Does CMS Tree Page View have any unpatched vulnerabilities?

No. All known vulnerabilities in CMS Tree Page View have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CMS Tree Page View compatible with WordPress 6.5.0?

According to WordPress.org data, CMS Tree Page View 1.6.8 has been tested up to WordPress 6.5.0. Check the plugin's changelog for the latest compatibility information.

How often is CMS Tree Page View updated?

CMS Tree Page View was last updated on Apr 12, 2024. Frequent updates are generally a positive security signal.

What is CMS Tree Page View's security score?

CMS Tree Page View has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CMS Tree Page View Security & Risk Analysis

wordpress.org/plugins/cms-tree-page-view

Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.

50K active installs v1.6.8 PHP + WP 3.8+ Updated Apr 12, 2024

custom-postspagepagespoststree

A · Safe

CVEs total3

Unpatched0

Last CVEApr 20, 2023

Plugin page Download

Safety Verdict

Is CMS Tree Page View Safe to Use in 2026?

Generally Safe

Score 91/100

CMS Tree Page View has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 20, 2023Updated 1yr ago

Risk Assessment

The "cms-tree-page-view" v1.6.8 plugin presents a mixed security posture. On the positive side, the plugin exclusively uses prepared statements for its SQL queries, which is a strong defense against SQL injection. It also correctly implements nonce checks and capability checks for most of its entry points, and avoids file operations and external HTTP requests. However, significant concerns arise from its attack surface. All four identified AJAX handlers lack authorization checks, making them directly exploitable if a vulnerability exists within their logic. This is further compounded by the taint analysis revealing two flows with unsanitized paths, indicating a potential for input manipulation that could lead to unintended consequences.

Key Concerns

AJAX handlers without auth checks
Taint flows with unsanitized paths
Low output escaping percentage
Medium severity vulnerability history (3 total)

Vulnerabilities

CMS Tree Page View Security Vulnerabilities

CVEs by Year

1 CVE in 2012

2012

1 CVE in 2017

2017

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2023-30868medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CMS Tree Page View <= 1.6.7 - Reflected Cross-Site Scripting via 'post_type'

Apr 20, 2023 Patched in 1.6.8 (278d)

WF-13d16955-056d-45c5-b0d1-891767e866b2-cms-tree-page-viewmedium · 4.3Missing Authorization

CMS Tree Page View < 1.4 - Missing Authorization Checks

Oct 20, 2017 Patched in 1.4 (2286d)

CVE-2012-1834medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CMS Tree Page View < 0.8.9 - Cross-Site Scripting

Mar 26, 2012 Patched in 0.8.9 (4320d)

Code Analysis

Analyzed Mar 16, 2026

CMS Tree Page View Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared11 total queries

Output Escaping

42% escaped69 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

cmstpv_filter_views_edit_postsoverview (functions.php:594)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

CMS Tree Page View Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_cms_tpv_get_childsindex.php:68

authwp_ajax_cms_tpv_move_pageindex.php:69

authwp_ajax_cms_tpv_add_pageindex.php:70

authwp_ajax_cms_tpv_add_pagesindex.php:71

WordPress Hooks 11

filterwp_insert_post_datafunctions.php:83

filterplugin_row_metafunctions.php:424

actioncms_tree_page_view/before_wrapperfunctions.php:431

actioninitindex.php:55

actionadmin_initindex.php:58

actionadmin_enqueue_scriptsindex.php:59

actionadmin_initindex.php:60

actionadmin_menuindex.php:63

actionadmin_headindex.php:64

actionwp_dashboard_setupindex.php:65

actioninitindex.php:82

Maintenance & Trust

CMS Tree Page View Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.0

Last updatedApr 12, 2024

PHP min version

Downloads1.6M

Community Trust

Rating98/100

Number of ratings360

Active installs50K

Alternatives

CMS Tree Page View Alternatives

Auto Attachments Cleaner

auto-attachments-cleaner

Automatically deletes attachments on post delete

70 No CVEs

Custom HTML/PHP Post Templates

html-php-pages-and-posts

Use your HTML or PHP files for any page or post.

60 No CVEs

Simple Custom Posts per Page

simple-custom-posts-per-page

This plugin allows to configure the number of posts displayed for every custom post registered.

50 No CVEs

Landing Page Creator With Custom Posts

landing-page-creator-with-custom-posts

Create landing pages, A-B tests, or other types of pages using custom posts. Set background color, background image or video, amount of content column …

10 No CVEs

Duplicate Page

duplicate-page

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M 3 CVEs

Developer Profile

CMS Tree Page View Developer Profile

Pär Thernström

11 plugins · 361K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1680 days

View full developer profile

Detection Fingerprints

How We Detect CMS Tree Page View

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cms-tree-page-view/css/cms-tree-page-view.css/wp-content/plugins/cms-tree-page-view/css/jquery-ui.css/wp-content/plugins/cms-tree-page-view/css/style.css/wp-content/plugins/cms-tree-page-view/js/cms-tree-page-view.js/wp-content/plugins/cms-tree-page-view/js/jquery-ui.js/wp-content/plugins/cms-tree-page-view/js/jquery-ui-sortable.js/wp-content/plugins/cms-tree-page-view/js/jquery.cookie.js/wp-content/plugins/cms-tree-page-view/js/jquery.jeditable.js+2 more

Script Paths

/wp-content/plugins/cms-tree-page-view/js/cms-tree-page-view.js/wp-content/plugins/cms-tree-page-view/js/jquery-ui.js/wp-content/plugins/cms-tree-page-view/js/jquery-ui-sortable.js/wp-content/plugins/cms-tree-page-view/js/jquery.cookie.js/wp-content/plugins/cms-tree-page-view/js/jquery.jeditable.js/wp-content/plugins/cms-tree-page-view/js/jquery.livequery.js+1 more

Version Parameters

cms-tree-page-view/css/cms-tree-page-view.css?ver=cms-tree-page-view/css/jquery-ui.css?ver=cms-tree-page-view/css/style.css?ver=cms-tree-page-view/js/cms-tree-page-view.js?ver=cms-tree-page-view/js/jquery-ui.js?ver=cms-tree-page-view/js/jquery-ui-sortable.js?ver=cms-tree-page-view/js/jquery.cookie.js?ver=cms-tree-page-view/js/jquery.jeditable.js?ver=cms-tree-page-view/js/jquery.livequery.js?ver=cms-tree-page-view/js/jquery.url.js?ver=

HTML / DOM Fingerprints

CSS Classes

cms-tree-page-view-containercms-tpv-rowcms-tpv-page-titlecms-tpv-page-statuscms-tpv-page-ordercms-tpv-post-actionscms-tpv-page-parentcms-tpv-page-type+9 more

HTML Comments

+3 more

Data Attributes

data-post-iddata-ref-post-iddata-post-typedata-post-parentdata-post-statusdata-cms-tpv-nonce

JS Globals

cms_tpv_get_childscms_tpv_move_pagecms_tpv_add_pagecms_tpv_add_pagesCMS_TPV_URLCMS_TPV_VERSION+4 more

FAQ