Does Homepage Drag and Sort have any unpatched vulnerabilities?

No. All known vulnerabilities in Homepage Drag and Sort have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Homepage Drag and Sort compatible with WordPress 3.4.2?

According to WordPress.org data, Homepage Drag and Sort 0.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Homepage Drag and Sort updated?

Homepage Drag and Sort was last updated on Feb 15, 2013. Frequent updates are generally a positive security signal.

What is Homepage Drag and Sort's security score?

Homepage Drag and Sort has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Homepage Drag and Sort Security & Risk Analysis

wordpress.org/plugins/drag-and-sort

choose which posts you want to show in homepage, drag and sort them.

10 active installs v0.1 PHP + WP 3.0+ Updated Feb 15, 2013

dragdrophomepagepostssort

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Homepage Drag and Sort Safe to Use in 2026?

Generally Safe

Score 85/100

Homepage Drag and Sort has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "drag-and-sort" plugin v0.1 exhibits significant security concerns despite having no recorded vulnerabilities. The static analysis reveals a small attack surface but critically, both AJAX handlers lack authentication checks. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure. While the plugin avoids dangerous functions and uses prepared statements for SQL, the complete lack of output escaping on 11 identified outputs is a major red flag. This leaves the plugin highly susceptible to Cross-Site Scripting (XSS) attacks. The taint analysis found one flow with an unsanitized path, which, combined with the lack of output escaping and unauthenticated AJAX handlers, could be a pathway for malicious input to reach the output without proper sanitization or access control. The absence of any vulnerability history is a positive sign, but in conjunction with the current code analysis, it might indicate a lack of rigorous security testing or that the plugin hasn't been targeted yet. The plugin's strengths lie in its avoidance of dangerous functions and proper SQL query handling. However, the critical vulnerabilities in authentication, output escaping, and potential taint flows necessitate immediate attention.

Key Concerns

AJAX handlers without auth checks
Unescaped output
Flow with unsanitized paths
Total entry points unprotected

Vulnerabilities

None known

Homepage Drag and Sort Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Homepage Drag and Sort Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

hps_autocomplete_search (includes\HPSClass.php:213)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Homepage Drag and Sort Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

noprivwp_ajax_hpsincludes\HPSClass.php:19

authwp_ajax_hpsincludes\HPSClass.php:20

WordPress Hooks 5

actionadmin_enqueue_scriptsincludes\HPSClass.php:15

actionadmin_menuplugin.php:15

actionadmin_initplugin.php:16

actionpre_get_postsplugin.php:19

filterposts_orderbyplugin.php:20

Maintenance & Trust

Homepage Drag and Sort Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedFeb 15, 2013

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Homepage Drag and Sort Alternatives

Simple Custom Post Order

simple-custom-post-order

Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.

300K 1 CVE

Custom Category Post Order

custom-post-order-category

Order your post by category or custom post type by drag & drop interface.

500 1 CVE

Elephant Post Order

elephant-post-order

100

Reorder your WordPress posts with a simple drag & drop interface in the admin panel

0 No CVEs

Custom Product Display Order on Category and Tag Pages

custom-product-display-order-on-category-and-tag-pages

100

Drag-and-drop product sorting for WooCommerce categories and tags with modern admin interface.

70 No CVEs

Sort Export for Gravity Forms

gf-sort-export

100

Control (and persist) the order of the fields during the export of entries.

50 No CVEs

Developer Profile

Homepage Drag and Sort Developer Profile

wphostpk

4 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Homepage Drag and Sort

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/drag-and-sort/includes/js/jquery-ui-1.8.22.hps.js/wp-content/plugins/drag-and-sort/includes/js/hps.js/wp-content/plugins/drag-and-sort/includes/css/jquery-ui-1.8.22.hps.css/wp-content/plugins/drag-and-sort/includes/css/hps.css

Script Paths

/wp-content/plugins/drag-and-sort/includes/js/jquery-ui-1.8.22.hps.js/wp-content/plugins/drag-and-sort/includes/js/hps.js

HTML / DOM Fingerprints

CSS Classes

hps_headoption_enboption_btnhps_placeholderhps_containerdroppedhps_post_containerhps_post_title+11 more

Data Attributes

id="hps_form"id="hps_container"id="hps_placeholder"id="li_id_id="hps_post_container"id="hps_boxclose"+10 more

JS Globals

HpsObj

REST Endpoints

/wp-json/

FAQ