WP All Export – Export Add-On for ACF Security & Risk Analysis
wordpress.org/plugins/wp-all-export-csv-excel-xml-for-acfDrag & drop to export Advanced Custom Fields data to any custom CSV, Excel, or XML file of any format. Supports repeaters, flexible content, galle …
Is WP All Export – Export Add-On for ACF Safe to Use in 2026?
Generally Safe
Score 100/100WP All Export – Export Add-On for ACF has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
Based on the static analysis, this plugin exhibits a strong security posture. The absence of dangerous functions, file operations, external HTTP requests, and the proper handling of output escaping are all positive indicators. The SQL queries are also partially protected by prepared statements, which is a good practice. The lack of recorded vulnerabilities in its history further suggests a well-maintained and secure codebase.
However, the analysis also highlights a significant concern: the complete absence of nonce checks and capability checks across all potential entry points. While the current static analysis reports zero unprotected entry points (AJAX, REST API, shortcodes, cron events), this is likely because there are no explicit entry points identified in the first place. If any functionality were to be added or discovered later that relied on user interaction or administrative actions without proper authorization and nonce verification, it would represent a critical security gap. The taint analysis also reported zero flows, which is excellent, but this could be due to a lack of complex data flow paths or the inherent limitations of static analysis.
In conclusion, the plugin demonstrates good coding practices by avoiding common pitfalls like dangerous functions and unescaped output. The lack of a vulnerability history is a testament to its perceived stability. The primary weakness lies in the apparent lack of built-in authorization and integrity checks, which, if not addressed, could expose the plugin to significant risks if new entry points are introduced or if its current limited entry points are bypassed.
Key Concerns
- No nonce checks detected
- No capability checks detected
- SQL queries without prepared statements
WP All Export – Export Add-On for ACF Security Vulnerabilities
WP All Export – Export Add-On for ACF Code Analysis
SQL Query Safety
Output Escaping
WP All Export – Export Add-On for ACF Attack Surface
WordPress Hooks 1
Maintenance & Trust
WP All Export – Export Add-On for ACF Maintenance & Trust
Maintenance Signals
Community Trust
WP All Export – Export Add-On for ACF Alternatives
WP All Export – Export Add-On for ACF Developer Profile
22 plugins · 207K total installs
How We Detect WP All Export – Export Add-On for ACF
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/css/vendors.css/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/css/main.css/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/js/vendors.js/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/js/main.js/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/js/vendors.js/wp-content/plugins/wp-all-export-csv-excel-xml-for-acf/assets/js/main.jswp-all-export-csv-excel-xml-for-acf/assets/css/vendors.css?ver=wp-all-export-csv-excel-xml-for-acf/assets/css/main.css?ver=wp-all-export-csv-excel-xml-for-acf/assets/js/vendors.js?ver=wp-all-export-csv-excel-xml-for-acf/assets/js/main.js?ver=HTML / DOM Fingerprints
pmae_wrappmae_headerpmae_contentpmae_footer<!-- BEGIN PMAE_WRAP --><!-- END PMAE_WRAP --><!-- BEGIN PMAE_HEADER --><!-- END PMAE_HEADER -->+4 moredata-prefixdata-templatedata-elementpmae_settings