Does Customize Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Customize Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Customize Posts compatible with WordPress 4.9.0?

According to WordPress.org data, Customize Posts 0.9.1 has been tested up to WordPress 4.9.0. Check the plugin's changelog for the latest compatibility information.

How often is Customize Posts updated?

Customize Posts was last updated on Nov 14, 2017. Frequent updates are generally a positive security signal.

What is Customize Posts's security score?

Customize Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Customize Posts Security & Risk Analysis

wordpress.org/plugins/customize-posts

Edit posts and postmeta in the Customizer. Stop editing your posts/postmeta blind!

1K active installs v0.9.1 PHP + WP 4.7.0+ Updated Nov 14, 2017

customizecustomizereditorpostmetaposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Customize Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Customize Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "customize-posts" plugin v0.9.1 demonstrates a generally strong security posture, primarily due to its adherence to secure coding practices. The absence of known CVEs, critical taint flows, and raw SQL queries using prepared statements are significant strengths. The plugin also exhibits robust use of nonce and capability checks, coupled with a high percentage of properly escaped output, indicating a diligent approach to preventing common web vulnerabilities. The attack surface is relatively small and appears to be well-protected by authorization checks.

However, there are minor areas for improvement. The presence of a file operation, while not inherently malicious, warrants careful review to ensure it does not expose unintended functionality. The use of a bundled library, Select2, raises a potential concern if it is not kept up-to-date, as outdated libraries can be a vector for vulnerabilities. While the current static analysis and vulnerability history are reassuring, a proactive approach to library management is always recommended for long-term security.

Overall, "customize-posts" v0.9.1 appears to be a secure plugin, with its developers employing good security practices. The limited scope for potential risks is well-managed by authorization and sanitization measures. The lack of historical vulnerabilities further supports its reliability. The main recommendation would be to ensure bundled libraries are maintained and any file operations are strictly necessary and secure.

Key Concerns

Bundled library (Select2) used
File operations present in code

Vulnerabilities

None known

Customize Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Customize Posts Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared11 total queries

Output Escaping

85% escaped71 total outputs

Attack Surface

Customize Posts Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_set-post-thumbnailphp\class-wp-customize-featured-image-controller.php:145

authwp_ajax_customize-posts-insert-auto-draftphp\class-wp-customize-posts.php:113

authwp_ajax_customize-posts-fetch-settingsphp\class-wp-customize-posts.php:114

authwp_ajax_customize-posts-select2-queryphp\class-wp-customize-posts.php:115

WordPress Hooks 95

actionadmin_noticesphp\class-customize-posts-plugin.php:51

actionwp_default_scriptsphp\class-customize-posts-plugin.php:65

actionwp_default_stylesphp\class-customize-posts-plugin.php:66

actioninitphp\class-customize-posts-plugin.php:67

actionadmin_bar_menuphp\class-customize-posts-plugin.php:68

filteruser_has_capphp\class-customize-posts-plugin.php:69

filtercustomize_loaded_componentsphp\class-customize-posts-plugin.php:70

filtercustomize_loaded_componentsphp\class-customize-posts-plugin.php:71

actioncustomize_registerphp\class-customize-posts-plugin.php:72

actiondelete_postphp\class-customize-posts-plugin.php:73

actionadmin_enqueue_scriptsphp\class-edit-post-preview.php:36

filtercustomize_loaded_componentsphp\class-edit-post-preview.php:37

actioncustomize_controls_initphp\class-edit-post-preview.php:38

actioncustomize_controls_enqueue_scriptsphp\class-edit-post-preview.php:39

actioncustomize_preview_initphp\class-edit-post-preview.php:40

actioncustomize_registerphp\class-wp-customize-featured-image-controller.php:98

filteradmin_post_thumbnail_sizephp\class-wp-customize-featured-image-controller.php:146

filteradmin_post_thumbnail_htmlphp\class-wp-customize-featured-image-controller.php:147

actionsave_postphp\class-wp-customize-featured-image-controller.php:148

filterpost_thumbnail_htmlphp\class-wp-customize-featured-image-controller.php:271

filtercustomize_dynamic_partial_argsphp\class-wp-customize-featured-image-controller.php:272

filterwp_insert_post_empty_contentphp\class-wp-customize-post-setting.php:564

filterwp_insert_post_dataphp\class-wp-customize-post-setting.php:585

filterwp_insert_attachment_dataphp\class-wp-customize-post-setting.php:586

actioncustomize_posts_register_metaphp\class-wp-customize-postmeta-controller.php:108

actioncustomize_controls_enqueue_scriptsphp\class-wp-customize-postmeta-controller.php:109

actionadmin_enqueue_scriptsphp\class-wp-customize-postmeta-controller.php:110

actioncustomize_preview_initphp\class-wp-customize-postmeta-controller.php:111

actionwp_enqueue_scriptsphp\class-wp-customize-postmeta-controller.php:180

actioncustomize_registerphp\class-wp-customize-posts-preview.php:80

filterwp_setup_nav_menu_itemphp\class-wp-customize-posts-preview.php:81

actioncustomize_registerphp\class-wp-customize-posts-preview.php:82

actioncustomize_preview_initphp\class-wp-customize-posts-preview.php:83

actionwp_enqueue_scriptsphp\class-wp-customize-posts-preview.php:90

actionparse_queryphp\class-wp-customize-posts-preview.php:91

filtercustomize_dynamic_partial_argsphp\class-wp-customize-posts-preview.php:92

filtercustomize_dynamic_partial_classphp\class-wp-customize-posts-preview.php:93

filterthe_postsphp\class-wp-customize-posts-preview.php:94

actionthe_postphp\class-wp-customize-posts-preview.php:95

filterthe_postsphp\class-wp-customize-posts-preview.php:96

actionwp_footerphp\class-wp-customize-posts-preview.php:97

filterget_edit_post_linkphp\class-wp-customize-posts-preview.php:98

filterget_avatarphp\class-wp-customize-posts-preview.php:99

filterinfinite_scroll_resultsphp\class-wp-customize-posts-preview.php:100

filtercustomize_render_partials_responsephp\class-wp-customize-posts-preview.php:101

filtercustomize_render_partials_responsephp\class-wp-customize-posts-preview.php:102

actionpre_get_postsphp\class-wp-customize-posts-preview.php:113

filterget_meta_sqlphp\class-wp-customize-posts-preview.php:114

filterposts_requestphp\class-wp-customize-posts-preview.php:115

filterthe_postsphp\class-wp-customize-posts-preview.php:116

filterget_pagesphp\class-wp-customize-posts-preview.php:117

actionthe_postphp\class-wp-customize-posts-preview.php:118

filterthe_titlephp\class-wp-customize-posts-preview.php:119

filterget_post_metadataphp\class-wp-customize-posts-preview.php:120

filterwp_setup_nav_menu_itemphp\class-wp-customize-posts-preview.php:121

filtercomments_openphp\class-wp-customize-posts-preview.php:122

filterpings_openphp\class-wp-customize-posts-preview.php:123

filterget_post_statusphp\class-wp-customize-posts-preview.php:124

actioncustomize_controls_enqueue_scriptsphp\class-wp-customize-posts.php:89

actioncustomize_controls_initphp\class-wp-customize-posts.php:90

filtercustomize_refresh_noncesphp\class-wp-customize-posts.php:92

actioncustomize_registerphp\class-wp-customize-posts.php:93

actioncustomize_registerphp\class-wp-customize-posts.php:94

filtermap_meta_capphp\class-wp-customize-posts.php:95

actioninitphp\class-wp-customize-posts.php:96

filtercustomize_dynamic_setting_argsphp\class-wp-customize-posts.php:100

filtercustomize_dynamic_setting_classphp\class-wp-customize-posts.php:101

filtercustomize_sanitize_nav_menus_created_postsphp\class-wp-customize-posts.php:102

filtercustomize_save_responsephp\class-wp-customize-posts.php:103

filtercustomize_save_responsephp\class-wp-customize-posts.php:104

actioncustomize_controls_print_footer_scriptsphp\class-wp-customize-posts.php:105

actiontransition_post_statusphp\class-wp-customize-posts.php:106

actionafter_setup_themephp\class-wp-customize-posts.php:107

actionpre_get_postsphp\class-wp-customize-posts.php:108

filterpost_linkphp\class-wp-customize-posts.php:109

filterpost_type_linkphp\class-wp-customize-posts.php:110

filterpage_linkphp\class-wp-customize-posts.php:111

actioncustomize_registerphp\class-wp-customize-posts.php:116

filtercustomize_sanitize_nav_menus_created_postsphp\class-wp-customize-posts.php:153

actioncustomize_controls_print_footer_scriptsphp\class-wp-customize-posts.php:464

actioncustomize_controls_print_footer_scriptsphp\class-wp-customize-posts.php:931

actioncustomize_controls_print_footer_scriptsphp\class-wp-customize-posts.php:934

actioncustomize_controls_print_footer_scriptsphp\class-wp-customize-posts.php:938

filterwp_insert_post_empty_contentphp\class-wp-customize-posts.php:1307

filterwp_insert_post_dataphp\class-wp-customize-posts.php:1308

filterwp_insert_attachment_dataphp\class-wp-customize-posts.php:1309

filtercustomize_direct_manipulation_disabled_modulesphp\plugin-support\class-customize-posts-direct-manipulation-support.php:28

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-eleven-support.php:30

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-fifteen-support.php:30

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-seventeen-support.php:30

actionwp_headphp\theme-support\class-customize-posts-twenty-seventeen-support.php:31

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-sixteen-support.php:30

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-ten-support.php:30

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-thirteen-support.php:30

filtercustomize_posts_partial_schemaphp\theme-support\class-customize-posts-twenty-twelve-support.php:30

Maintenance & Trust

Customize Posts Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.0

Last updatedNov 14, 2017

PHP min version

Downloads57K

Community Trust

Rating94/100

Number of ratings18

Active installs1K

Alternatives

Customize Posts Alternatives

Checkout Field Manager (Checkout Manager) for WooCommerce

woocommerce-checkout-manager

Checkout Field Manager (Checkout Manager) for WooCommerce is the most advanced plugin to customize checkout fields on your WooCommerce checkout page.

90K 5 CVEs

Nimble Page Builder

nimble-builder

Simple and smart companion that allows you to insert sections into any existing page, create landing pages or entire websites including header and foo …

30K 1 CVE

Checkout Field Editor for WooCommerce – Checkout Manager

checkout-field-editor-and-manager-for-woocommerce

100

WooCommerce checkout field editor and manager helps to manage checkout fields in WooCommerce

20K No CVEs

Central Color Palette

kt-tinymce-color-grid

Manage a site-wide central color palette for a uniform look'n'feel! Supports the new block editor, Theme Customizer and many themes and plug …

10K No CVEs

WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer

adminify

Transform your WordPress admin into a fully white-labeled, organized client dashboard. Customize, Dark mode, Secure, Boost productivity, and more.

7K 7 CVEs

Developer Profile

Customize Posts Developer Profile

Weston Ruter

22 plugins · 437K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

4499 days

View full developer profile

Detection Fingerprints

How We Detect Customize Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/customize-posts/admin/css/edit-post-preview.css/wp-content/plugins/customize-posts/admin/css/edit-post-preview-customize.css/wp-content/plugins/customize-posts/admin/js/edit-post-preview-admin.js/wp-content/plugins/customize-posts/admin/js/edit-post-preview-customize.js/wp-content/plugins/customize-posts/admin/js/customize-loader.js

Script Paths

edit-post-preview-adminedit-post-preview-customizecustomize-loader

HTML / DOM Fingerprints

CSS Classes

customize-posts-fieldcustomize-posts-panelcustomize-posts-sectioncustomize-posts-control

HTML Comments

Data Attributes

data-customize-posts-post-typedata-customize-posts-post-id

JS Globals

_editPostPreviewAdminExports_editPostPreviewCustomizeExportsEditPostPreviewAdminEditPostPreviewCustomize

FAQ