WP-Safety

Custom Layouts – Post + Product grids made easy Security & Risk Analysis

wordpress.org/plugins/custom-layouts

Build a list or grid layout of any post type (posts, products, pages + more).

4K active installs v1.5.1 PHP 7.2+ WP 6.5+ Updated Dec 29, 2025
post-gridpostsproduct-gridproductsrecent-posts
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 5, 2025
Plugin page Download
Safety Verdict

Is Custom Layouts – Post + Product grids made easy Safe to Use in 2026?

Generally Safe

Score 98/100

Custom Layouts – Post + Product grids made easy has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 5, 2025Updated 3mo ago
Risk Assessment

The "custom-layouts" plugin version 1.5.1 demonstrates some good security practices, particularly with its use of prepared statements for SQL queries and a high percentage of properly escaped output. The static analysis shows no critical or high severity taint flows, which is a positive sign regarding potential injection vulnerabilities. Additionally, there are no unprotected REST API routes or AJAX handlers identified in the attack surface, indicating a conscious effort to secure entry points.

However, the plugin has a history of known vulnerabilities, specifically two medium severity CVEs. While currently unpatched vulnerabilities are zero, the recurrence of issues like Missing Authorization and Cross-site Scripting in the past warrants caution. The presence of only two nonce checks and seven capability checks across 23 REST API routes suggests that while some controls are in place, the overall security posture might be less robust than desired, especially if some of these routes handle sensitive operations or user-supplied data.

In conclusion, "custom-layouts" v1.5.1 is not without its strengths, particularly in its handling of SQL and output. Nonetheless, the past vulnerability history, coupled with a seemingly limited number of authorization and nonce checks relative to the attack surface, presents a moderate risk. Vigilance is advised, and users should stay updated on any future security advisories for this plugin.

Key Concerns

  • History of 2 medium severity CVEs
  • Limited Nonce Checks (2/23 entry points)
  • Limited Capability Checks (7/23 entry points)
Vulnerabilities
2

Custom Layouts – Post + Product grids made easy Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-62996medium · 4.3Missing Authorization

Custom Layouts – Post + Product grids made easy <= 1.4.12 - Missing Authorization

Dec 5, 2025 Patched in 1.5.0 (14d)
CVE-2024-43305medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom Layouts – Post + Product grids made easy <= 1.4.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 1.4.12 (4d)
Code Analysis
Analyzed Mar 16, 2026

Custom Layouts – Post + Product grids made easy Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
5 prepared
Unescaped Output
32
169 escaped
Nonce Checks
2
Capability Checks
7
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

71% prepared7 total queries

Output Escaping

84% escaped201 total outputs
Attack Surface

Custom Layouts – Post + Product grids made easy Attack Surface

Entry Points23
Unprotected0

REST API Routes 23

GET/wp-json/custom-layouts/v1/layout/resultsincludes\class-custom-layouts-rest-api.php:59
GET/wp-json/custom-layouts/v1/templates/getincludes\class-custom-layouts-rest-api.php:76
GET/wp-json/custom-layouts/v1/layouts/getincludes\class-custom-layouts-rest-api.php:92
GET/wp-json/custom-layouts/v1/wp/post_typesincludes\class-custom-layouts-rest-api.php:102
GET/wp-json/custom-layouts/v1/wp/authorsincludes\class-custom-layouts-rest-api.php:111
GET/wp-json/custom-layouts/v1/wp/taxonomy/termsincludes\class-custom-layouts-rest-api.php:120
GET/wp-json/custom-layouts/v1/wp/posts/searchincludes\class-custom-layouts-rest-api.php:136
GET/wp-json/custom-layouts/v1/wp/custom-fieldsincludes\class-custom-layouts-rest-api.php:152
GET/wp-json/custom-layouts/v1/wp/taxonomiesincludes\class-custom-layouts-rest-api.php:168
GET/wp-json/custom-layouts/v1/wp/image_sizesincludes\class-custom-layouts-rest-api.php:177
GET/wp-json/custom-layouts/v1/wp/taxonomies/termsincludes\class-custom-layouts-rest-api.php:186
GET/wp-json/custom-layouts/v1/wp/custom-fieldincludes\class-custom-layouts-rest-api.php:223
GET/wp-json/custom-layouts/v1/template/sourcesincludes\class-custom-layouts-rest-api.php:246
GET/wp-json/custom-layouts/v1/template/getincludes\class-custom-layouts-rest-api.php:256
GET/wp-json/custom-layouts/v1/layout/getincludes\class-custom-layouts-rest-api.php:274
POST/wp-json/custom-layouts/v1/template/saveincludes\class-custom-layouts-rest-api.php:291
POST/wp-json/custom-layouts/v1/layout/saveincludes\class-custom-layouts-rest-api.php:327
GET/wp-json/custom-layouts/v1/wp/posts/resultsincludes\class-custom-layouts-rest-api.php:354
GET/wp-json/custom-layouts/v1/wp/postincludes\class-custom-layouts-rest-api.php:410
GET/wp-json/custom-layouts/v1/layout/infoincludes\class-custom-layouts-rest-api.php:426
GET/wp-json/custom-layouts/v1/template/infoincludes\class-custom-layouts-rest-api.php:435
GET/wp-json/custom-layouts/v1/css/regenerateincludes\class-custom-layouts-rest-api.php:444
PUT/wp-json/custom-layouts/v1/layout/infoincludes\class-custom-layouts-rest-api.php:454
WordPress Hooks 59
actionsave_post_cl-layoutincludes\class-custom-layouts-admin.php:84
actionsave_post_cl-templateincludes\class-custom-layouts-admin.php:85
actiondelete_postincludes\class-custom-layouts-admin.php:86
actionwp_trash_postincludes\class-custom-layouts-admin.php:87
actionshutdownincludes\class-custom-layouts-admin.php:88
filterredirect_post_locationincludes\class-custom-layouts-admin.php:89
filtermanage_edit-cl-layout_columnsincludes\class-custom-layouts-admin.php:92
actionmanage_cl-layout_posts_custom_columnincludes\class-custom-layouts-admin.php:93
actioninitincludes\class-custom-layouts-admin.php:96
actioninitincludes\class-custom-layouts-grid.php:57
filterwp_insert_post_dataincludes\class-custom-layouts-permissions.php:41
actionpre_get_postsincludes\class-custom-layouts-query.php:46
actionrest_api_initincludes\class-custom-layouts-rest-api.php:50
actionplugins_loadedincludes\class-custom-layouts.php:279
actionplugins_loadedincludes\class-custom-layouts.php:290
actionadmin_enqueue_scriptsincludes\class-custom-layouts.php:305
actionadmin_enqueue_scriptsincludes\class-custom-layouts.php:306
actionadd_meta_boxesincludes\class-custom-layouts.php:310
actionadmin_menuincludes\class-custom-layouts.php:312
actionadmin_menuincludes\class-custom-layouts.php:313
actionwp_enqueue_scriptsincludes\class-custom-layouts.php:329
actionwp_enqueue_scriptsincludes\class-custom-layouts.php:330
actioninitincludes\class-custom-layouts.php:352
actionsave_postincludes\core\class-data.php:58
actionenqueue_block_editor_assetsincludes\integrations\gutenberg\class-gutenberg.php:81
actioninitincludes\integrations\gutenberg\class-gutenberg.php:82
filterblock_editor_rest_api_preload_pathsincludes\integrations\gutenberg\class-gutenberg.php:83
actionadmin_footerincludes\integrations\gutenberg\class-gutenberg.php:259
filtercustom-layouts/admin/layout_infoincludes\integrations\search-filter-pro\class-search-filter-pro.php:41
filtercustom-layouts/layout/container_classincludes\integrations\search-filter-pro\class-search-filter-pro.php:46
filtercustom-layouts/layout/query_argsincludes\integrations\search-filter-pro\class-search-filter-pro.php:48
filtercustom-layouts/layout/use_cacheincludes\integrations\search-filter-pro\class-search-filter-pro.php:50
actionsearch-filter/settings/initincludes\integrations\search-filter-pro\class-search-filter-pro.php:53
actionsearch-filter/settings/initincludes\integrations\search-filter-pro\class-search-filter-pro.php:56
actionsearch-filter/frontend/data/startincludes\integrations\search-filter-pro\class-search-filter-pro.php:59
filtershortcode_atts_custom-layoutincludes\integrations\search-filter-pro\class-search-filter-pro.php:62
filtersearch-filter/queries/query/get_attributesincludes\integrations\search-filter-pro\class-search-filter-pro.php:228
actionwoocommerce_after_product_orderingincludes\integrations\woocommerce\class-woocommerce.php:27
actionimport_endincludes\integrations\wordpress-importer\class-wordpress-importer.php:28
filtercustom-layouts/layout/idincludes\integrations\wpml\class-wpml.php:43
filtercustom-layouts/template/idincludes\integrations\wpml\class-wpml.php:44
filtercustom-layouts/admin/layout_infoincludes\integrations\wpml\class-wpml.php:46
filtercustom-layouts/admin/template_infoincludes\integrations\wpml\class-wpml.php:47
actioncustom-layouts/settings/get_templates_optionsincludes\integrations\wpml\class-wpml.php:48
actioncustom-layouts/settings/get_layouts_optionsincludes\integrations\wpml\class-wpml.php:49
actioncustom-layouts/settings/templatesincludes\integrations\wpml\class-wpml.php:51
filtercustom-layouts/settings/layouts/argsincludes\integrations\wpml\class-wpml.php:57
filtercustom-layouts/settings/templates/argsincludes\integrations\wpml\class-wpml.php:58
actioncustom-layouts/css/generate/startincludes\integrations\wpml\class-wpml.php:64
actioncustom-layouts/css/generate/finishincludes\integrations\wpml\class-wpml.php:65
filtercustom-layouts/settings/setincludes\integrations\wpml\class-wpml.php:67
filterexcerpt_lengthincludes\template\elements\class-excerpt.php:139
filterexcerpt_moreincludes\template\elements\class-excerpt.php:140
actioncustom-layouts/settings/getincludes\upgrade\1.3.0.php:20
actioncustom-layouts/settings/getincludes\upgrade\1.4.0.php:20
actioncustom-layouts/settings/getincludes\upgrade\1.4.1.php:20
actioncustom-layouts/settings/getincludes\upgrade\1.4.2.php:20
actioncustom-layouts/settings/getincludes\upgrade\1.4.3.php:20
actioncustom-layouts/settings/getincludes\upgrade\1.4.8.php:19
Maintenance & Trust

Custom Layouts – Post + Product grids made easy Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 29, 2025
PHP min version7.2
Downloads70K

Community Trust

Rating100/100
Number of ratings25
Active installs4K
Alternatives

Custom Layouts – Post + Product grids made easy Alternatives

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)

content-views-query-and-display-post-page

A
96

Easy to show posts, pages, custom posts in customizable grid, list, slider, accordion... Available as Widgets (for Elementor), Shortcode, and Blocks.

100K 4 CVEs
Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts

Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts

post-carousel

A
96

Display posts, pages, and taxonomies in beautiful carousel, slider, and grid layouts with advanced filtering. Customizable, Developer-friendly.

20K 4 CVEs
GS Posts Grid – Recent Posts, Category Posts, Post Filter, Slider & List

GS Posts Grid – Recent Posts, Category Posts, Post Filter, Slider & List

posts-grid

A
100

GS Posts Grid – A flexible plugin to display posts in Grid, Masonry, Slider, Popup, List, Card, Table, Filter & Justified Gallery views.

100 No CVEs
KD Post Tile Listview

KD Post Tile Listview

kd-post-tile-listview

A
100

Features Simple and fast configuration Shortcode Future Features Style options Multiple categories Query options A plugin to list posts in til &hellip;

0 No CVEs
PostCrafts – Advanced Post Blocks to Highlight, Summarize and Beautifully Organize Your Posts

PostCrafts – Advanced Post Blocks to Highlight, Summarize and Beautifully Organize Your Posts

postcrafts

A
100

PostCrafts is the best post grid, blog designer, news, magazine, and WordPress blog plugin that comes with various Gutenberg blocks.

0 No CVEs
Developer Profile

Custom Layouts – Post + Product grids made easy Developer Profile

Code Amp

4 plugins · 84K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
594 days
View full developer profile
Detection Fingerprints

How We Detect Custom Layouts – Post + Product grids made easy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-layouts/build/index.asset.php/wp-content/plugins/custom-layouts/build/index.js/wp-content/plugins/custom-layouts/build/index.css/wp-content/plugins/custom-layouts/assets/css/admin.css/wp-content/plugins/custom-layouts/assets/css/admin-login.css
Script Paths
/wp-content/plugins/custom-layouts/build/index.js
Version Parameters
custom-layouts/build/index.asset.php?ver=custom-layouts/build/index.js?ver=custom-layouts/build/index.css?ver=custom-layouts/assets/css/admin.css?ver=custom-layouts/assets/css/admin-login.css?ver=

HTML / DOM Fingerprints

CSS Classes
custom-layout-editor-wrappercustom-layouts-template-editorcustom-layouts-add-new-layout-buttoncustom-layouts-template-editor-contentcustom-layout-block-editor-wrappercustom-layout-single-item-editorcustom-layouts-template-post-type-selectcustom-layouts-layout-design-meta-box+2 more
HTML Comments
<!-- CUSTOM LAYOUTS TEMPLATE EDITOR --><!-- CUSTOM LAYOUTS DEBUG --><!-- CUSTOM LAYOUTS END TEMPLATE EDITOR --><!-- CUSTOM LAYOUTS DEBUG END -->
Data Attributes
data-custom-layouts-editordata-custom-layouts-template-iddata-custom-layouts-editor-config
JS Globals
CustomLayoutsEditorcustomLayouts
REST Endpoints
/wp-json/custom-layouts/v1/templates/wp-json/custom-layouts/v1/template//wp-json/custom-layouts/v1/template
FAQ

Frequently Asked Questions about Custom Layouts – Post + Product grids made easy