WP-Safety

All Round Order Security & Risk Analysis

wordpress.org/plugins/all-round-order

Order all items(Pages, Posts, Custom Post Types and attachments) easily with a drag and drop feature

40 active installs v1.1.0 PHP + WP 3.6+ Updated Feb 10, 2015
attachment-ordercustom-post-type-orderpage-orderpost-order
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is All Round Order Safe to Use in 2026?

Generally Safe

Score 85/100

All Round Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "all-round-order" plugin v1.1.0 exhibits a mixed security posture. On one hand, it demonstrates good practices by avoiding dangerous functions, utilizing prepared statements for all SQL queries, and having no known vulnerability history. This suggests a level of care in development regarding common web vulnerabilities.

However, significant concerns arise from the attack surface analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This creates a direct pathway for unauthenticated users to interact with potentially sensitive plugin functionalities. Furthermore, the taint analysis reveals flows with unsanitized paths, although no critical or high severity issues were identified. The complete absence of output escaping is a major red flag, as it leaves the plugin highly susceptible to Cross-Site Scripting (XSS) attacks through various input vectors.

While the plugin has no recorded CVEs, the identified weaknesses, particularly the unprotected AJAX endpoints and the lack of output escaping, present considerable risks. The absence of nonce checks on these AJAX handlers further exacerbates the potential for exploitation. Therefore, while the plugin has some strengths, the identified vulnerabilities require immediate attention to mitigate significant security risks.

Key Concerns

  • AJAX handlers without authentication checks
  • AJAX handlers without nonce checks
  • Output escaping: 0% properly escaped
  • Flows with unsanitized paths
Vulnerabilities
None known

All Round Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

All Round Order Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
0 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped4 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
<all-round-order> (1.1\all-round-order.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

All Round Order Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_update-custom-type-order1.1\all-round-order.php:287
authwp_ajax_update-custom-type-orderall-round-order.php:287
WordPress Hooks 10
filterpre_get_posts1.1\all-round-order.php:52
filterposts_orderby1.1\all-round-order.php:81
actionadmin_menu1.1\all-round-order.php:98
actionadmin_init1.1\all-round-order.php:272
actionadmin_menu1.1\settings.php:6
filterpre_get_postsall-round-order.php:52
filterposts_orderbyall-round-order.php:81
actionadmin_menuall-round-order.php:98
actionadmin_initall-round-order.php:272
actionadmin_menusettings.php:6
Maintenance & Trust

All Round Order Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.0
Last updatedFeb 10, 2015
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

All Round Order Alternatives

Real Custom Post Order: Create a custom order for your content

Real Custom Post Order: Create a custom order for your content

real-custom-post-order

A
100

Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!

9K No CVEs
Intuitive Custom Post Order

Intuitive Custom Post Order

intuitive-custom-post-order

A
99

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs
Custom Category Post Order

Custom Category Post Order

custom-post-order-category

A
99

Order your post by category or custom post type by drag & drop interface.

500 1 CVE
My Post Order

My Post Order

my-posts-order

C
63

A plugin which allows you to sort posts, pages, custom post type in ANY order and display the same in your sidebar.

400 1 unpatched
Sortable Posts

Sortable Posts

sortable-posts

A
85

Sortable Posts is a small plugin for WordPress that adds sortability to post types and taxonomies from the admin panel.

100 No CVEs
Developer Profile

All Round Order Developer Profile

WebuddySoft

1 plugin · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect All Round Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/all-round-order/js/jquery-ui.min.js/wp-content/plugins/all-round-order/js/all-round-order.js/wp-content/plugins/all-round-order/css/all-round-order.css
Script Paths
/wp-content/plugins/all-round-order/js/jquery-ui.min.js/wp-content/plugins/all-round-order/js/all-round-order.js
Version Parameters
all-round-order/css/all-round-order.css?ver=all-round-order/js/jquery-ui.min.js?ver=all-round-order/js/all-round-order.js?ver=

HTML / DOM Fingerprints

CSS Classes
wbsoft-all-round-ordersortableplaceholder
HTML Comments
<!-- Javascript should be enabled to use this plugin. -->
Data Attributes
id="sortable"id="save-order"
JS Globals
ajaxurljQuery
REST Endpoints
update-custom-type-order
FAQ

Frequently Asked Questions about All Round Order