin\admin-internal-post-type.php:48

filteradmin_body_classincludes\admin\admin-internal-post-type.php:93

filterpost_updated_messagesincludes\admin\admin-internal-post-type.php:94

actionacf/input/admin_enqueue_scriptsincludes\admin\admin-internal-post-type.php:95

actionacf/input/admin_headincludes\admin\admin-internal-post-type.php:96

actionacf/input/form_dataincludes\admin\admin-internal-post-type.php:97

actionacf/input/admin_footerincludes\admin\admin-internal-post-type.php:98

filteracf/input/admin_l10nincludes\admin\admin-internal-post-type.php:100

actionadmin_noticesincludes\admin\admin-notices.php:123

actionadmin_menuincludes\admin\admin-tools.php:42

filteradmin_body_classincludes\admin\admin-tools.php:124

actionadmin_menuincludes\admin\admin-upgrade.php:44

actionnetwork_admin_menuincludes\admin\admin-upgrade.php:46

actionadmin_noticesincludes\admin\admin-upgrade.php:66

actionnetwork_admin_noticesincludes\admin\admin-upgrade.php:96

actionswitch_blogincludes\admin\admin-upgrade.php:153

filteradmin_body_classincludes\admin\admin-upgrade.php:177

filteradmin_body_classincludes\admin\admin-upgrade.php:198

actionadmin_menuincludes\admin\admin.php:18

actionadmin_enqueue_scriptsincludes\admin\admin.php:19

filteradmin_body_classincludes\admin\admin.php:20

actioncurrent_screenincludes\admin\admin.php:21

actionadmin_noticesincludes\admin\admin.php:22

actionadmin_noticesincludes\admin\admin.php:23

actionadmin_initincludes\admin\admin.php:24

actionadmin_initincludes\admin\admin.php:25

filterparent_fileincludes\admin\admin.php:26

filtersubmenu_fileincludes\admin\admin.php:27

actionin_admin_headerincludes\admin\admin.php:103

filteradmin_footer_textincludes\admin\admin.php:104

filterupdate_footerincludes\admin\admin.php:105

actionadmin_menuincludes\admin\beta-features.php:38

actionadmin_enqueue_scriptsincludes\admin\beta-features.php:101

filteradmin_body_classincludes\admin\beta-features.php:112

actionscf/include_admin_beta_featuresincludes\admin\beta-features.php:143

actionadmin_noticesincludes\admin\beta-features.php:181

actionadmin_menuincludes\admin\class-acf-admin-options-page.php:38

actionacf/input/admin_enqueue_scriptsincludes\admin\class-acf-admin-options-page.php:126

actionacf/input/admin_headincludes\admin\class-acf-admin-options-page.php:127

actionpost_submitbox_misc_actionsincludes\admin\post-types\admin-field-group.php:184

actionedit_form_after_titleincludes\admin\post-types\admin-field-group.php:185

filterscreen_settingsincludes\admin\post-types\admin-field-group.php:188

filterget_user_option_screen_layout_acf-field-groupincludes\admin\post-types\admin-field-group.php:189

actionadmin_menuincludes\admin\post-types\admin-field-groups.php:40

actionload-edit.phpincludes\admin\post-types\admin-field-groups.php:41

filterpost_classincludes\admin\post-types\admin-field-groups.php:42

actionpost_submitbox_misc_actionsincludes\admin\post-types\admin-post-type.php:161

actionedit_form_after_titleincludes\admin\post-types\admin-post-type.php:162

filterscreen_settingsincludes\admin\post-types\admin-post-type.php:165

filterget_user_option_screen_layout_acf-post-typeincludes\admin\post-types\admin-post-type.php:166

filterget_user_option_metaboxhidden_acf-post-typeincludes\admin\post-types\admin-post-type.php:167

filterget_user_option_closedpostboxes_acf-post-typeincludes\admin\post-types\admin-post-type.php:168

filterget_user_option_closedpostboxes_acf-post-typeincludes\admin\post-types\admin-post-type.php:169

actionadmin_menuincludes\admin\post-types\admin-post-types.php:44

actionadmin_menuincludes\admin\post-types\admin-taxonomies.php:44

actionpost_submitbox_misc_actionsincludes\admin\post-types\admin-taxonomy.php:163

actionedit_form_after_titleincludes\admin\post-types\admin-taxonomy.php:164

filterscreen_settingsincludes\admin\post-types\admin-taxonomy.php:167

filterget_user_option_screen_layout_acf-taxonomyincludes\admin\post-types\admin-taxonomy.php:168

filterget_user_option_metaboxhidden_acf-taxonomyincludes\admin\post-types\admin-taxonomy.php:169

filterget_user_option_closedpostboxes_acf-taxonomyincludes\admin\post-types\admin-taxonomy.php:170

filterget_user_option_closedpostboxes_acf-taxonomyincludes\admin\post-types\admin-taxonomy.php:171

actionacf/field_group/admin_enqueue_scriptsincludes\admin\post-types\class-acf-admin-ui-options-page.php:38

actionpost_submitbox_misc_actionsincludes\admin\post-types\class-acf-admin-ui-options-page.php:160

actionedit_form_after_titleincludes\admin\post-types\class-acf-admin-ui-options-page.php:161

filterscreen_settingsincludes\admin\post-types\class-acf-admin-ui-options-page.php:164

filterget_user_option_screen_layout_acf-ui-options-pageincludes\admin\post-types\class-acf-admin-ui-options-page.php:165

filterget_user_option_metaboxhidden_acf-ui-options-pageincludes\admin\post-types\class-acf-admin-ui-options-page.php:166

filterget_user_option_closedpostboxes_acf-ui-options-pageincludes\admin\post-types\class-acf-admin-ui-options-page.php:167

filterget_user_option_closedpostboxes_acf-ui-options-pageincludes\admin\post-types\class-acf-admin-ui-options-page.php:168

actionadmin_menuincludes\admin\post-types\class-acf-admin-ui-options-pages.php:56

filteruser_search_columnsincludes\ajax\class-acf-ajax-query-users.php:62

filterposts_orderbyincludes\api\api-helpers.php:1312

filteracf/settings/uploaderincludes\api\api-helpers.php:3063

actionacf/removed_unsafe_htmlincludes\api\api-template.php:180

filteracf/prevent_access_to_unknown_fieldsincludes\api\api-template.php:1066

filterterms_clausesincludes\api\api-term.php:187

actioninitincludes\assets.php:45

actionadmin_enqueue_scriptsincludes\assets.php:340

actionadmin_print_scriptsincludes\assets.php:341

actionadmin_print_footer_scriptsincludes\assets.php:342

actionadmin_footerincludes\assets.php:470

actionacf/initincludes\Blocks\Bindings.php:27

filterblock_type_metadataincludes\blocks.php:20

filterblock_type_metadata_settingsincludes\blocks.php:21

actionacf_block_render_templateincludes\blocks.php:22

actionenqueue_block_editor_assetsincludes\blocks.php:167

actionenqueue_block_editor_assetsincludes\blocks.php:266

actionenqueue_block_assetsincludes\blocks.php:957

filtercontent_save_preincludes\blocks.php:1205

filterrest_request_before_callbacksincludes\blocks.php:1470

filterrest_request_after_callbacksincludes\blocks.php:1491

actionsave_postincludes\blocks.php:1584

filterwp_unique_post_slugincludes\class-acf-internal-post-type.php:76

filterwp_untrash_post_statusincludes\class-acf-internal-post-type.php:77

filterdebug_informationincludes\class-acf-site-health.php:33

filteracf_update_site_health_dataincludes\class-acf-site-health.php:34

filteracf/first_activatedincludes\class-acf-site-health.php:41

filteracf/pre_update_field_groupincludes\class-acf-site-health.php:42

filteracf/pre_update_post_typeincludes\class-acf-site-health.php:43

filteracf/pre_update_taxonomyincludes\class-acf-site-health.php:44

filteracf/pre_update_ui_options_pageincludes\class-acf-site-health.php:45

filteracf/validate_fieldincludes\compatibility.php:24

filteracf/validate_field/type=textareaincludes\compatibility.php:25

filteracf/validate_field/type=relationshipincludes\compatibility.php:26

filteracf/validate_field/type=post_objectincludes\compatibility.php:27

filteracf/validate_field/type=page_linkincludes\compatibility.php:28

filteracf/validate_field/type=imageincludes\compatibility.php:29

filteracf/validate_field/type=fileincludes\compatibility.php:30

filteracf/validate_field/type=wysiwygincludes\compatibility.php:31

filteracf/validate_field/type=date_pickerincludes\compatibility.php:32

filteracf/validate_field/type=taxonomyincludes\compatibility.php:33

filteracf/validate_field/type=date_time_pickerincludes\compatibility.php:34

filteracf/validate_field/type=userincludes\compatibility.php:35

filteracf/validate_field_groupincludes\compatibility.php:36

filteracf/field_wrapper_attributesincludes\compatibility.php:39

filteracf/location/validate_rule/type=post_taxonomyincludes\compatibility.php:42

filteracf/location/validate_rule/type=post_categoryincludes\compatibility.php:43

actionacf/initincludes\compatibility.php:46

filteracf/get_fieldsincludes\fields\class-acf-field-clone.php:71

filteracf/prepare_fieldincludes\fields\class-acf-field-clone.php:72

filteracf/clone_fieldincludes\fields\class-acf-field-clone.php:73

filterget_media_item_argsincludes\fields\class-acf-field-file.php:38

filteracf/prepare_field_for_exportincludes\fields\class-acf-field-flexible-content.php:63

filteracf/clone_fieldincludes\fields\class-acf-field-flexible-content.php:64

filteracf/validate_fieldincludes\fields\class-acf-field-flexible-content.php:65

filteracf/pre_render_fieldsincludes\fields\class-acf-field-flexible-content.php:66

filterget_media_item_argsincludes\fields\class-acf-field-image.php:42

filteracf/field_wrapper_attributesincludes\fields\class-acf-field-nav-menu.php:38

filteracf/conditional_logic/choicesincludes\fields\class-acf-field-page_link.php:39

filteracf/conditional_logic/choicesincludes\fields\class-acf-field-post_object.php:35

filteracf/conditional_logic/choicesincludes\fields\class-acf-field-relationship.php:34

filteracf/validate_fieldincludes\fields\class-acf-field-repeater.php:59

filteracf/pre_render_fieldsincludes\fields\class-acf-field-repeater.php:60

filteracf/conditional_logic/choicesincludes\fields\class-acf-field-taxonomy.php:47

actionacf/save_postincludes\fields\class-acf-field-taxonomy.php:50

filteracf/conditional_logic/choicesincludes\fields\class-acf-field-user.php:37

actionacf/ajax/query_users/initincludes\fields\class-acf-field-user.php:384

filteracf/ajax/query_users/argsincludes\fields\class-acf-field-user.php:385

filteracf/ajax/query_users/resultincludes\fields\class-acf-field-user.php:386

filteracf/ajax/query_users/search_columnsincludes\fields\class-acf-field-user.php:387

actionacf/enqueue_uploaderincludes\fields\class-acf-field-wysiwyg.php:43

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:63

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:65

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:66

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:67

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:68

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:70

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:71

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:75

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:76

filteracf_the_editor_contentincludes\fields\class-acf-field-wysiwyg.php:218

filteracf_the_contentincludes\fields\class-acf-field-wysiwyg.php:398

actionacf/input/admin_enqueue_scriptsincludes\fields\class-acf-field.php:98

actionacf/input/admin_headincludes\fields\class-acf-field.php:99

actionacf/input/form_dataincludes\fields\class-acf-field.php:100

filteracf/input/admin_l10nincludes\fields\class-acf-field.php:101

actionacf/input/admin_footerincludes\fields\class-acf-field.php:102

actionacf/field_group/admin_enqueue_scriptsincludes\fields\class-acf-field.php:105

actionacf/field_group/admin_headincludes\fields\class-acf-field.php:106

actionacf/field_group/admin_footerincludes\fields\class-acf-field.php:107

actionadmin_enqueue_scriptsincludes\forms\form-attachment.php:30

filterattachment_fields_to_editincludes\forms\form-attachment.php:33

filterattachment_fields_to_saveincludes\forms\form-attachment.php:36

actionadmin_footerincludes\forms\form-attachment.php:67

actionadmin_enqueue_scriptsincludes\forms\form-comment.php:30

filtercomment_form_field_commentincludes\forms\form-comment.php:33

actionedit_commentincludes\forms\form-comment.php:38

actioncomment_postincludes\forms\form-comment.php:39

actionadmin_footerincludes\forms\form-comment.php:90

actionadd_meta_boxes_commentincludes\forms\form-comment.php:91

actioncustomize_controls_initincludes\forms\form-customizer.php:56

actioncustomize_preview_initincludes\forms\form-customizer.php:57

actioncustomize_saveincludes\forms\form-customizer.php:58

filterwidget_update_callbackincludes\forms\form-customizer.php:61

actionacf/input/admin_footerincludes\forms\form-customizer.php:84

filteracf/pre_load_valueincludes\forms\form-customizer.php:238

filteracf/pre_load_referenceincludes\forms\form-customizer.php:239

actionacf/validate_save_postincludes\forms\form-front.php:30

filteracf/pre_save_postincludes\forms\form-front.php:31

actionenqueue_block_editor_assetsincludes\forms\form-gutenberg.php:24

actionacf/validate_save_postincludes\forms\form-gutenberg.php:27

actionadd_meta_boxesincludes\forms\form-gutenberg.php:43

actionblock_editor_meta_box_hidden_fieldsincludes\forms\form-gutenberg.php:46

filterfilter_block_editor_meta_boxesincludes\forms\form-gutenberg.php:49

actionadmin_enqueue_scriptsincludes\forms\form-nav-menu.php:24

actionwp_update_nav_menuincludes\forms\form-nav-menu.php:25

actionacf/validate_save_postincludes\forms\form-nav-menu.php:26

filterwp_nav_menu_item_custom_fieldsincludes\forms\form-nav-menu.php:27

filterwp_get_nav_menu_itemsincludes\forms\form-nav-menu.php:30

filterwp_edit_nav_menu_walkerincludes\forms\form-nav-menu.php:31

actionadmin_footerincludes\forms\form-nav-menu.php:57

actionload-post.phpincludes\forms\form-post.php:39

actionload-post-new.phpincludes\forms\form-post.php:40

filterwp_insert_post_empty_contentincludes\forms\form-post.php:43

actionsave_postincludes\forms\form-post.php:44

actionadd_meta_boxesincludes\forms\form-post.php:83

actionedit_form_after_titleincludes\forms\form-post.php:206

actionadmin_enqueue_scriptsincludes\forms\form-taxonomy.php:32

actioncreate_termincludes\forms\form-taxonomy.php:35

actionedit_termincludes\forms\form-taxonomy.php:36

actiondelete_termincludes\forms\form-taxonomy.php:39

actionadmin_footerincludes\forms\form-taxonomy.php:94

actionadmin_enqueue_scriptsincludes\forms\form-user.php:29

actionlogin_form_registerincludes\forms\form-user.php:30

actionshow_user_profileincludes\forms\form-user.php:33

actionedit_user_profileincludes\forms\form-user.php:34

actionuser_new_formincludes\forms\form-user.php:35

actionregister_formincludes\forms\form-user.php:36

actionuser_registerincludes\forms\form-user.php:39

actionprofile_updateincludes\forms\form-user.php:40

filterregistration_errorsincludes\forms\form-user.php:43

filteracf/pre_load_valueincludes\forms\form-user.php:182

actionacf/input/admin_footerincludes\forms\form-user.php:247

actionadmin_enqueue_scriptsincludes\forms\form-widget.php:46

actionin_widget_formincludes\forms\form-widget.php:47

actionacf/validate_save_postincludes\forms\form-widget.php:48

filterwidget_update_callbackincludes\forms\form-widget.php:51

actionacf/input/admin_footerincludes\forms\form-widget.php:80

actionload-woocommerce_page_wc-ordersincludes\forms\WC_Order.php:24

actionwoocommerce_update_orderincludes\forms\WC_Order.php:25

actionwp_loadedincludes\forms\WC_Order.php:27

actionadd_meta_boxesincludes\forms\WC_Order.php:40

actionorder_edit_form_topincludes\forms\WC_Order.php:155

filteracf/get_cache_keyincludes\l10n.php:146

filteracf/load_field_groupsincludes\local-fields.php:647

filteracf/load_post_typesincludes\local-fields.php:648

filteracf/load_taxonomiesincludes\local-fields.php:649

filteracf/load_ui_options_pagesincludes\local-fields.php:650

filteracf/is_field_keyincludes\local-fields.php:669

filteracf/is_field_group_keyincludes\local-fields.php:702

filteracf/is_post_type_keyincludes\local-fields.php:703

filteracf/is_taxonomy_keyincludes\local-fields.php:704

actionacf/include_fieldsincludes\local-fields.php:728

actionacf/update_field_groupincludes\local-json.php:34

actionacf/untrash_field_groupincludes\local-json.php:35

filteracf/trash_field_groupincludes\local-json.php:36

filteracf/delete_field_groupincludes\local-json.php:37

filteracf/update_post_typeincludes\local-json.php:38

filteracf/untrash_post_typeincludes\local-json.php:39

filteracf/trash_post_typeincludes\local-json.php:40

filteracf/delete_post_typeincludes\local-json.php:41

filteracf/update_taxonomyincludes\local-json.php:42

filteracf/untrash_taxonomyincludes\local-json.php:43

filteracf/trash_taxonomyincludes\local-json.php:44

filteracf/delete_taxonomyincludes\local-json.php:45

actionacf/include_fieldsincludes\local-json.php:48

actionacf/include_post_typesincludes\local-json.php:49

actionacf/include_taxonomiesincludes\local-json.php:50

filteracf/pre_load_post_idincludes\local-meta.php:30

filteracf/pre_load_metaincludes\local-meta.php:31

filteracf/pre_load_metadataincludes\local-meta.php:32

filteracf/pre_update_metadataincludes\local-meta.php:102

filteracf/field_group/list_table_classesincludes\locations\class-acf-location-block.php:33

actionacf/enqueue_scriptsincludes\media.php:22

actionacf/save_postincludes\media.php:25

filterwp_handle_upload_prefilterincludes\media.php:28

filterimage_size_names_chooseincludes\media.php:119

filterwp_prepare_attachment_for_jsincludes\media.php:169

filterimage_size_names_chooseincludes\media.php:170

filterwp_prepare_attachment_for_jsincludes\media.php:172

filteracf/decode_post_idincludes\Meta\WooOrder.php:32

filteracf/pre_update_field_groupincludes\post-types\class-acf-field-group.php:72

actionacf/initincludes\post-types\class-acf-post-type.php:76

filterenter_title_hereincludes\post-types\class-acf-post-type.php:77

actionacf/initincludes\post-types\class-acf-taxonomy.php:75

actionacf/initincludes\post-types\class-acf-ui-options-page.php:84

actionacf/include_options_pagesincludes\post-types\class-acf-ui-options-page.php:85

actionacf/update_ui_options_pageincludes\post-types\class-acf-ui-options-page.php:285

actionacf/untrash_ui_options_pageincludes\post-types\class-acf-ui-options-page.php:286

actionacf/trash_ui_options_pageincludes\post-types\class-acf-ui-options-page.php:287

actionacf/delete_ui_options_pageincludes\post-types\class-acf-ui-options-page.php:288

filterrest_pre_dispatchincludes\rest-api\class-acf-rest-api.php:23

actionrest_api_initincludes\rest-api\class-acf-rest-api.php:24

filterrest_prepare_userincludes\rest-api\class-acf-rest-embed-links.php:39

actionrest_api_initincludes\rest-api\class-acf-rest-types-endpoint.php:38

actionrest_api_initincludes\rest-api\class-acf-rest-types-endpoint.php:39

filterrest_request_before_callbacksincludes\rest-api\class-acf-rest-types-endpoint.php:40

filterrest_prepare_post_typeincludes\rest-api\class-acf-rest-types-endpoint.php:41

filterrest_pre_echo_responseincludes\rest-api\class-acf-rest-types-endpoint.php:42

filterrest_type_collection_paramsincludes\rest-api\class-acf-rest-types-endpoint.php:279

filterrest_types_collection_paramsincludes\rest-api\class-acf-rest-types-endpoint.php:280

filterrest_endpointsincludes\rest-api\class-acf-rest-types-endpoint.php:281

actionwp_restore_post_revisionincludes\revisions.php:21

filter_wp_post_revision_fieldsincludes\revisions.php:22

filter_wp_post_revision_fieldsincludes\revisions.php:23

filteracf/validate_post_idincludes\revisions.php:24

action_wp_put_post_revisionincludes\revisions.php:28

filterwp_save_post_revision_post_has_changedincludes\revisions.php:29

filterwp_post_revision_meta_keysincludes\revisions.php:30

filterwp_save_post_revision_check_for_changesincludes\revisions.php:34

filtertabify_posttypesincludes\third-party.php:26

actiontabify_add_meta_boxesincludes\third-party.php:27

filterpts_allowed_pagesincludes\third-party.php:32

filteracf/get_post_typesincludes\third-party.php:37

actiondoing_dark_modeincludes\third-party.php:42

actionwp_upgradeincludes\upgrades.php:444

actionacf/validate_save_postincludes\validation.php:33

actionacf/verify_ajaxincludes\wpml.php:56

filterget_translatable_documentsincludes\wpml.php:59

actionacf/upgrade_500_field_groupincludes\wpml.php:65

actionicl_make_duplicateincludes\wpml.php:66

filteracf/settings/save_jsonincludes\wpml.php:69

filteracf/settings/load_jsonincludes\wpml.php:70

filteracf/format_valuepro\blocks-auto-inline-editing.php:78

actioninitsecure-custom-fields.php:284

actioninitsecure-custom-fields.php:285

actioninitsecure-custom-fields.php:286

actionwoocommerce_initsecure-custom-fields.php:287

filterposts_wheresecure-custom-fields.php:290

actionactivated_pluginsecure-custom-fields.php:884

actionpre_current_active_pluginssecure-custom-fields.php:913

Scheduled Events 1

acf_update_site_health_data

Maintenance & Trust

Secure Custom Fields Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4

Downloads328K

Community Trust

Rating94/100

Number of ratings59

Active installs60K

Alternatives

Secure Custom Fields Alternatives

Advanced Custom Fields (ACF®)

advanced-custom-fields

ACF helps customize WordPress with powerful, professional and intuitive fields. Proudly powering over 2 million sites, WordPress developers love ACF.

2.0M 9 CVEs

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Advanced Custom Fields: Extended

acf-extended

All-in-one enhancement suite that improves WordPress & Advanced Custom Fields.

100K 4 CVEs

Table Field Add-on for ACF and SCF

advanced-custom-fields-table-field

A Table Field Add-on for the Advanced Custom Fields and Secure Custom Fields Plugin.

50K 2 CVEs

Custom Field Template

custom-field-template

The Custom Field Template plugin extends the functionality of custom fields.

30K 1 unpatched

Developer Profile

Secure Custom Fields Developer Profile

WordPress.org

34 plugins · 14.9M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1718 days

View full developer profile

Detection Fingerprints

How We Detect Secure Custom Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/secure-custom-fields/assets/css/acf-input.css/wp-content/plugins/secure-custom-fields/assets/css/acf-admin.css/wp-content/plugins/secure-custom-fields/assets/css/acf-blocks.css/wp-content/plugins/secure-custom-fields/assets/css/acf-field-group.css/wp-content/plugins/secure-custom-fields/assets/css/acf-modal.css/wp-content/plugins/secure-custom-fields/assets/css/acf-postbox.css/wp-content/plugins/secure-custom-fields/assets/css/acf-pro-updates.css/wp-content/plugins/secure-custom-fields/assets/css/acf-settings.css+87 more

Script Paths

/wp-content/plugins/secure-custom-fields/assets/js/acf-input.js/wp-content/plugins/secure-custom-fields/assets/js/acf-admin.js/wp-content/plugins/secure-custom-fields/assets/js/acf-blocks.js/wp-content/plugins/secure-custom-fields/assets/js/acf-field-group.js/wp-content/plugins/secure-custom-fields/assets/js/acf-field-group-field.js/wp-content/plugins/secure-custom-fields/assets/js/acf-field-group-location.js+80 more

Version Parameters

secure-custom-fields/assets/css/acf-input.css?ver=secure-custom-fields/assets/css/acf-admin.css?ver=secure-custom-fields/assets/css/acf-blocks.css?ver=secure-custom-fields/assets/css/acf-field-group.css?ver=secure-custom-fields/assets/css/acf-modal.css?ver=secure-custom-fields/assets/css/acf-postbox.css?ver=secure-custom-fields/assets/css/acf-pro-updates.css?ver=secure-custom-fields/assets/css/acf-settings.css?ver=secure-custom-fields/assets/css/acf-taxonomy.css?ver=secure-custom-fields/assets/js/acf-input.js?ver=secure-custom-fields/assets/js/acf-admin.js?ver=secure-custom-fields/assets/js/acf-blocks.js?ver=secure-custom-fields/assets/js/acf-field-group.js?ver=secure-custom-fields/assets/js/acf-field-group-field.js?ver=secure-custom-fields/assets/js/acf-field-group-location.js?ver=secure-custom-fields/assets/js/acf-field-group-setting.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-style.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-wrapper.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-wrapper-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-wrapper-style.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-wrapper-validation.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-wrapper-width.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-width.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-validation.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-conditional-logic-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-setting-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-style.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-wrapper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-wrapper-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-wrapper-style.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-wrapper-validation.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-wrapper-width.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-width.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-validation.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-conditional-logic-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-group-setting-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-rule-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-location-helper.js?ver=secure-custom-fields/assets/js/acf-field-group-helper.js?ver=secure-custom-fields/assets/js/acf-modal.js?ver=secure-custom-fields/assets/js/acf-postbox.js?ver=secure-custom-fields/assets/js/acf-pro-updates.js?ver=secure-custom-fields/assets/js/acf-settings.js?ver=secure-custom-fields/assets/js/acf-taxonomy.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-style.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-wrapper.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-wrapper-conditional-logic.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-wrapper-style.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-wrapper-validation.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-wrapper-width.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-width.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-validation.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-conditional-logic-helper.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-group-setting-helper.js?ver=secure-custom-fields/assets/js/acf-taxonomy-field-helper.js?ver=secure-custom-fields/assets/js/acf-taxonomy-helper.js?ver=secure-custom-fields/assets/js/acf-helper.js?ver=secure-custom-fields/assets/js/acf-input-fields.js?ver=secure-custom-fields/assets/js/acf-input-helper.js?ver=secure-custom-fields/assets/js/acf-input-fields-text.js?ver=secure-custom-fields/assets/js/acf-input-fields-textarea.js?ver=secure-custom-fields/assets/js/acf-input-fields-wysiwyg.js?ver=secure-custom-fields/assets/js/acf-input-fields-image.js?ver=secure-custom-fields/assets/js/acf-input-fields-file.js?ver=secure-custom-fields/assets/js/acf-input-fields-select.js?ver=secure-custom-fields/assets/js/acf-input-fields-checkbox.js?ver=secure-custom-fields/assets/js/acf-input-fields-radio.js?ver=secure-custom-fields/assets/js/acf-input-fields-true_false.js?ver=secure-custom-fields/assets/js/acf-input-fields-email.js?ver=secure-custom-fields/assets/js/acf-input-fields-url.js?ver=secure-custom-fields/assets/js/acf-input-fields-number.js?ver=secure-custom-fields/assets/js/acf-input-fields-password.js?ver=secure-custom-fields/assets/js/acf-input-fields-date_picker.js?ver=secure-custom-fields/assets/js/acf-input-fields-date_time_picker.js?ver=secure-custom-fields/assets/js/acf-input-fields-time_picker.js?ver=secure-custom-fields/assets/js/acf-input-fields-color_picker.js?ver=secure-custom-fields/assets/js/acf-input-fields-google_map.js?ver=secure-custom-fields/assets/js/acf-input-fields-wysiwyg-editor.js?ver=secure-custom-fields/assets/js/acf-input-fields-repeater.js?ver=secure-custom-fields/assets/js/acf-input-fields-flexible_content.js?ver=secure-custom-fields/assets/js/acf-input-fields-group.js?ver=secure-custom-fields/assets/js/acf-input-fields-clone.js?ver=secure-custom-fields/assets/js/acf-input-fields-oembed.js?ver=secure-custom-fields/assets/js/acf-input-fields-wysiwyg-editor-plugins.js?ver=secure-custom-fields/assets/js/acf-input-fields-wysiwyg-editor-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

acf-inputacf-fieldacf-field-groupacf-field-settingsacf-field-settingacf-field-setting-conditional-logicacf-field-setting-styleacf-field-setting-wrapper+82 more

HTML Comments

+79 more

Data Attributes

data-field_typedata-field_namedata-parentdata-iddata-namedata-key+205 more

JS Globals

acfacf_phpacf_options_pageacf_admin_settingsacf_admin_toolsacf_admin_field_group+97 more

REST Endpoints

/wp-json/acf/v1/fields/wp-json/acf/v1/field-groups/wp-json/acf/v1/locations/wp-json/acf/v1/settings/wp-json/acf/v1/updates

FAQ

Secure Custom Fields Security & Risk Analysis

Is Secure Custom Fields Safe to Use in 2026?

Generally Safe

Key Concerns

Secure Custom Fields Security Vulnerabilities

Secure Custom Fields Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Secure Custom Fields Attack Surface

AJAX Handlers 33

Shortcodes 1

Scheduled Events 1

Secure Custom Fields Maintenance & Trust

Maintenance Signals

Community Trust

Secure Custom Fields Alternatives

Advanced Custom Fields (ACF®)

Meta Box

Advanced Custom Fields: Extended

Table Field Add-on for ACF and SCF

Custom Field Template

Secure Custom Fields Developer Profile

How We Detect Secure Custom Fields

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Secure Custom Fields