Does Featured Posts and Custom Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Featured Posts and Custom Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Featured Posts and Custom Posts compatible with WordPress 4.1.42?

According to WordPress.org data, Featured Posts and Custom Posts 2.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Featured Posts and Custom Posts updated?

Featured Posts and Custom Posts was last updated on Feb 26, 2015. Frequent updates are generally a positive security signal.

What is Featured Posts and Custom Posts's security score?

Featured Posts and Custom Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Featured Posts and Custom Posts Security & Risk Analysis

wordpress.org/plugins/featured-posts-and-custom-posts

Allows the user to feature posts and custom posts. When a post is featured it gets the post metta _jsFeaturedPost.

100 active installs v2.0 PHP + WP 3.1.1+ Updated Feb 26, 2015

custom-post-typescustom-postsfeaturedposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Featured Posts and Custom Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Featured Posts and Custom Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "featured-posts-and-custom-posts" plugin v2.0 presents a mixed security posture. On one hand, the absence of known vulnerabilities and the use of prepared statements for SQL queries are positive indicators. The plugin also demonstrates some basic security practices with a capability check in place. However, significant concerns arise from the static analysis. The presence of an unserialize function is a critical risk, especially when combined with an unprotected AJAX handler. This combination could allow for remote code execution if an attacker can control the serialized data processed by this function. Furthermore, a substantial portion of output is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The limited attack surface is a positive, but the critical risk presented by the unprotected AJAX handler and the unserialize function overshadows this.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize
Insufficient output escaping (44% proper)
Missing nonce checks on AJAX

Vulnerabilities

None known

Featured Posts and Custom Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Featured Posts and Custom Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$currentJSoption = unserialize( get_option( 'jsFeaturedPosts' ) );js_featured_posts_and_custom_posts.php:74

Output Escaping

44% escaped18 total outputs

Attack Surface

1 unprotected

Featured Posts and Custom Posts Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_jsfeatured_postsjs_featured_posts_and_custom_posts.php:245

Shortcodes 1

[jsFeaturedPosts] js_featured_posts_and_custom_posts.php:468

WordPress Hooks 8

filtermanage_posts_columnsjs_featured_posts_and_custom_posts.php:98

actionmanage_posts_custom_columnjs_featured_posts_and_custom_posts.php:124

actionadmin_initjs_featured_posts_and_custom_posts.php:153

actionadmin_headjs_featured_posts_and_custom_posts.php:175

actionadmin_headjs_featured_posts_and_custom_posts.php:220

actionwidgets_initjs_featured_posts_and_custom_posts.php:405

actioninitjs_featured_posts_and_custom_posts.php:470

filterpost_classjs_featured_posts_and_custom_posts.php:491

Maintenance & Trust

Featured Posts and Custom Posts Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedFeb 26, 2015

PHP min version

Downloads9K

Community Trust

Rating80/100

Number of ratings3

Active installs100

Alternatives

Featured Posts and Custom Posts Alternatives

Ultimate Posts Widget

ultimate-posts-widget

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE

Featured Post

featured-post

WP Change Custom Posts Slugs

wp-change-custom-post-slug

The plugin allows to can easily change slug of custom post types from WordPress admin panel.

700 No CVEs

Super recent posts

super-recent-posts

Widget that can display recent posts from multiple categories, taxonomies, terms custom post types.

90 No CVEs

Post Type Spotlight

post-type-spotlight

x-release-please-start-version Stable tag: 3.0.3 x-release-please-end License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

40 No CVEs

Developer Profile

Featured Posts and Custom Posts Developer Profile

Jeremy Selph

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Featured Posts and Custom Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/featured-posts-and-custom-posts/img/star.png

HTML / DOM Fingerprints

CSS Classes

featured_js_postscolumn-featured_js_postsfeatured_posts_star

HTML Comments

/**
    
    Plugin Name:   Featured Posts and Custom Posts
    Plugin URI:    http://www.reactivedevelopment.net/snippets/featured-posts-custom-posts
    Description:   Allows the user to feature posts and custom posts. When a post is featured it gets the post metta _jsFeaturedPost
    Version:       2.0
 
 *

    Note: go here http://www.reactivedevelopment.net/snippets/featured-posts-custom-posts for documentation 
          or for paid support go here http://www.reactivedevelopment.net/contact/


    *
    
    Activation Instructions
    
    1. Download the feature-posts-and-custom-posts.zip file to your computer.
    2. Unzip the file.
    3. Upload the feature-posts-and-custom-posts folder to your /wp-content/plugins/ directory.
    4. Activate the plugin through the Plugins menu in WordPress.

    *


    Change log
    
    01. updated code and tested new version on wordpress 4.1.1                                                      ver 2.0 | 02/25/2015
    02. added extra sanitation to js_featured_posts_link_add_ajax_call_to_wp()                                      ver 2.0 | 02/25/2015
    03. added js_featured_is_post_featured( userID[int] ) function                                                  ver 2.0 | 02/25/2015
    04. added short cut is_post_featured( userID[int] ) function                                                    ver 2.0 | 02/25/2015
    05. added js_featured_return_all_featured() function that returns an array of featured posts                    ver 2.0 | 02/25/2015
    06. added widget by extending widget class with featuredPostWidget                                              ver 2.0 | 02/25/2015
    07. added js_featured_register_widgets() function to init out featuredPostWidget                                ver 2.0 | 02/25/2015
    08. added js_featured_add_post_class() class function that addes the jsFeatured class if the post is featured   ver 2.0 | 02/25/2015
    09. added [jsFeaturedPosts posts_per_page="1" wrap_before="<ul>" wrap_after="</ul>" link_before="<li>"          ver 2.0 | 02/25/2015
        link_after="</li>" link_atts="rel='bookmark'" link_title="Link to"] shortcode

    *

+9 more

Data Attributes

id="postFeatured_([0-9]+)"

Shortcode Output

[jsFeaturedPosts

FAQ