Custom Posts Order Security & Risk Analysis
wordpress.org/plugins/custom-posts-orderA plugin which allows you to order the posts with simple Drag and Drop Sortable capability.
Is Custom Posts Order Safe to Use in 2026?
Use With Caution
Score 63/100Custom Posts Order has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The custom-posts-order plugin v4.4 presents a mixed security posture. While it has a seemingly small attack surface with no reported AJAX handlers or REST API routes that lack authentication, and a single shortcode as its only entry point, the code analysis reveals significant concerns. A notable red flag is the presence of SQL queries that are not using prepared statements, alongside a concerning number of taint flows with unsanitized paths, specifically two classified as high severity. This indicates potential for data injection or manipulation vulnerabilities.
The plugin's vulnerability history is also a cause for concern. Having one known CVE, which is currently unpatched, and a medium severity rating, suggests a pattern of past security weaknesses. The common vulnerability type of Cross-Site Request Forgery (CSRF) indicates a potential for users to be tricked into performing unintended actions. Although the plugin demonstrates some strengths, like a majority of outputs being properly escaped, the combination of unsanitized taint flows and unpatched vulnerabilities creates a tangible risk that requires attention.
Key Concerns
- Unpatched CVE
- High severity taint flow
- High severity taint flow
- SQL queries not using prepared statements
- Unsanitized taint paths
- Unsanitized taint paths
- Unsanitized taint paths
- Unsanitized taint paths
- Unsanitized taint paths
- No nonce checks
- No capability checks
- Output escaping is not fully proper
Custom Posts Order Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Custom Posts Order <= 4.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Custom Posts Order Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Custom Posts Order Attack Surface
Shortcodes 1
WordPress Hooks 5
Maintenance & Trust
Custom Posts Order Maintenance & Trust
Maintenance Signals
Community Trust
Custom Posts Order Alternatives
Better Posts Plus
better-posts-plus
The simplest way to change posts order (and more!) to create your own style!
Awesome Food Ordering, Delivery & Pickup Solution
nahian-food-delivery-pickup-soluition
Awesome Food Delivery & Pickup Solution is a professional-grade ERP designed for high-volume restaurants, cloud kitchens, and eateries.
Simple Custom Post Order
simple-custom-post-order
Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.
Simple Page Ordering
simple-page-ordering
Order your pages and other custom post types that support "page-attributes" with drag and drop right from the standard page list.
Rearrange Products for WooCommerce
rearrange-woocommerce-products
Boost WooCommerce sales with the Rearrange Products for WooCommerce plugin. Easily reorder products with a simple drag-and-drop tool!
Custom Posts Order Developer Profile
2 plugins · 200 total installs
How We Detect Custom Posts Order
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/custom-posts-order/css/cpo_style.css/wp-content/plugins/custom-posts-order/js/orderposts.js/wp-content/plugins/custom-posts-order/css/custompostdisplay.css/wp-content/plugins/custom-posts-order/js/orderposts.jsHTML / DOM Fingerprints
addsecformaddsecformtableerror_msgcpo_posts_listing_table<!-- Function to add option name in wp_options table --><!-- Function to display new section Form (Page 1) --><!-- Function to display Section Listing (Page 1) -->name='pname'id='pname'name='addpostsection'id='addpostsection'name='delete_posts'id='delete_posts'+2 morejQuery<div class="postsinfo"><div class="postlist"><div class="posttitle">