Does Drafts Dropdown have any unpatched vulnerabilities?

No. All known vulnerabilities in Drafts Dropdown have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Drafts Dropdown compatible with WordPress 6.0.11?

According to WordPress.org data, Drafts Dropdown 2.0 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Drafts Dropdown updated?

Drafts Dropdown was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Drafts Dropdown's security score?

Drafts Dropdown has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Drafts Dropdown Security & Risk Analysis

wordpress.org/plugins/drafts-dropdown

Adds a Drafts tab to the admin bar so that you can quickly access your draft blog posts.

20 active installs v2.0 PHP + WP 3.2+ Updated Unknown

accessadmindraftdraftspost

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Drafts Dropdown Safe to Use in 2026?

Generally Safe

Score 100/100

Drafts Dropdown has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'drafts-dropdown' plugin version 2.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), file operations, and external HTTP requests are all positive indicators. The plugin also correctly utilizes capability checks and has no recorded vulnerabilities, suggesting a history of secure development. However, there are areas for improvement that introduce a low level of risk.

The primary concern lies in the output escaping, where only 40% of the outputs are properly escaped. This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is being rendered without adequate sanitization. While the attack surface is small and appears to be protected by capability checks (as no unprotected entry points were found), the insufficient output escaping remains a notable weakness. The lack of any recorded vulnerabilities is a good sign, but it does not negate the risks identified in the current code analysis.

In conclusion, the 'drafts-dropdown' plugin is relatively secure due to its limited attack surface and absence of critical code flaws. The strengths are in its adherence to secure coding practices for database interactions and the lack of known historical vulnerabilities. The main weakness is the partial implementation of output escaping, which introduces a potential for XSS. Addressing this would significantly enhance the plugin's security.

Key Concerns

Insufficient output escaping

Vulnerabilities

None known

Drafts Dropdown Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Drafts Dropdown Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

40% escaped5 total outputs

Attack Surface

Drafts Dropdown Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_cfdd_drafts_listdrafts-dropdown.php:75

WordPress Hooks 4

actionadmin_footerdrafts-dropdown.php:219

actionadmin_bar_menudrafts-dropdown.php:222

actionwp_footerdrafts-dropdown.php:226

actioninitdrafts-dropdown.php:229

Maintenance & Trust

Drafts Dropdown Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedUnknown

PHP min version

Downloads11K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Drafts Dropdown Alternatives

Post Status Menu Items

post-status-menu-items

Adds post status links–e.g. "Draft" (7)–to post type admin menus and a few other nice goodies.

200 No CVEs

Published Post Shortcut

published-post-shortcut

Description: Adds a link to published items under the Posts, Pages, and other custom post type sections in the admin menu.

10 No CVEs

Public Post Preview

public-post-preview

100

Allow anonymous users to preview a draft of a post before it is published.

100K No CVEs

Share a Draft

shareadraft

Share private preview links to your drafts

3K No CVEs

Quick Drafts Access

quick-drafts-access

100

Adds links to 'All Drafts' and 'My Drafts' under Posts, Pages, and other custom post type sections in the admin menu.

400 No CVEs

Developer Profile

Drafts Dropdown Developer Profile

Crowd Favorite

7 plugins · 2K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Drafts Dropdown

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/drafts-dropdown/drafts-dropdown.php

HTML / DOM Fingerprints

CSS Classes

cfdd_draftscfdd_drafts_wrapcfdd_contentcfdd_colcfdd_clear

Data Attributes

id="cfdd_drafts"id="cfdd_drafts_wrap"class="cfdd_content"id="cfdd_col_1"id="cfdd_col_2"id="cfdd_col_3"+2 more

JS Globals

cfdd_drafts_list

REST Endpoints

/wp-json/wp/v2/posts?status=draft

FAQ