Does Alphabetic Pagination have any unpatched vulnerabilities?

No. All known vulnerabilities in Alphabetic Pagination have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Alphabetic Pagination compatible with WordPress 6.9.4?

According to WordPress.org data, Alphabetic Pagination 3.2.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Alphabetic Pagination compatible with PHP 7.0+?

Alphabetic Pagination requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Alphabetic Pagination updated?

Alphabetic Pagination was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is Alphabetic Pagination's security score?

Alphabetic Pagination has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Alphabetic Pagination Security & Risk Analysis

wordpress.org/plugins/alphabetic-pagination

Alphabetic Pagination allows you to enable pagination on pages, posts, categories and WooCommerce shop page.

500 active installs v3.2.5 PHP 7.0+ WP 3.0+ Updated Feb 5, 2026

alphabeticfilteringpaginationposts-paginationsorting

A · Safe

CVEs total2

Unpatched0

Last CVEFeb 14, 2025

Plugin page Download

Safety Verdict

Is Alphabetic Pagination Safe to Use in 2026?

Generally Safe

Score 96/100

Alphabetic Pagination has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 14, 2025Updated 1mo ago

Risk Assessment

The 'alphabetic-pagination' plugin version 3.2.5 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of SQL queries using prepared statements and properly escaped outputs, there are notable areas of concern. The presence of one AJAX handler without proper authentication checks significantly increases the attack surface and poses a direct risk. Additionally, the plugin has a history of two known CVEs, including a past critical vulnerability for Cross-Site Scripting and Missing Authorization. Although these are currently patched, the pattern suggests a potential for recurring or similar vulnerabilities. The taint analysis, while showing no critical or high severity flows, did identify one flow with unsanitized paths, which warrants attention. Overall, the plugin has strengths in secure coding practices but is weakened by an exposed entry point and a history of serious security flaws.

Key Concerns

AJAX handler without auth checks
Past critical CVE (2025-02-14)
Past medium CVE (type not specified)
Taint flow with unsanitized paths

Vulnerabilities

Alphabetic Pagination Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

2 total CVEs

CVE-2025-26751medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Alphabetic Pagination <= 3.2.1 - Reflected Cross-Site Scripting

Feb 14, 2025 Patched in 3.2.2 (18d)

WF-dbda16f5-65c2-47cf-8b06-6aa231b8fd11-alphabetic-paginationcritical · 9.1Missing Authorization

Alphabetic Pagination <= 3.0.7 - Missing Authorization to Unauthenticated Arbitrary Options Update

Aug 25, 2022 Patched in 3.0.8 (516d)

Code Analysis

Analyzed Mar 16, 2026

Alphabetic Pagination Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

118 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

80% prepared5 total queries

Output Escaping

85% escaped139 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

<ap_settings> (inc\ap_settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Alphabetic Pagination Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 2

authwp_ajax_ap_clear_order_loginc\logger.php:2

authwp_ajax_ap_tax_typesindex.php:175

Shortcodes 2

[ap_pagination] index.php:201

[ap_results] index.php:202

WordPress Hooks 12

filterwp_titleinc\functions.php:17

filterposts_joininc\functions.php:867

filterposts_orderbyinc\functions.php:1430

filterposts_whereinc\functions.php:1563

actionpre_get_postsinc\functions.php:2068

actionadmin_enqueue_scriptsindex.php:160

actionwp_enqueue_scriptsindex.php:161

actionadmin_menuindex.php:174

actionadmin_enqueue_scriptsindex.php:179

actionadmin_enqueue_scriptsindex.php:182

actionwp_headindex.php:189

filterpre_get_postsindex.php:195

Maintenance & Trust

Alphabetic Pagination Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.0

Downloads85K

Community Trust

Rating94/100

Number of ratings81

Active installs500

Alternatives

Alphabetic Pagination Alternatives

Endless Posts Navigation

endless-posts-navigation

Endless Posts Navigation is a great plugin to loop your posts/pages with alphabetic order. It is simple to use.

100 1 CVE

TTT Loadmore

ttt-loadmore

WordPress plugin to load more event with your own template.

10 No CVEs

WP-PageNavi

wp-pagenavi

Adds a more advanced paging navigation interface.

500K No CVEs

Load More Products for WooCommerce

load-more-products-for-woocommerce

100

Load products from next page via AJAX with infinite scrolling or load more products button

20K No CVEs

WP-Paginate

wp-paginate

WP-Paginate is a simple and flexible pagination plugin which provides users with better navigation on your WordPress site.

20K 2 CVEs

Developer Profile

Alphabetic Pagination Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

237 days

View full developer profile

Detection Fingerprints

How We Detect Alphabetic Pagination

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/alphabetic-pagination/ap_style.css/wp-content/plugins/alphabetic-pagination/inc/css/ap_admin.css/wp-content/plugins/alphabetic-pagination/ap_responsive.css

Script Paths

/wp-content/plugins/alphabetic-pagination/js/alphabetic-pagination.js/wp-content/plugins/alphabetic-pagination/inc/js/ap_admin.js

Version Parameters

/wp-content/plugins/alphabetic-pagination/ap_style.css?ver=/wp-content/plugins/alphabetic-pagination/js/alphabetic-pagination.js?ver=/wp-content/plugins/alphabetic-pagination/inc/css/ap_admin.css?ver=/wp-content/plugins/alphabetic-pagination/ap_responsive.css?ver=

HTML / DOM Fingerprints

CSS Classes

ap-listap-pagination-listap-letterap-letter-activeap-letter-disabledap-alphabet-wrapap-alphabet-topap-alphabet-bottom+2 more

HTML Comments

Data Attributes

data-ap-filter-post-typedata-ap-target-selector

JS Globals

ap_pagination_settingsap_object

Shortcode Output

[ap_pagination][ap_results]

FAQ