Does Blog Filter Post Filtering have any unpatched vulnerabilities?

No. All known vulnerabilities in Blog Filter Post Filtering have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Blog Filter Post Filtering compatible with WordPress 6.9.4?

According to WordPress.org data, Blog Filter Post Filtering 1.7.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Blog Filter Post Filtering compatible with PHP 7.0+?

Blog Filter Post Filtering requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Blog Filter Post Filtering updated?

Blog Filter Post Filtering was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Blog Filter Post Filtering's security score?

Blog Filter Post Filtering has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Filter Post Filtering Security & Risk Analysis

wordpress.org/plugins/blog-filter

Blog Filter helps users display posts in filterable grid and masonry layouts. Organize content by categories or tags with customizable designs.

7K active installs v1.7.7 PHP 7.0+ WP 5.0+ Updated Mar 5, 2026

blog-filterblog-layoutcategory-filterpost-gridtag-filter

A · Safe

CVEs total2

Unpatched0

Last CVEDec 29, 2025

Download

Safety Verdict

Is Blog Filter Post Filtering Safe to Use in 2026?

Generally Safe

Score 98/100

Blog Filter Post Filtering has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 29, 2025Updated 29d ago

Risk Assessment

The "blog-filter" plugin v1.7.7 exhibits a generally strong security posture based on the static analysis. The complete absence of critical or high severity taint flows, along with the use of prepared statements for all SQL queries and a very high percentage of properly escaped output, are significant strengths. The presence of nonce and capability checks on its entry points further mitigates potential attack vectors. However, the plugin's vulnerability history reveals two past medium severity CVEs, both attributed to Cross-Site Scripting (XSS). While currently unpatched vulnerabilities are reported as zero, the recurring nature of XSS vulnerabilities in its history suggests a potential ongoing weakness in input sanitization for specific scenarios, even if not flagged in the current static analysis. The plugin also has a moderate attack surface with 5 total entry points, although all are currently protected by authentication checks. The last reported vulnerability in 2025 is also a concerning indicator, suggesting potential for future vulnerabilities if past patterns repeat. Overall, the plugin has implemented good security practices, but the historical XSS trend warrants a cautious approach and continued vigilance.

Key Concerns

Recurring XSS vulnerability history
Medium severity CVEs recorded

Vulnerabilities

Blog Filter Post Filtering Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-69033medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog Filter <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 29, 2025 Patched in 1.7.4 (11d)

CVE-2023-5291medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Oct 3, 2023 Patched in 1.5.4 (112d)

Code Analysis

Analyzed Mar 16, 2026

Blog Filter Post Filtering Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

489 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped497 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

bfg_get_terms_for_taxonomy_callback (blog-filter.php:221)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Blog Filter Post Filtering Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 4

authwp_ajax_load_moreblog-filter.php:167

noprivwp_ajax_load_moreblog-filter.php:169

authwp_ajax_get_taxonomies_for_post_typeblog-filter.php:173

authwp_ajax_get_terms_for_taxonomyblog-filter.php:175

Shortcodes 1

[AWL-BlogFilter] blog-filter-shortcode.php:13

WordPress Hooks 5

actionplugins_loadedblog-filter.php:52

actionadmin_menublog-filter.php:55

actionwp_enqueue_scriptsblog-filter.php:165

filterwp_lazy_loading_enabledblog-filter.php:171

actionwp_enqueue_scriptsblog-filter.php:385

Maintenance & Trust

Blog Filter Post Filtering Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.0

Downloads336K

Community Trust

Rating98/100

Number of ratings77

Active installs7K

Alternatives

Blog Filter Post Filtering Alternatives

BlogLentor – Blog Designer Pack for Elementor

bloglentor-for-elementor

Design and modify your blog with creative layouts. You can easily design your blog posts with slider, Carousel and different skins with pagination.

5K 1 unpatched

Post grid and filter ultimate

post-grid-and-filter-ultimate

100

A quick, easy way to display WordPress post in grid view and post grid with filter. Also work with Gutenberg shortcode block.

5K No CVEs

Blog, Posts and Category Filter for Elementor

blog-posts-and-category-for-elementor

Blog, Posts and Category Filter for Elementor lets you filter your Blog posts with Category. You can now display more posts to your users.

1K 2 CVEs

PostExtra – News and Magazine Blog Post Blocks for Gutenberg & FSE

post-extra

100

Magazine‑style post grids, lists, and carousels for Gutenberg and FSE – design high‑engagement blog and news layouts without coding.

100 No CVEs

Findit Post Search and Filter

findit-post-search-and-filter

100

A clean, responsive AJAX-powered search plugin for WordPress posts with keyword highlighting, category/tag filtering, and load more pagination.

0 No CVEs

Developer Profile

Blog Filter Post Filtering Developer Profile

A WP Life

61 plugins · 64K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

267 days

View full developer profile

Detection Fingerprints

How We Detect Blog Filter Post Filtering

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/blog-filter/css/blog-filter.css/wp-content/plugins/blog-filter/css/magnific-popup.css/wp-content/plugins/blog-filter/js/blog-filter.js/wp-content/plugins/blog-filter/js/jquery.magnific-popup.js/wp-content/plugins/blog-filter/js/isotope.js/wp-content/plugins/blog-filter/js/isotope-init.js

Script Paths

/wp-content/plugins/blog-filter/js/blog-filter.js/wp-content/plugins/blog-filter/js/jquery.magnific-popup.js/wp-content/plugins/blog-filter/js/isotope.js/wp-content/plugins/blog-filter/js/isotope-init.js

Version Parameters

blog-filter/css/blog-filter.css?ver=blog-filter/css/magnific-popup.css?ver=blog-filter/js/blog-filter.js?ver=blog-filter/js/jquery.magnific-popup.js?ver=blog-filter/js/isotope.js?ver=blog-filter/js/isotope-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

bfg-overflow-autobfg-w-fullbfg-border-collapsebfg-borderbfg-border-gray-300bfg-bg-gray-200bfg-p-2bfg-filter-container+5 more

HTML Comments

Data Attributes

data-bfg-post-typedata-bfg-taxonomydata-bfg-term-iddata-bfg-parent-term-id

JS Globals

blogFilterConfigbfg_ajax_object

REST Endpoints

/wp-json/blog-filter/v1/get-posts

Shortcode Output

<div class="bfg-blog-filter bfg-filter-container"><div class="bfg-filter-nav"><span class="bfg-filter-item bfg-filter-item-active" data-filter="*"><button>

FAQ