Does Ultimate Extension for ACF have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Ultimate Extension for ACF compatible with WordPress 6.8.5?

According to WordPress.org data, Ultimate Extension for ACF 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Ultimate Extension for ACF compatible with PHP 7.4+?

Ultimate Extension for ACF requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Ultimate Extension for ACF updated?

Ultimate Extension for ACF was last updated on Oct 20, 2025. Frequent updates are generally a positive security signal.

What is Ultimate Extension for ACF's security score?

Ultimate Extension for ACF has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Ultimate Extension for ACF Security & Risk Analysis

wordpress.org/plugins/ultimate-extension-for-acf

Enhanced ACF Flexible Content editing with image previews and performance optimizations - compatible with ACF v5.6+ and v6.5+

20 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Oct 20, 2025

acfflexible-contentimage-previewmultisiteperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Ultimate Extension for ACF Safe to Use in 2026?

Generally Safe

Score 100/100

Ultimate Extension for ACF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The "ultimate-extension-for-acf" plugin version 1.0.0 exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, the lack of authentication on 8 AJAX entry points presents a substantial risk. Taint analysis and vulnerability history show no immediate critical issues, which is positive, but the absence of known vulnerabilities could also be attributed to the plugin's version or limited adoption, rather than proven inherent security. The presence of 8 unprotected AJAX handlers creates a large attack surface, meaning an attacker could potentially exploit these endpoints without needing any user authentication or privileges, leading to potential unauthorized actions or information disclosure if these handlers perform sensitive operations.

Key Concerns

8 AJAX handlers without auth checks
Low nonce checks (2 for 8 entry points)
Low capability checks (2 for 8 entry points)

Vulnerabilities

None known

Ultimate Extension for ACF Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Ultimate Extension for ACF Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

Ultimate Extension for ACF Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared18 total queries

Output Escaping

81% escaped47 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

set_uefax_image (includes\current\class-uefax-current-ajax.php:176)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

8 unprotected

Ultimate Extension for ACF Attack Surface

Entry Points8

Unprotected8

AJAX Handlers 8

authwp_ajax_uefax_getModalImageincludes\current\class-uefax-current-compatibility.php:83

noprivwp_ajax_uefax_getModalImageincludes\current\class-uefax-current-compatibility.php:84

authwp_ajax_uefax_setModalImageincludes\current\class-uefax-current-compatibility.php:85

noprivwp_ajax_uefax_setModalImageincludes\current\class-uefax-current-compatibility.php:86

authwp_ajax_uefax_getModalImageincludes\legacy\class-uefax-legacy-compatibility.php:75

noprivwp_ajax_uefax_getModalImageincludes\legacy\class-uefax-legacy-compatibility.php:76

authwp_ajax_uefax_setModalImageincludes\legacy\class-uefax-legacy-compatibility.php:77

noprivwp_ajax_uefax_setModalImageincludes\legacy\class-uefax-legacy-compatibility.php:78

WordPress Hooks 18

actionadmin_menuincludes\current\class-uefax-current-compatibility.php:75

actionadmin_enqueue_scriptsincludes\current\class-uefax-current-compatibility.php:76

actionadmin_enqueue_scriptsincludes\current\class-uefax-current-compatibility.php:77

actionadmin_enqueue_scriptsincludes\current\class-uefax-current-compatibility.php:78

filteracf/fields/flexible_content/layout_titleincludes\current\class-uefax-current-compatibility.php:91

actionacf/input/admin_footerincludes\current\class-uefax-current-compatibility.php:94

actionadmin_footerincludes\current\class-uefax-current-compatibility.php:95

actioninitincludes\legacy\class-uefax-legacy-compatibility.php:66

actioninitincludes\legacy\class-uefax-legacy-compatibility.php:67

actionadmin_enqueue_scriptsincludes\legacy\class-uefax-legacy-compatibility.php:68

actionadmin_enqueue_scriptsincludes\legacy\class-uefax-legacy-compatibility.php:69

actionadmin_menuincludes\legacy\class-uefax-legacy-compatibility.php:70

actionadmin_enqueue_scriptsincludes\legacy\class-uefax-legacy-compatibility.php:71

filteracf/fields/flexible_content/layout_titleincludes\legacy\class-uefax-legacy-compatibility.php:82

actionacf/input/admin_footerincludes\legacy\class-uefax-legacy-compatibility.php:85

actionadmin_footerincludes\legacy\class-uefax-legacy-compatibility.php:86

actionplugins_loadedultimate-extension-for-acf.php:101

actionadmin_noticesultimate-extension-for-acf.php:122

Maintenance & Trust

Ultimate Extension for ACF Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 20, 2025

PHP min version7.4

Downloads259

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Ultimate Extension for ACF Alternatives

ACF Repeater & Flexible Content Collapser

acf-repeater-flexible-content-collapser

Collapse and expand ACF Repeater and Flexible Content fields all at once to get a better overview and enable easier sorting.

3K No CVEs

ACF Hide Layout

acf-hide-layout

Easily hide the layout of the flexible content on the frontend but still keep it in the backend.

2K No CVEs

Servebolt Optimizer

servebolt-optimizer

100

This plugin implements Servebolt's WordPress best practices, and connects your site to the Servebolt Admin Panel.

1K No CVEs

ACF Flexible Content Modal

acf-flexible-content-modal

Make ACF Flexible Content editing the content of each layout using a Modal window.

800 No CVEs

Flexible Layout Preview Image for ACF

flexible-layout-preview-image-for-acf

100

Adds flexible layout preview images for Advanced Custom Fields (ACF) in the WordPress admin.

500 No CVEs

Developer Profile

Ultimate Extension for ACF Developer Profile

Ultimate Agency

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Ultimate Extension for ACF

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-extension-for-acf/assets/css/uefax-admin.css/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-admin.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-frontend.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-components.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/vendor/dragula.min.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/vendor/jquery.dragster.min.js

Script Paths

/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-admin.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-frontend.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/uefax-components.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/vendor/dragula.min.js/wp-content/plugins/ultimate-extension-for-acf/assets/js/vendor/jquery.dragster.min.js

Version Parameters

ultimate-extension-for-acf/assets/css/uefax-admin.css?ver=ultimate-extension-for-acf/assets/js/uefax-admin.js?ver=ultimate-extension-for-acf/assets/js/uefax-frontend.js?ver=ultimate-extension-for-acf/assets/js/uefax-components.js?ver=ultimate-extension-for-acf/assets/js/vendor/dragula.min.js?ver=ultimate-extension-for-acf/assets/js/vendor/jquery.dragster.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

uefax-layout-preview-settingsuefax-layout-preview-fielduefax-layout-preview-imageuefax-layout-preview-upload-buttonuefax-modal-preview-wrapperuefax-modal-preview-contentuefax-modal-preview-closeuefax-flexible-content-wrapper

HTML Comments

Data Attributes

data-uefax-modal-targetdata-uefax-layout-namedata-uefax-layout-id

JS Globals

uefax_admin_paramsuefax_frontend_params

FAQ