Does Posts Order have any unpatched vulnerabilities?

No. All known vulnerabilities in Posts Order have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Posts Order compatible with WordPress 6.1.10?

According to WordPress.org data, Posts Order 1.5.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Posts Order compatible with PHP 7.0+?

Posts Order requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Posts Order updated?

Posts Order was last updated on Jan 26, 2023. Frequent updates are generally a positive security signal.

What is Posts Order's security score?

Posts Order has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Posts Order Security & Risk Analysis

wordpress.org/plugins/category-custom-post-order

Order posts separately for each terms and taxonomies

1K active installs v1.5.0 PHP 7.0+ WP 5.5+ Updated Jan 26, 2023

category-post-ordercustom-post-orderpost-orderposts-ordertaxonomy-post-order

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Posts Order Safe to Use in 2026?

Generally Safe

Score 85/100

Posts Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The category-custom-post-order plugin, version 1.5.0, presents a generally good security posture based on the provided static analysis. The complete absence of an attack surface, including AJAX handlers, REST API routes, shortcodes, and cron events, is a significant strength. Furthermore, the lack of identified dangerous functions, file operations, and external HTTP requests contributes positively. The code signals indicate a commendable effort in output escaping (87% properly escaped) and the presence of a nonce check. However, the lack of capability checks is a notable concern, as it suggests that any entry points, even if not immediately apparent from the static analysis, might not have proper authorization enforced. The SQL query practices are also mixed, with 50% not using prepared statements, which presents a potential risk for SQL injection if those queries handle user-supplied data.

Key Concerns

SQL queries not using prepared statements
No capability checks found

Vulnerabilities

None known

Posts Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Posts Order Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared4 total queries

Output Escaping

87% escaped62 total outputs

Attack Surface

Posts Order Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionplugins_loadedcategory-custom-post-order.php:36

actionadmin_menusrc\Dashboard\Settings.php:15

actionadmin_initsrc\Dashboard\Settings.php:16

actionadmin_menusrc\PostsOrder.php:46

actionparse_tax_querysrc\PostsOrder.php:47

filterposts_clausessrc\PostsOrder.php:49

filterposts_clausessrc\PostsOrder.php:50

filterposts_clausessrc\PostsOrder.php:53

filteradmin_initsrc\PostsOrder.php:54

actioncreate_termsrc\PostsOrder.php:61

actionedit_termsrc\PostsOrder.php:62

actionadmin_enqueue_scriptssrc\PostsOrder.php:64

actioninitsrc\PostsOrder.php:65

Maintenance & Trust

Posts Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedJan 26, 2023

PHP min version7.0

Downloads33K

Community Trust

Rating92/100

Number of ratings17

Active installs1K

Alternatives

Posts Order Alternatives

Sortable Posts

sortable-posts

Sortable Posts is a small plugin for WordPress that adds sortability to post types and taxonomies from the admin panel.

100 No CVEs

Reshuffle – Change Post Order, Product Order, Taxonomy Order

reshuffle

Reorder posts, products, and taxonomy terms via a drag-and-drop interface.

40 No CVEs

Integration of Simple Custom Post Order and WP Rocket

scpo-wp-rocket-integration

Automatically cleans the WP Rocket cache when the posts order is changed.

30 No CVEs

Post Types Order

post-types-order

100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs

Intuitive Custom Post Order

intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs

Developer Profile

Posts Order Developer Profile

Piotr Po

2 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Posts Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/category-custom-post-order/js/posts_order.js

Script Paths

/wp-content/plugins/category-custom-post-order/js/posts_order.js

Version Parameters

category-custom-post-order/js/posts_order.js?ver=

HTML / DOM Fingerprints

CSS Classes

taxonomy-column-ordercategory-custom-post-order-settings

Data Attributes

data-term-iddata-taxonomydata-post-type

JS Globals

posts_order

FAQ