Does CPO Content Types have any unpatched vulnerabilities?

No. All known vulnerabilities in CPO Content Types have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CPO Content Types compatible with WordPress 6.9.4?

According to WordPress.org data, CPO Content Types 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CPO Content Types compatible with PHP 5.6+?

CPO Content Types requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CPO Content Types updated?

CPO Content Types was last updated on Dec 2, 2025. Frequent updates are generally a positive security signal.

What is CPO Content Types's security score?

CPO Content Types has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CPO Content Types Security & Risk Analysis

wordpress.org/plugins/cpo-content-types

Add support for special content types in your website, such as a portfolio, features, and slides.

3K active installs v1.1.1 PHP 5.6+ WP 4.0+ Updated Dec 2, 2025

clientsfeaturesportfolioslidertestimonials

A · Safe

CVEs total1

Unpatched0

Last CVEMar 3, 2023

Download

Safety Verdict

Is CPO Content Types Safe to Use in 2026?

Generally Safe

Score 100/100

CPO Content Types has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2023Updated 4mo ago

Risk Assessment

The "cpo-content-types" plugin version 1.1.1 exhibits a generally good security posture with some notable weaknesses. The plugin has a very small attack surface, with only one AJAX handler, and importantly, this handler appears to be protected by authentication checks, which is a positive sign. The code analysis shows a healthy use of prepared statements for SQL queries (91%) and proper output escaping for the majority of outputs (78%). The absence of file operations and external HTTP requests further strengthens its security profile. However, the plugin has a known medium severity vulnerability related to Cross-Site Scripting (XSS) discovered in March 2023, which is currently unpatched. While the static analysis didn't reveal any direct XSS vulnerabilities in the provided data, the historical vulnerability is a significant concern. The lack of capability checks and only two nonce checks in the code also present potential areas for improvement, as they could be leveraged in conjunction with other vulnerabilities if they existed.

Key Concerns

Unpatched medium severity CVE found
No capability checks found
Output escaping could be improved (22% not escaped)
SQL queries have some raw usage (9% not prepared)

Vulnerabilities

CPO Content Types Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-25451medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CPO Content Types <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 3, 2023 Patched in 1.1.1 (700d)

Code Analysis

Analyzed Mar 16, 2026

CPO Content Types Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared11 total queries

Output Escaping

78% escaped27 total outputs

Attack Surface

CPO Content Types Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_update-menu-orderincludes\class-simple-custom-post-order.php:11

WordPress Hooks 37

actionplugins_loadedcpo-content-types.php:24

actionadmin_print_stylescpo-content-types.php:37

actionmanage_posts_custom_columncpo-content-types.php:45

actioninitcposts\cpost-clients.php:4

filtermanage_edit-cpo_client_columnscposts\cpost-clients.php:45

actioninitcposts\cpost-features.php:4

filtermanage_edit-cpo_feature_columnscposts\cpost-features.php:45

actioninitcposts\cpost-portfolio.php:4

filtermanage_edit-cpo_portfolio_columnscposts\cpost-portfolio.php:50

actioninitcposts\cpost-portfolio.php:68

actioninitcposts\cpost-portfolio.php:104

actionpre_get_postscposts\cpost-portfolio.php:141

actioninitcposts\cpost-products.php:4

filtermanage_edit-cpo_product_columnscposts\cpost-products.php:45

actioninitcposts\cpost-products.php:63

actioninitcposts\cpost-products.php:99

actioninitcposts\cpost-services.php:4

filtermanage_edit-cpo_service_columnscposts\cpost-services.php:50

actioninitcposts\cpost-services.php:68

actioninitcposts\cpost-services.php:104

actioninitcposts\cpost-slides.php:4

filtermanage_edit-cpo_slide_columnscposts\cpost-slides.php:44

actioninitcposts\cpost-team.php:4

filtermanage_edit-cpo_team_columnscposts\cpost-team.php:44

actioninitcposts\cpost-team.php:60

actioninitcposts\cpost-testimonials.php:4

filtermanage_edit-cpo_testimonial_columnscposts\cpost-testimonials.php:44

actionadmin_initincludes\class-simple-custom-post-order.php:7

actionadmin_initincludes\class-simple-custom-post-order.php:8

actionadmin_initincludes\class-simple-custom-post-order.php:9

actionpre_get_postsincludes\class-simple-custom-post-order.php:13

filterget_previous_post_whereincludes\class-simple-custom-post-order.php:15

filterget_previous_post_sortincludes\class-simple-custom-post-order.php:16

filterget_next_post_whereincludes\class-simple-custom-post-order.php:17

filterget_next_post_sortincludes\class-simple-custom-post-order.php:18

actionadmin_menuincludes\settings.php:4

actionadmin_initincludes\settings.php:24

Maintenance & Trust

CPO Content Types Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 2, 2025

PHP min version5.6

Downloads106K

Community Trust

Rating100/100

Number of ratings1

Active installs3K

Alternatives

CPO Content Types Alternatives

Smart Testimonials plugin

smart-testimonials

100

Smart testimonials plugin will allow webmaster to turn the boring looking testimonials into a fancy attractive page with several formatting options.

10 No CVEs

WPshed Theme Extras

wpshed-theme-extras

100

WTE add powerful features to your Theme. It is designed to work with WPshed Themes, but all featured can be used in any other theme.

10 No CVEs

IDT Testimonial

idt-testimonial

Simple plugin to Show testimonials on pages, widgets and posts.

0 No CVEs

Strong Testimonials

strong-testimonials

An easy-to-use testimonial plugin to collect and show customer feedback in WordPress

90K 14 CVEs

Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials

testimonial-free

A Customizable Testimonial plugin to Automate Collecting, Filtering, and Publishing Customer Reviews. Testimonial Slider, Grid & More to Grow Sales

40K 3 CVEs

Developer Profile

CPO Content Types Developer Profile

WP Chill

29 plugins · 440K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

608 days

View full developer profile

Detection Fingerprints

How We Detect CPO Content Types

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cpo-content-types/assets/css/admin.css/wp-content/plugins/cpo-content-types/assets/js/scporder.js/wp-content/plugins/cpo-content-types/assets/css/scporder.css

Script Paths

/wp-content/plugins/cpo-content-types/assets/js/scporder.js

Version Parameters

cpo-content-types/assets/css/admin.css?ver=cpo-content-types/assets/js/scporder.js?ver=cpo-content-types/assets/css/scporder.css?ver=

HTML / DOM Fingerprints

CSS Classes

column-ctct-imagecolumn-ctct-portfolio-catscolumn-ctct-portfolio-tagscolumn-ctct-service-catscolumn-ctct-service-tags

Data Attributes

data-post-type

JS Globals

scporder

FAQ