Custom Taxonomy Order Security & Risk Analysis

wordpress.org/plugins/custom-taxonomy-order

Allows for a custom order of taxonomies.

10 active installs v1.0.0 PHP 5.6+ WP 4.0+ Updated Feb 15, 2019
customorderreordertaxonomyterms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Custom Taxonomy Order Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Taxonomy Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "custom-taxonomy-order" plugin version 1.0.0 presents a mixed security posture. While it demonstrates good practices in avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, significant concerns arise from its limited attack surface and the lack of security checks on that entry point. The presence of a single AJAX handler without any authentication or capability checks is a major vulnerability, potentially allowing unauthorized users to execute arbitrary actions. This is further exacerbated by the fact that 38% of outputs are not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The plugin's vulnerability history is clean, indicating a lack of previously discovered security flaws, which is a positive sign. However, this does not negate the immediate risks identified in the static analysis. Overall, while the plugin has strengths in its codebase, the unprotected AJAX endpoint and unescaped output make it a moderate security risk that requires immediate attention.

Key Concerns

  • AJAX handler without auth checks
  • Output escaping is not properly implemented
  • Nonce checks are missing
  • Capability checks are missing
Vulnerabilities
None known

Custom Taxonomy Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Custom Taxonomy Order Release Timeline

v1.0.0Current
Code Analysis
Analyzed Mar 17, 2026

Custom Taxonomy Order Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

38% escaped8 total outputs
Attack Surface
1 unprotected

Custom Taxonomy Order Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_update_taxonomy_orderincludes\custom-taxonomy-order.php:32
WordPress Hooks 8
actionplugins_loadedcustom-taxonomy-order.php:50
actioninitincludes\custom-taxonomy-order.php:24
actionadmin_menuincludes\custom-taxonomy-order.php:27
actionadmin_initincludes\custom-taxonomy-order.php:28
actionadmin_headincludes\custom-taxonomy-order.php:29
filterterms_clausesincludes\custom-taxonomy-order.php:155
filterterms_clausesincludes\custom-taxonomy-order.php:167
actionadmin_footer_textincludes\custom-taxonomy-order.php:233
Maintenance & Trust

Custom Taxonomy Order Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.0
Last updatedFeb 15, 2019
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Custom Taxonomy Order Developer Profile

Magda Sicknick

7 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Custom Taxonomy Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/custom-taxonomy-order/assets/css/admin.css/wp-content/plugins/custom-taxonomy-order/assets/js/admin.js
Script Paths
/wp-content/plugins/custom-taxonomy-order/assets/js/admin.js
Version Parameters
custom-taxonomy-order/assets/css/admin.css?ver=custom-taxonomy-order/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-list-tablewidefatfixedpages
Data Attributes
data-taxonomydata-term-iddata-position
JS Globals
ms_cto_data
FAQ

Frequently Asked Questions about Custom Taxonomy Order