Using ACF in and of itself should not be a security risk and I cannot recall the last time I even heard of a security vulnerability in ACF. As you’ve found, it is all in the way you use anything.
As far as updating in general…. if there are no security vulnerabilities in WP and the plugins you’re using then you should not be at risk being hacked do to not updating. Frankly, that is a myth. What you do need to do is follow issues and update when a risk is found.
When it comes to the admin, I’m not usually overly concerned about ACF because the only people that can do anything are me and the people I build the site for. My company is not going to do anything malicious and I’m sure the client is not going to do anything malicious to their own site.
As far as the front end, this is where you need to be careful about what you’re allowing, again like you found out.
Long story short, I don’t have any concern about ACF causing an issue even if I don’t update it.
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic.
Welcome to the Advanced Custom Fields community forum.
Browse through ideas, snippets of code, questions and answers between fellow ACF users