WP-Safety

Anything Order by Terms Security & Risk Analysis

wordpress.org/plugins/anything-order-by-terms

This plugin allows you to arrange any post types and terms with drag and drop. Save post order for each term.

1K active installs v1.4.0 PHP 5.6+ WP 5.0+ Updated Jul 6, 2022
admincustomdrag-and-dropmenu_orderorder
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJan 21, 2026
Plugin page Download
Safety Verdict

Is Anything Order by Terms Safe to Use in 2026?

Use With Caution

Score 63/100

Anything Order by Terms has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 21, 2026Updated 3yr ago
Risk Assessment

The "anything-order-by-terms" v1.4.0 plugin exhibits a mixed security posture. While static analysis indicates a minimal attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events without authentication or permission checks, and no critical taint analysis findings, there are significant concerns.

The presence of a single SQL query that is not using prepared statements is a notable weakness, potentially exposing the site to SQL injection vulnerabilities. Furthermore, the output escaping is not consistently applied, with 43% of outputs not being properly escaped, creating an XSS risk. The vulnerability history reveals a concerning pattern, with a medium-severity vulnerability reported and still unpatched. The common vulnerability type being "Missing Authorization" is also a red flag, especially given the plugin's limited disclosed entry points.

Overall, while the plugin appears to have a small attack surface and some good practices like nonce and capability checks, the unpatched medium vulnerability, the raw SQL query, and the insufficient output escaping present clear and actionable risks that need to be addressed.

Key Concerns

  • Unpatched medium vulnerability
  • Raw SQL query without prepared statements
  • Insufficient output escaping (43% not properly escaped)
Vulnerabilities
1

Anything Order by Terms Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-24567medium · 4.3Missing Authorization

Anything Order by Terms <= 1.4.0 - Missing Authorization

Jan 21, 2026Unpatched
Version History

Anything Order by Terms Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Anything Order by Terms Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
3
4 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

57% escaped7 total outputs
Attack Surface

Anything Order by Terms Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 11
actionplugins_loadedanything-order.php:70
actionadmin_initmodules\base\class.php:91
actioncurrent_screenmodules\base\class.php:92
filterwoocommerce_sortable_taxonomiesmodules\base\compatibility.php:18
filteradmin_enqueue_scriptsmodules\base\compatibility.php:21
actionparse_tax_querymodules\post\class.php:30
filterposts_orderbymodules\post\class.php:48
filterposts_fieldsmodules\post\class.php:51
filterposts_joinmodules\post\class.php:52
filterposts_orderbymodules\post\class.php:53
filterterms_clausesmodules\taxonomy\class.php:22
Maintenance & Trust

Anything Order by Terms Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 6, 2022
PHP min version5.6
Downloads17K

Community Trust

Rating86/100
Number of ratings6
Active installs1K
Alternatives

Anything Order by Terms Alternatives

Anything Order

Anything Order

anything-order

A
85

Reorder any post types and taxonomies with drag and drop.

300 No CVEs
Post Order Manager

Post Order Manager

post-order-manager

A
100

Reorder posts using a simple drag-and-drop interface and update the menu_order field in seconds.

0 No CVEs
Admin Menu Customizer

Admin Menu Customizer

admin-menu-customizer

A
85

Customize the order of the admin menu and optionally change menu item titles or hide some items.

10 No CVEs
AJAX Admin Menu Editor

AJAX Admin Menu Editor

ajax-admin-menu-editor

A
85

Easily reorder your admin menu items with simple drag & drop operation

0 No CVEs
Product Customer List for WooCommerce

Product Customer List for WooCommerce

wc-product-customer-list

A
92

Display a list of customers who bought a specific product at the bottom of the product edit page in WooCommerce and send them e-mails.

9K No CVEs
Developer Profile

Anything Order by Terms Developer Profile

briarinc

2 plugins · 1K total installs

81
trust score
Avg Security Score
82/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Anything Order by Terms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/anything-order-by-terms/assets/css/admin.css/wp-content/plugins/anything-order-by-terms/assets/css/style.css/wp-content/plugins/anything-order-by-terms/assets/js/admin.js/wp-content/plugins/anything-order-by-terms/assets/js/admin_order.js/wp-content/plugins/anything-order-by-terms/assets/js/libs/jquery/ui.min.js
Script Paths
/wp-content/plugins/anything-order-by-terms/assets/js/admin.js/wp-content/plugins/anything-order-by-terms/assets/js/admin_order.js/wp-content/plugins/anything-order-by-terms/assets/js/libs/jquery/ui.min.js
Version Parameters
anything-order-by-terms/assets/css/admin.css?ver=anything-order-by-terms/assets/css/style.css?ver=anything-order-by-terms/assets/js/admin.js?ver=anything-order-by-terms/assets/js/admin_order.js?ver=anything-order-by-terms/assets/js/libs/jquery/ui.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
anything-orderanything-order-idanything-order-order
Data Attributes
data-actiondata-iddata-order
JS Globals
Anything_Orderanything_order_i18n
REST Endpoints
/wp-json/anything-order/v1/update
FAQ

Frequently Asked Questions about Anything Order by Terms