Does Gridster have any unpatched vulnerabilities?

No. All known vulnerabilities in Gridster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Gridster compatible with WordPress 3.6.1?

According to WordPress.org data, Gridster 1.4 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Gridster updated?

Gridster was last updated on Apr 22, 2013. Frequent updates are generally a positive security signal.

What is Gridster's security score?

Gridster has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gridster Security & Risk Analysis

wordpress.org/plugins/cbach-wp-gridster

Use Gridster to manage your content with ease in a customizable grid.

30 active installs v1.4 PHP + WP 3.3+ Updated Apr 22, 2013

drag-dropgrid-layoutgridsterguilayout-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gridster Safe to Use in 2026?

Generally Safe

Score 85/100

Gridster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The cbach-wp-gridster plugin version 1.4 exhibits a generally good security posture based on the provided static analysis. A key strength is the complete absence of unprotected AJAX handlers, REST API routes, shortcodes, or cron events, resulting in zero exposed entry points. The code also demonstrates strong adherence to secure coding practices by exclusively using prepared statements for SQL queries and implementing a significant number of nonce and capability checks. Furthermore, there is no recorded vulnerability history, which is a positive indicator. However, a notable concern is the moderate rate of improper output escaping, with less than half of the identified outputs being properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if the unescaped data originates from user input or untrusted sources. The presence of an unsanitized path flow, although not classified as critical or high severity in the taint analysis, warrants attention as it represents a potential pathway for malicious manipulation.

Key Concerns

Moderate rate of unescaped output
Taint flow with unsanitized path
Bundled outdated jQuery library

Vulnerabilities

None known

Gridster Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gridster Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery1.7.2TinyMCE

Output Escaping

43% escaped72 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

ajax_get_textile_markup_for_jeditable (cbach-wp-gridster.php:1995)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Gridster Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_ajax_gridster_get_postcbach-wp-gridster.php:382

authwp_ajax_ajax_gridster_shortcode_update_modalcbach-wp-gridster.php:385

authwp_ajax_ajax_get_posts_by_type_widget_blockcbach-wp-gridster.php:388

WordPress Hooks 33

actionadmin_noticescbach-wp-gridster.php:216

actioninitcbach-wp-gridster.php:222

actioninitcbach-wp-gridster.php:225

actioninitcbach-wp-gridster.php:228

actioninitcbach-wp-gridster.php:231

actionafter_setup_themecbach-wp-gridster.php:234

actionadmin_print_stylescbach-wp-gridster.php:313

actionadmin_enqueue_scriptscbach-wp-gridster.php:316

filtermanage_edit-gridster_columnscbach-wp-gridster.php:319

filtermanage_gridster_posts_custom_columncbach-wp-gridster.php:322

filtermanage_edit-gridster_sortable_columnscbach-wp-gridster.php:325

filterpost_row_actionscbach-wp-gridster.php:328

actionpost_submitbox_misc_actionscbach-wp-gridster.php:331

actionadmin_menucbach-wp-gridster.php:334

actionadmin_initcbach-wp-gridster.php:337

actionadmin_initcbach-wp-gridster.php:340

actioncurrent_screencbach-wp-gridster.php:343

actionsave_postcbach-wp-gridster.php:346

actiondelete_postcbach-wp-gridster.php:349

actionafter_delete_postcbach-wp-gridster.php:352

filterpost_updated_messagescbach-wp-gridster.php:355

actionpost_edit_form_tagcbach-wp-gridster.php:358

filtermce_external_pluginscbach-wp-gridster.php:361

filtertiny_mce_before_initcbach-wp-gridster.php:364

filtermce_buttonscbach-wp-gridster.php:367

filtermce_external_languagescbach-wp-gridster.php:370

filtergridster_post_types_as_widget_blockscbach-wp-gridster.php:373

filterplugin_row_metacbach-wp-gridster.php:379

actionwp_footercbach-wp-gridster.php:403

actionwp_footercbach-wp-gridster.php:406

filterbody_classcbach-wp-gridster.php:409

filterpost_thumbnail_sizecbach-wp-gridster.php:413

filterpostbox_classes_gridster_gridster_workbench_metaboxcbach-wp-gridster.php:931

Maintenance & Trust

Gridster Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedApr 22, 2013

PHP min version

Downloads23K

Community Trust

Rating60/100

Number of ratings8

Active installs30

Alternatives

Gridster Alternatives

Simple Custom Post Order

simple-custom-post-order

Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.

300K 1 CVE

Theme Check

theme-check

A simple and easy way to test your theme for all the latest WordPress standards and practices. A great theme development tool!

20K No CVEs

One Page Express Companion

one-page-express-companion

The One Page Express Companion plugin adds drag and drop page builder functionality to the One Page Express theme.

10K 2 CVEs

Product Size Charts Plugin for WooCommerce

woo-advanced-product-size-chart

Add product size charts with default template or custom size chart to any of your WooCommerce products.

10K 1 CVE

Admin Management Xtended

admin-management-xtended

Adds AJAX-driven options to some admin management pages with CMS-known functions without having to open the edit screens.

5K 5 CVEs

Developer Profile

Gridster Developer Profile

Carsten Bach

3 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gridster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cbach-wp-gridster/js/cbach-wp-gridster-frontend.js/wp-content/plugins/cbach-wp-gridster/js/cbach-wp-gridster-admin.js/wp-content/plugins/cbach-wp-gridster/css/cbach-wp-gridster.css

Version Parameters

/wp-content/plugins/cbach-wp-gridster/js/cbach-wp-gridster-frontend.js?ver=/wp-content/plugins/cbach-wp-gridster/js/cbach-wp-gridster-admin.js?ver=/wp-content/plugins/cbach-wp-gridster/css/cbach-wp-gridster.css?ver=

HTML / DOM Fingerprints

CSS Classes

gridster_

HTML Comments

Gridster is a WordPress plugin that makes building intuitive draggable layouts from elements spanning multiple columns. You can even dynamically resize, add and remove elements from the grid, as edit the elements content inline.

Data Attributes

data-gridster-id

JS Globals

gridstercbach_wpGridster

Shortcode Output

[gridster]

FAQ