Does Custom Post Archives have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Post Archives have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Post Archives compatible with WordPress 3.1.4?

According to WordPress.org data, Custom Post Archives 1.0.3 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is Custom Post Archives updated?

Custom Post Archives was last updated on Apr 29, 2011. Frequent updates are generally a positive security signal.

What is Custom Post Archives's security score?

Custom Post Archives has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Post Archives Security & Risk Analysis

wordpress.org/plugins/custom-post-archives

Custom Post Archives creates a fully featured set of archives for each post type using a robust back-end and native templating functionality.

20 active installs v1.0.3 PHP + WP 3.0+ Updated Apr 29, 2011

archivescustom-post-typesmod_rewritetemplates

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom Post Archives Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Post Archives has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago

Risk Assessment

The "custom-post-archives" plugin v1.0.3 demonstrates a generally strong security posture with no recorded vulnerabilities and a well-defined attack surface. The absence of AJAX handlers, REST API routes, shortcodes, and cron events without authorization checks is commendable. Furthermore, all SQL queries utilize prepared statements, and the presence of a nonce check and capability checks indicates an effort to implement basic security measures.

However, the static analysis reveals a significant concern: the use of the deprecated and insecure `create_function` function. This function can lead to serious security vulnerabilities if not handled with extreme care, as it allows for the dynamic creation of code that might be influenced by user input. Additionally, only 20% of output escaping is properly handled, suggesting a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not rigorously sanitized before being displayed.

The plugin's clean vulnerability history is a positive sign, suggesting diligent development practices or limited exposure. However, the presence of both the insecure `create_function` and insufficient output escaping means that even without past incidents, inherent risks remain. The plugin benefits from a small attack surface and good SQL handling, but the identified code quality issues represent clear areas for improvement to achieve a robust security profile.

Key Concerns

Use of deprecated and insecure create_function
Low percentage of properly escaped output (20%)

Vulnerabilities

None known

Custom Post Archives Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Custom Post Archives Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionarray_walk($this->_archive_post_types, create_function(custom-post-archives.php:842

Output Escaping

20% escaped15 total outputs

Attack Surface

Custom Post Archives Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 25

actionadmin_initconfig.php:30

actionadmin_menuconfig.php:31

actionadmin_headconfig.php:145

filterplugin_action_linksconfig.php:149

actioninitcustom-post-archives.php:269

actionpublish_postcustom-post-archives.php:270

actiongenerate_rewrite_rulescustom-post-archives.php:271

actionquery_varscustom-post-archives.php:482

actionpre_get_postscustom-post-archives.php:483

actiontemplate_redirectcustom-post-archives.php:484

actionwp_headcustom-post-archives.php:485

filterrequestcustom-post-archives.php:487

filtergetarchives_wherecustom-post-archives.php:488

filterbody_classcustom-post-archives.php:489

filteryear_linkcustom-post-archives.php:490

filtermonth_linkcustom-post-archives.php:491

filterday_linkcustom-post-archives.php:492

filterauthor_linkcustom-post-archives.php:493

filterwp_titlecustom-post-archives.php:494

filterwp_list_pagescustom-post-archives.php:498

filterwp_nav_menucustom-post-archives.php:499

filterwp_nav_menu_itemscustom-post-archives.php:500

filterwp_list_categoriescustom-post-archives.php:505

actionparse_requestcustom-post-archives.php:509

actionadmin_initnav-menu.php:11

Maintenance & Trust

Custom Post Archives Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedApr 29, 2011

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Custom Post Archives Alternatives

Custom post types, Custom Fields & more

custom-post-types

Custom Post Types, Custom Fields, Custom Taxonomies, Custom Templates, Custom Admin Pages, Custom Admin Notices. Directly from the WP dashboard.

3K 3 CVEs

Post Type Archive Descriptions

post-type-archive-descriptions

Enables an editable description to display on post type archive pages. Show the description with WordPress's the_archive_description() function t …

1K No CVEs

Templatify

templatify

This plugin adds Page Templates feature to Posts and Custom Post Types. No settings needed.

200 No CVEs

PTAPS – Post Type Archive Pages and Permalink Settings

post-type-archive-pages-and-permalink-settings

100

Use archive pages for custom post types and improve WordPress SEO by managing permalinks for custom post types and taxonomies.

50 No CVEs

Genesis Custom Post Types Archives

genesis-custom-post-types-archives

Allows you to customize Genesis Custom Post Type archive pages for solid SEO.

40 No CVEs

Developer Profile

Custom Post Archives Developer Profile

Jacob Dunn

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Post Archives

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-post-archives/css/style.css/wp-content/plugins/custom-post-archives/js/custom-post-archives.js

Script Paths

/wp-content/plugins/custom-post-archives/js/custom-post-archives.js

Version Parameters

custom-post-archives/css/style.css?ver=custom-post-archives/js/custom-post-archives.js?ver=

HTML / DOM Fingerprints

CSS Classes

cpa-archivescpa-archive-nav

HTML Comments

This plugin allows for the following types of urls:To register a different base than the default post slug, use the following:

Once redirected, this plugin also allows for you to create post-type specific archive pages in your
templates directory. The convention for naming is as follows:

Also adds ability to add post types to archive lists. ie, the following would return posts plus projects:+12 more

Data Attributes

data-cpa-post-typedata-cpa-base

JS Globals

window.CustomPostArchives

FAQ