WP-Safety

Custom Post Type Sticky Security & Risk Analysis

wordpress.org/plugins/custom-post-type-sticky

Extends sticky post functionality to custom post types in a way that is identical to default posts.

900 active installs v1.2 PHP + WP 4.0+ Updated Sep 1, 2020
custom-post-type-stickymake-custom-post-type-stickysticky-cptsticky-custom-poststicky-post
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Custom Post Type Sticky Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Post Type Sticky has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The static analysis of the "custom-post-type-sticky" v1.2 plugin reveals a generally strong security posture. The absence of known vulnerabilities in its history and the complete lack of critical or high-severity issues in taint analysis are positive indicators. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring 100% output escaping, with no file operations or external HTTP requests detected. The plugin also exhibits a minimal attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks.

Vulnerabilities
None known

Custom Post Type Sticky Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Custom Post Type Sticky Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
0
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries
Attack Surface

Custom Post Type Sticky Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionplugins_loadedcustom-post-type-sticky.php:17
actionadmin_enqueue_scriptscustom-post-type-sticky.php:19
Maintenance & Trust

Custom Post Type Sticky Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedSep 1, 2020
PHP min version
Downloads20K

Community Trust

Rating96/100
Number of ratings4
Active installs900
Alternatives

Custom Post Type Sticky Alternatives

Ultimate Posts Widget

Ultimate Posts Widget

ultimate-posts-widget

A
92

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE
Sticky Posts Expire

Sticky Posts Expire

sticky-posts-expire

A
85

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, it will no longer be sticky.

100 No CVEs
Ultimate Sticky Posts Widget

Ultimate Sticky Posts Widget

ultimate-sticky-posts

A
85

This Widget works well to display sticky/posts or both.

100 No CVEs
WP Category Sticky Posts

WP Category Sticky Posts

category-sticky-posts

A
100

Allows you to set Sticky posts for individual category archives.

50 No CVEs
Post Glue

Post Glue

post-glue

A
85

Sticky posts for WordPress, improved.

30 No CVEs
Developer Profile

Custom Post Type Sticky Developer Profile

Abhay

6 plugins · 4K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom Post Type Sticky

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-post-type-sticky/admin.min.js
Script Paths
admin.min.js
Version Parameters
custom-post-type-sticky/admin.min.js?ver=

HTML / DOM Fingerprints

JS Globals
sscpt
FAQ

Frequently Asked Questions about Custom Post Type Sticky