Does Post Grid Master — Post Grids & AJAX Filters have any unpatched vulnerabilities?

Yes — Post Grid Master — Post Grids & AJAX Filters currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Post Grid Master — Post Grids & AJAX Filters compatible with WordPress 6.8.5?

According to WordPress.org data, Post Grid Master — Post Grids & AJAX Filters 3.4.17 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Post Grid Master — Post Grids & AJAX Filters compatible with PHP 7.4+?

Post Grid Master — Post Grids & AJAX Filters requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Post Grid Master — Post Grids & AJAX Filters updated?

Post Grid Master — Post Grids & AJAX Filters was last updated on Oct 22, 2025. Frequent updates are generally a positive security signal.

What is Post Grid Master — Post Grids & AJAX Filters's security score?

Post Grid Master — Post Grids & AJAX Filters has a WP-Safety security score of 62/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Grid Master — Post Grids & AJAX Filters Security & Risk Analysis

wordpress.org/plugins/ajax-filter-posts

Create post grids with AJAX filters, pagination, load more, infinite scroll, and custom post type support.

1K active installs v3.4.17 PHP 7.4+ WP 5.8+ Updated Oct 22, 2025

ajax-filterinfinite-scrollpaginationpost-gridtaxonomy-filter

C · Use Caution

CVEs total7

Unpatched1

Last CVEJul 23, 2025

Plugin page Download

Safety Verdict

Is Post Grid Master — Post Grids & AJAX Filters Safe to Use in 2026?

Use With Caution

Score 62/100

Post Grid Master — Post Grids & AJAX Filters has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

7 known CVEs 1 unpatched Last CVE: Jul 23, 2025Updated 5mo ago

Risk Assessment

The "ajax-filter-posts" plugin exhibits a mixed security posture. While the static analysis shows a commendable effort with 80% of SQL queries using prepared statements and 85% of outputs being properly escaped, significant concerns remain. The presence of 7 known CVEs, with one still unpatched and classified as critical, is a major red flag. This history includes severe vulnerability types like XSS, missing authorization, PHP Remote File Inclusion, and Path Traversal, indicating a recurring pattern of insecure input handling and access control issues in past versions. The taint analysis revealing two flows with unsanitized paths, although not reaching critical or high severity in this specific scan, are potential precursors to the types of vulnerabilities seen in its history, especially when combined with past findings of "Improper Control of Filename for Include/Require Statement" and "Path Traversal". The plugin's attack surface, though currently showing no unprotected entry points, has historically been a source of significant risk.

Key Concerns

Unpatched critical CVE
Multiple historical vulnerability types
Flows with unsanitized paths (2)
80% SQL prepared, 20% may not be
85% output escaped, 15% may not be

Vulnerabilities

Post Grid Master — Post Grids & AJAX Filters Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

4 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

7 total CVEs

CVE-2025-5084medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Master <= 3.4.13 - Reflected Cross-Site Scripting via argsArray['read_more_text']

Jul 23, 2025 Patched in 3.4.14 (50d)

CVE-2025-30974medium · 4.3Missing Authorization

Post Grid Master <= 3.4.14 - Missing Authorization

Jun 5, 2025Unpatched

CVE-2025-24733high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Post Grid Master <= 3.4.12 - Authenticated (Contributor+) Local File Inclusion

Jan 24, 2025 Patched in 3.4.13 (5d)

CVE-2024-11642critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion

Jan 8, 2025 Patched in 3.4.13 (246d)

CVE-2024-43156medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Master <= 3.4.10 - Reflected Cross-Site Scripting

Aug 7, 2024 Patched in 3.4.11 (8d)

CVE-2024-34390medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Post Grid Master <= 3.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 6, 2024 Patched in 3.4.12 (494d)

CVE-2024-34372medium · 5.3Missing Authorization

Post Grid Master <= 3.4.7 - Missing Authorization

May 3, 2024 Patched in 3.4.8 (5d)

Code Analysis

Analyzed Mar 16, 2026

Post Grid Master — Post Grids & AJAX Filters Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

294 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

85% escaped345 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

am_post_grid_load_posts_ajax_functions (inc\Shortcode.php:346)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Post Grid Master — Post Grids & AJAX Filters Attack Surface

Entry Points6

Unprotected0

AJAX Handlers 3

authwp_ajax_gridmaster_ajaxadmin\Ajax.php:13

authwp_ajax_asr_filter_postsinc\Shortcode.php:16

noprivwp_ajax_asr_filter_postsinc\Shortcode.php:17

Shortcodes 3

[gridmaster] inc\Shortcode.php:11

[am_post_grid] inc\Shortcode.php:12

[asr_ajax] inc\Shortcode.php:13

WordPress Hooks 24

actionadmin_menuadmin\Admin.php:14

actionadmin_enqueue_scriptsadmin\Admin.php:17

filteradmin_footer_textadmin\Admin.php:20

filterupdate_footeradmin\Admin.php:23

actionwp_enqueue_scriptsajax-filter-posts.php:31

actionplugins_loadedajax-filter-posts.php:36

actionswitch_themeappsero\src\Insights.php:135

actionswitch_themeappsero\src\Insights.php:136

actionadmin_footerappsero\src\Insights.php:146

actionadmin_noticesappsero\src\Insights.php:161

actionadmin_initappsero\src\Insights.php:164

filtercron_schedulesappsero\src\Insights.php:168

actionadmin_menuappsero\src\License.php:219

actionafter_switch_themeappsero\src\License.php:781

actionswitch_themeappsero\src\License.php:782

filtergridmaster_grid_stylesinc\functions.php:161

filtergridmaster_filter_stylesinc\functions.php:183

filtergridmaster_render_grid_argsinc\Shortcode.php:20

actioninitinc\Shortcode.php:24

actiongridmaster_render_filtersinc\Shortcode.php:28

filtergridmaster_excerpt_lengthinc\Shortcode.php:485

filtergridmaster_post_thumb_sizeinc\Shortcode.php:493

filtergridmaster_get_render_grid_argsinc\Shortcode.php:504

filtershow_admin_barinc\Shortcode.php:720

Maintenance & Trust

Post Grid Master — Post Grids & AJAX Filters Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 22, 2025

PHP min version7.4

Downloads39K

Community Trust

Rating90/100

Number of ratings13

Active installs1K

Alternatives

Post Grid Master — Post Grids & AJAX Filters Alternatives

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs

Load More Products for WooCommerce

load-more-products-for-woocommerce

100

Load products from next page via AJAX with infinite scrolling or load more products button

20K No CVEs

YITH Infinite Scrolling

yith-infinite-scrolling

Add infinite scrolling to archive post or shop page.

10K 1 CVE

Load More Anything

ajax-load-more-anything

100

Add Load More button for your blog post, custom type, Comments, page, Category, Recent Posts, Woocommerce Product, custom Div or whatever you want.

6K 1 CVE

Category AJAX Filter – Advanced Filter for Posts & Custom Post Types

category-ajax-filter

Filter WordPress posts and custom post types by categories, tags, and taxonomies with AJAX-powered filtering — no page reload required.

6K 1 CVE

Developer Profile

Post Grid Master — Post Grids & AJAX Filters Developer Profile

Akhtarujjaman Shuvo

10 plugins · 7K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

117 days

View full developer profile

Detection Fingerprints

How We Detect Post Grid Master — Post Grids & AJAX Filters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ajax-filter-posts/assets/frontend.min.js/wp-content/plugins/ajax-filter-posts/assets/css/frontend.min.css

Script Paths

/wp-content/plugins/ajax-filter-posts/assets/frontend.min.js

Version Parameters

ajax-filter-posts/assets/frontend.min.js?ver=ajax-filter-posts/assets/css/frontend.min.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-gridmaster-id

JS Globals

asr_ajax_params

FAQ