Does Custom post types, Custom Fields & more have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom post types, Custom Fields & more have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom post types, Custom Fields & more compatible with WordPress 6.8.5?

According to WordPress.org data, Custom post types, Custom Fields & more 5.0.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Custom post types, Custom Fields & more compatible with PHP 5.6+?

Custom post types, Custom Fields & more requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Custom post types, Custom Fields & more updated?

Custom post types, Custom Fields & more was last updated on Aug 5, 2025. Frequent updates are generally a positive security signal.

What is Custom post types, Custom Fields & more's security score?

Custom post types, Custom Fields & more has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom post types, Custom Fields & more Security & Risk Analysis

wordpress.org/plugins/custom-post-types

Custom Post Types, Custom Fields, Custom Taxonomies, Custom Templates, Custom Admin Pages, Custom Admin Notices. Directly from the WP dashboard.

3K active installs v5.0.7 PHP 5.6+ WP 4.0+ Updated Aug 5, 2025

cptcustom-fieldscustom-post-typescustom-taxonomiescustom-templates

A · Safe

CVEs total3

Unpatched0

Last CVEApr 4, 2024

Plugin page Download

Safety Verdict

Is Custom post types, Custom Fields & more Safe to Use in 2026?

Generally Safe

Score 98/100

Custom post types, Custom Fields & more has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Apr 4, 2024Updated 8mo ago

Risk Assessment

The plugin 'custom-post-types' v5.0.7 demonstrates a generally good security posture with a significant number of capability checks and all SQL queries utilizing prepared statements. The absence of unprotected entry points is a positive indicator. However, the static analysis reveals some areas for improvement. Notably, 28% of output escaping is not properly handled, which could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs. The single taint flow with an unsanitized path, although not classified as critical or high, warrants attention as it represents a potential avenue for exploitation. The vulnerability history shows three past medium severity CVEs, all of which are reported as patched. The commonality of XSS in past vulnerabilities, combined with the current unescaped output percentage, suggests that XSS remains a persistent concern for this plugin. While the current version appears to have addressed past issues, the potential for similar vulnerabilities due to improper output escaping requires careful monitoring and remediation.

Key Concerns

Unescaped output detected
Taint flow with unsanitized path
Past medium severity XSS vulnerabilities

Vulnerabilities

Custom post types, Custom Fields & more Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2023-6993medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom post types, Custom Fields & more <= 5.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 4, 2024 Patched in 5.0.5 (117d)

WF-eb94520e-a99d-4e34-b174-e01898de0978-custom-post-typesmedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom post types <= 4.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 7, 2023 Patched in 5.0.0 (77d)

CVE-2023-32116medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Custom post types <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Oct 16, 2023 Patched in 5.0.3 (166d)

Code Analysis

Analyzed Mar 16, 2026

Custom post types, Custom Fields & more Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

68 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

72% escaped94 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<page-tools> (includes\templates\page-tools.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Custom post types, Custom Fields & more Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[cpt-field] includes\class-cpt-shortcodes.php:10

[cpt-terms] includes\class-cpt-shortcodes.php:11

[cpt-term-field] includes\class-cpt-shortcodes.php:12

[cpt-option-field] includes\class-cpt-shortcodes.php:13

WordPress Hooks 74

filtercpt_ajax_actions_registerincludes\class-cpt-admin-notices.php:13

actionadmin_initincludes\class-cpt-admin-notices.php:14

actionadmin_noticesincludes\class-cpt-admin-notices.php:114

actionadmin_menuincludes\class-cpt-admin-pages.php:10

filtercpt_admin_notices_registerincludes\class-cpt-admin-pages.php:111

filtercpt_admin_notices_registerincludes\class-cpt-admin-pages.php:131

filtercpt_admin_notices_registerincludes\class-cpt-admin-pages.php:157

actioninitincludes\class-cpt-ajax.php:10

actioninitincludes\class-cpt-field-groups.php:21

filtercpt_admin_notices_registerincludes\class-cpt-field-groups.php:136

actionrest_api_initincludes\class-cpt-fields.php:189

actionadd_meta_boxesincludes\class-cpt-fields.php:230

actionadmin_initincludes\class-cpt-fields.php:336

actionupdate_option_meta-fieldsincludes\class-cpt-fields.php:356

actionadd_meta_boxesincludes\class-cpt-fields.php:441

actionedit_attachmentincludes\class-cpt-fields.php:464

actionadd_meta_boxesincludes\class-cpt-fields.php:494

actionedit_commentincludes\class-cpt-fields.php:517

actionwp_nav_menu_item_custom_fieldsincludes\class-cpt-fields.php:547

actionwp_update_nav_menu_itemincludes\class-cpt-fields.php:567

filtercpt_field_sanitizeincludes\class-cpt-fields.php:657

filtercpt_field_getincludes\class-cpt-fields.php:658

filterplugin_action_linksincludes\class-cpt-plugin.php:12

actioninitincludes\class-cpt-plugin.php:13

filtercpt_admin_notices_registerincludes\class-cpt-plugin.php:115

actioninitincludes\class-cpt-post-types.php:18

actioninitincludes\class-cpt-post-types.php:26

actioninitincludes\class-cpt-post-types.php:39

actionupdated_post_metaincludes\class-cpt-post-types.php:40

filtermanage_posts_columnsincludes\class-cpt-post-types.php:92

actionmanage_posts_custom_columnincludes\class-cpt-post-types.php:112

filtercpt_admin_notices_registerincludes\class-cpt-post-types.php:201

filtercpt_admin_notices_registerincludes\class-cpt-post-types.php:221

filtercpt_admin_notices_registerincludes\class-cpt-post-types.php:257

filtercpt_shortcode_field_outputincludes\class-cpt-shortcodes.php:15

filtercpt_shortcode_term_field_outputincludes\class-cpt-shortcodes.php:16

filtercpt_shortcode_option_field_outputincludes\class-cpt-shortcodes.php:17

actioninitincludes\class-cpt-taxonomies.php:14

actioninitincludes\class-cpt-taxonomies.php:22

actioninitincludes\class-cpt-taxonomies.php:35

actionupdated_post_metaincludes\class-cpt-taxonomies.php:36

filtercpt_admin_notices_registerincludes\class-cpt-taxonomies.php:149

filtercpt_admin_notices_registerincludes\class-cpt-taxonomies.php:169

filtercpt_admin_notices_registerincludes\class-cpt-taxonomies.php:200

actionsave_postincludes\class-cpt-ui.php:15

actionedit_form_after_titleincludes\class-cpt-ui.php:16

filterpost_row_actionsincludes\class-cpt-ui.php:17

filterpost_updated_messagesincludes\class-cpt-ui.php:18

actionadmin_enqueue_scriptsincludes\class-cpt-ui.php:19

filtercpt_admin_notices_registerincludes\class-cpt-ui.php:20

actionadmin_menuincludes\class-cpt-ui.php:21

filtercpt_admin_pages_registerincludes\class-cpt-ui.php:22

filtercpt_field_groups_registerincludes\class-cpt-ui.php:23

filtercpt_field_sanitizeincludes\class-cpt-ui.php:24

actionadmin_footerincludes\class-cpt-ui.php:25

actionadmin_initincludes\class-cpt-ui.php:26

filtersaswp_modify_post_meta_listincludes\compatibilities\saswp.php:3

filtercpt_post_types_registerincludes\compatibilities\v4.php:4

filtercpt_post_types_register_labelsincludes\compatibilities\v4.php:11

filtercpt_post_types_register_argsincludes\compatibilities\v4.php:19

filtercpt_taxonomies_registerincludes\compatibilities\v4.php:29

filtercpt_taxonomies_register_labelsincludes\compatibilities\v4.php:36

filtercpt_taxonomies_register_argsincludes\compatibilities\v4.php:44

filtercpt_field_groups_registerincludes\compatibilities\v4.php:54

filtercpt_field_argsincludes\compatibilities\v4.php:61

filtercpt_field_sanitizeincludes\compatibilities\v4.php:69

filtercpt_field_getincludes\compatibilities\v4.php:80

filtercpt_templates_registerincludes\compatibilities\v4.php:92

filtercpt_admin_pages_registerincludes\compatibilities\v4.php:101

filtercpt_admin_notices_registerincludes\compatibilities\v4.php:110

filtercpt_ajax_actions_registerincludes\fields\class-cpt-field-post-rel.php:123

filtercpt_ajax_actions_registerincludes\fields\class-cpt-field-repeater.php:186

filtercpt_field_sanitizeincludes\fields\class-cpt-field-repeater.php:225

filtercpt_ajax_actions_registerincludes\fields\class-cpt-field-tax-rel.php:123

Maintenance & Trust

Custom post types, Custom Fields & more Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 5, 2025

PHP min version5.6

Downloads128K

Community Trust

Rating92/100

Number of ratings56

Active installs3K

Alternatives

Custom post types, Custom Fields & more Alternatives

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Pods – Custom Content Types and Fields

pods

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

LIQUID TOOLS – Simple Custom Fields & Custom Post Types

liquid-tools

Very simple tool to set up Custom Fields, Custom Post Types, Custom Taxonomies.

90 No CVEs

KontrolWP – Kontrol WordPress Developer Kit

kontrolwp

KontrolWP is an advanced Wordpress plugin for developers. Easily create CMS sites using advanced custom fields, custom post types, SEO and more.

10 No CVEs

Developer Profile

Custom post types, Custom Fields & more Developer Profile

TotalPress.org

3 plugins · 3K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

120 days

View full developer profile

Detection Fingerprints

How We Detect Custom post types, Custom Fields & more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-post-types/assets/css/custom-post-types.css/wp-content/plugins/custom-post-types/assets/js/custom-post-types.js/wp-content/plugins/custom-post-types/assets/js/custom-post-types.min.js

Script Paths

/wp-content/plugins/custom-post-types/assets/js/custom-post-types.js/wp-content/plugins/custom-post-types/assets/js/custom-post-types.min.js

Version Parameters

custom-post-types/assets/css/custom-post-types.css?ver=custom-post-types/assets/js/custom-post-types.js?ver=

HTML / DOM Fingerprints

CSS Classes

cpt-modal-feedback-wrapper

Data Attributes

data-cpt-path

JS Globals

cpt_params

FAQ