WP-Safety

Category Commander Security & Risk Analysis

wordpress.org/plugins/category-commander

Drag & drop ordering for Categories with secure saving, optional autosort, JSON export/import, and accessibility enhancements.

20 active installs v1.0.5 PHP 7.4+ WP 6.0+ Updated Feb 7, 2026
categorydrag-and-dropordersorttaxonomy
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Category Commander Safe to Use in 2026?

Generally Safe

Score 100/100

Category Commander has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "category-commander" plugin v1.0.5 presents a generally strong security posture based on the static analysis and vulnerability history. The plugin demonstrates good security practices by utilizing prepared statements for all SQL queries and implementing nonce and capability checks on several of its entry points. The complete absence of any recorded vulnerabilities, including critical or high severity ones, and a lack of dangerous functions or file operations further contribute to a positive security assessment.

However, a notable concern arises from the output escaping analysis. While a majority of outputs are properly escaped, a significant portion (37%) are not. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly echoed without adequate sanitization. The lack of taint analysis results, while potentially meaning no critical flows were found, also means we cannot definitively rule out all forms of taint-related issues. Despite this, the overall picture is one of a well-maintained and relatively secure plugin, with the primary area for improvement being the consistent application of output escaping.

Key Concerns

  • Significant percentage of unescaped output
Vulnerabilities
None known

Category Commander Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Category Commander Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
31
52 escaped
Nonce Checks
2
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

63% escaped83 total outputs
Attack Surface

Category Commander Attack Surface

Entry Points4
Unprotected0

REST API Routes 4

POST/wp-json/category-commander/v1/orderincludes\class-cc-rest.php:29
POST/wp-json/category-commander/v1/resetincludes\class-cc-rest.php:45
GET/wp-json/category-commander/v1/exportincludes\class-cc-rest.php:55
POST/wp-json/category-commander/v1/importincludes\class-cc-rest.php:65
WordPress Hooks 12
actionplugins_loadedcategory-commander.php:39
actionadmin_menuincludes\class-cc-admin.php:26
actionadmin_enqueue_scriptsincludes\class-cc-admin.php:27
actionadmin_post_cateco_save_settingsincludes\class-cc-admin.php:28
actioncurrent_screenincludes\class-cc-admin.php:31
actionadmin_noticesincludes\class-cc-admin.php:334
filterterms_clausesincludes\class-cc-ordering.php:20
filterwidget_categories_argsincludes\class-cc-ordering.php:21
filterwidget_categories_dropdown_argsincludes\class-cc-ordering.php:22
filterwp_list_categories_argsincludes\class-cc-ordering.php:23
filterwp_dropdown_categories_argsincludes\class-cc-ordering.php:24
actionrest_api_initincludes\class-cc-rest.php:25
Maintenance & Trust

Category Commander Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 7, 2026
PHP min version7.4
Downloads261

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

Category Commander Alternatives

Category Order and Taxonomy Terms Order

Category Order and Taxonomy Terms Order

taxonomy-terms-order

A
99

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs
WP Category Sort

WP Category Sort

wp-category-sort

A
85

The WP Category Sort plugin allows you to easily reorder your categories the way you want via drag and drop.

500 No CVEs
Custom Taxonomy Order

Custom Taxonomy Order

custom-taxonomy-order-ne

A
100

Allows for the ordering of categories and custom taxonomy terms through a simple drag-and-drop interface

50K No CVEs
Categories in Hierarchical Order

Categories in Hierarchical Order

categories-in-hierarchical-order

A
85

Categories in Hierarchical Order plugin maintains the hierarchical order of categories list in the Category tab under your WordPress Admin Post Editor …

2K No CVEs
Posts Order

Posts Order

category-custom-post-order

A
85

Order posts separately for each terms and taxonomies

1K No CVEs
Developer Profile

Category Commander Developer Profile

菅原隆志

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Category Commander

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/category-commander/assets/admin.css/wp-content/plugins/category-commander/assets/admin.js
Version Parameters
category-commander/assets/admin.css?ver=category-commander/assets/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
category-commander-wrap
HTML Comments
<!-- IMPORTANT: The `get_terms` ORDERBY is set to `cateco_order` by this plugin. --><!-- You can reset the custom order on the Category Commander settings page. --><!-- Tip: Click a category (or Tab to its handle), then use Alt (Option on Mac) + ↑ / ↓ to move it with the keyboard. --><!-- Note: If you use caching (plugin, CDN, or server cache), consider clearing it before retesting. -->+2 more
Data Attributes
data-action="cateco_save_settings"data-confirm="resetConfirm"data-nonce="cateco_save_settings"data-autosort-frontdata-autosort-admindata-save-url+1 more
JS Globals
CatecoAdmin
REST Endpoints
/category-commander/v1/categories
FAQ

Frequently Asked Questions about Category Commander