WP-Safety

Filter Everything — Product Filter & WordPress Filter Security & Risk Analysis

wordpress.org/plugins/filter-everything

The most universal filters plugin for WordPress and WooCommerce products.

50K active installs v1.9.1 PHP 5.7+ WP 4.6+ Updated Jan 14, 2026
ajax-filterpost-filterproduct-filterwoocommerce-filterwoocommerce-product-filter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Filter Everything — Product Filter & WordPress Filter Safe to Use in 2026?

Generally Safe

Score 100/100

Filter Everything — Product Filter & WordPress Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The filter-everything plugin v1.9.1 demonstrates a generally good security posture with strong adherence to secure coding practices. The vast majority of SQL queries utilize prepared statements, and a high percentage of output is properly escaped, indicating a conscious effort to prevent common web vulnerabilities like SQL injection and cross-site scripting. The absence of known CVEs and a clean vulnerability history further bolsters confidence in its security. The plugin also incorporates nonce and capability checks for a significant portion of its entry points. However, there are specific areas of concern that warrant attention. The presence of an unprotected AJAX handler represents a direct avenue for potential exploitation if not properly secured by other means. Furthermore, all analyzed taint flows, though not critical or high severity, involved unsanitized paths, suggesting a potential for unexpected behavior or vulnerabilities if input is not rigorously validated at these points. While the plugin has a solid foundation, these identified weaknesses need to be addressed to maintain a robust security profile.

Key Concerns

  • AJAX handler without auth check
  • Taint flows with unsanitized paths
Vulnerabilities
None known

Filter Everything — Product Filter & WordPress Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Filter Everything — Product Filter & WordPress Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
43 prepared
Unescaped Output
150
624 escaped
Nonce Checks
4
Capability Checks
11
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

96% prepared45 total queries

Output Escaping

81% escaped774 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
redirectCanonical (src\WpManager.php:127)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Filter Everything — Product Filter & WordPress Filter Attack Surface

Entry Points10
Unprotected1

AJAX Handlers 4

authwp_ajax_wpc-delete-filtersrc\Admin\FilterFields.php:40
authwp_ajax_wpc-load-exclude-termssrc\Admin\FilterFields.php:41
authwp_ajax_wpc_get_date_formatssrc\Admin\FilterFields.php:42
authwp_ajax_wpc-validate-filterssrc\Admin\FilterFields.php:43

Shortcodes 6

[fe_open_widget] src\Admin\Shortcodes.php:13
[fe_open_button] src\Admin\Shortcodes.php:14
[fe_chips] src\Admin\Shortcodes.php:15
[fe_sort] src\Admin\Shortcodes.php:16
[fe_widget] src\Admin\Shortcodes.php:17
[fe_posts_found] src\Admin\Shortcodes.php:18
WordPress Hooks 156
actioninitfilter-everything.php:139
actioninitfilter-everything.php:141
actioninitfilter-everything.php:143
actionafter_setup_themefilter-everything.php:145
actionafter_switch_themefilter-everything.php:151
actionadmin_menusrc\Admin\Admin.php:16
actionpre_post_updatesrc\Admin\Admin.php:20
actionsave_postsrc\Admin\Admin.php:21
actioninitsrc\Admin\Admin.php:23
actionadmin_initsrc\Admin\Admin.php:25
filterwpc_general_filters_settingssrc\Admin\Admin.php:27
actionload-post.phpsrc\Admin\Admin.php:36
actionload-edit.phpsrc\Admin\Admin.php:37
actionload-post-new.phpsrc\Admin\Admin.php:38
actionpre_get_postssrc\Admin\AdminHooks.php:19
actionadmin_noticessrc\Admin\AdminHooks.php:21
actionadmin_noticessrc\Admin\AdminHooks.php:22
actioncurrent_screensrc\Admin\AdminHooks.php:26
actionwpc_admin_toolbar_rightsrc\Admin\AdminHooks.php:27
actionin_admin_headersrc\Admin\AdminHooks.php:112
filterwpc_input_type_selectsrc\Admin\FilterFields.php:37
filterwpc_input_type_radiosrc\Admin\FilterFields.php:38
actionafter_delete_postsrc\Admin\FilterFields.php:44
filterpre_wp_unique_post_slugsrc\Admin\FilterFields.php:1242
filterwpc_input_type_selectsrc\Admin\FilterSet.php:108
actionadmin_print_scriptssrc\Admin\FilterSet.php:109
filterpost_updated_messagessrc\Admin\FilterSet.php:111
filterbulk_post_updated_messagessrc\Admin\FilterSet.php:112
filterpage_row_actionssrc\Admin\FilterSet.php:114
filterpage_row_actionssrc\Admin\FilterSet.php:117
actionrestrict_manage_postssrc\Admin\FilterSet.php:120
filterpre_wp_unique_post_slugsrc\Admin\FilterSet.php:707
actionsave_postsrc\Admin\FilterSet.php:737
filterpre_wp_unique_post_slugsrc\Admin\FilterSet.php:784
actionadmin_headsrc\Admin\MetaBoxes.php:14
actionwidgets_initsrc\Admin\Widgets.php:13
filterdo_parse_requestsrc\Plugin.php:45
filterdo_parse_requestsrc\Plugin.php:47
actionparse_requestsrc\Plugin.php:50
actionpre_get_postssrc\Plugin.php:51
filterposts_wheresrc\Plugin.php:53
filterpost_limits_requestsrc\Plugin.php:54
actionpre_get_postssrc\Plugin.php:55
actiontemplate_redirectsrc\Plugin.php:57
actionwpc_filtered_query_endsrc\Plugin.php:59
actionwpc_all_set_wp_queried_postssrc\Plugin.php:60
filterposts_wheresrc\Plugin.php:62
actionwoocommerce_product_querysrc\Plugin.php:65
filterposts_searchsrc\Plugin.php:66
actionbody_classsrc\Plugin.php:73
actionadmin_print_stylessrc\Plugin.php:75
actionadmin_print_scriptssrc\Plugin.php:76
actionwp_headsrc\Plugin.php:80
actionwp_print_stylessrc\Plugin.php:81
actionwp_print_scriptssrc\Plugin.php:82
actionwp_print_stylessrc\Plugin.php:83
actionwp_footersrc\Plugin.php:86
actionwp_headsrc\Plugin.php:89
filterwpc_filter_set_default_fieldssrc\Plugin.php:90
filterwpc_pre_save_set_fieldssrc\Plugin.php:91
filterwpc_filter_set_default_fieldssrc\Plugin.php:94
filterwoocommerce_redirect_single_search_resultsrc\Plugin.php:97
actionsave_postsrc\Plugin.php:99
actiondelete_postsrc\Plugin.php:100
actionwoocommerce_ajax_save_product_variationssrc\Plugin.php:101
actionwpc_before_filter_set_settings_fieldssrc\Plugin.php:107
filterwpc_filter_set_prepared_valuessrc\Plugin.php:108
actionwpc_cycle_filter_fieldssrc\Plugin.php:110
actioninitsrc\PostTypes.php:13
actionadmin_initsrc\Settings\Tabs\AboutProTab.php:20
actionwpc_before_sections_settings_fieldssrc\Settings\Tabs\AboutProTab.php:26
actionadmin_initsrc\Settings\Tabs\ExperimentalTab.php:19
actionadmin_initsrc\Settings\Tabs\HelpMeTab.php:20
actionwpc_before_sections_settings_fieldssrc\Settings\Tabs\HelpMeTab.php:26
actionadmin_initsrc\Settings\Tabs\ImportExportTab.php:19
actionadmin_noticessrc\Settings\Tabs\ImportExportTab.php:20
actionadmin_noticessrc\Settings\Tabs\ImportExportTab.php:21
actionwpc_import_button_infosrc\Settings\Tabs\ImportExportTab.php:22
actionadmin_initsrc\Settings\Tabs\PermalinksTab.php:24
filterwpc_pre_save_filtersrc\Settings\Tabs\PermalinksTab.php:25
filterwpc_after_get_filtersrc\Settings\Tabs\PermalinksTab.php:26
actionafter_delete_postsrc\Settings\Tabs\PermalinksTab.php:28
filterpre_update_optionsrc\Settings\Tabs\PermalinksTab.php:30
actionwpc_after_settings_fields_titlesrc\Settings\Tabs\PermalinksTab.php:32
actionwpc_after_sections_settings_fieldssrc\Settings\Tabs\PermalinksTab.php:62
actionadmin_initsrc\Settings\Tabs\SettingsTab.php:19
actionwpc_filtered_query_endsrc\Sorting.php:78
filterposts_clausessrc\Sorting.php:158
filterposts_clausessrc\Sorting.php:165
actionadmin_initsrc\Swatches.php:21
actiontemplate_redirectsrc\Swatches.php:22
actioncurrent_screensrc\Swatches.php:49
filterwpc_filter_classessrc\Swatches.php:68
filterwpc_filters_radio_term_htmlsrc\Swatches.php:70
filterwpc_filters_checkbox_term_htmlsrc\Swatches.php:71
filterwpc_filters_label_term_htmlsrc\Swatches.php:72
actionedited_termsrc\Swatches.php:127
actioncreated_termsrc\Swatches.php:128
actionedited_termsrc\Swatches.php:135
actioncreated_termsrc\Swatches.php:136
filterwpc_label_singular_posts_found_msgsrc\wpc-default-hooks.php:10
filterwpc_label_plural_posts_found_msgsrc\wpc-default-hooks.php:11
actioninitsrc\wpc-default-hooks.php:13
filterwpc_filter_post_meta_num_term_namesrc\wpc-default-hooks.php:17
filterwpc_filter_post_meta_term_namesrc\wpc-default-hooks.php:18
filterwpc_filter_tax_numeric_term_namesrc\wpc-default-hooks.php:19
filterwpc_filter_post_meta_exists_term_namesrc\wpc-default-hooks.php:20
filterwpc_filter_post_meta_term_namesrc\wpc-default-hooks.php:21
filterwpc_filter_post_meta_exists_term_namesrc\wpc-default-hooks.php:22
filterwpc_filter_taxonomy_term_namesrc\wpc-default-hooks.php:23
filterwpc_filter_term_query_argssrc\wpc-default-hooks.php:24
filterwpc_filter_get_taxonomy_termssrc\wpc-default-hooks.php:25
filterwpc_filter_author_query_post_typessrc\wpc-default-hooks.php:26
filterwpc_filter_post_typessrc\wpc-default-hooks.php:27
actionwpc_after_filter_inputsrc\wpc-default-hooks.php:28
filterwpc_filters_checkbox_term_htmlsrc\wpc-default-hooks.php:29
filterwpc_filters_radio_term_htmlsrc\wpc-default-hooks.php:30
filterwpc_filters_label_term_htmlsrc\wpc-default-hooks.php:31
filterwpc_taxonomy_location_termssrc\wpc-default-hooks.php:32
filterwpc_set_num_shiftsrc\wpc-default-hooks.php:33
filterwpc_pre_save_set_fieldssrc\wpc-default-hooks.php:235
filterwpc_dropdown_option_attrsrc\wpc-default-hooks.php:303
filterwpc_unnecessary_get_parameterssrc\wpc-default-hooks.php:314
filterwpc_posts_containerssrc\wpc-default-hooks.php:339
filterwpc_seo_titlesrc\wpc-default-hooks.php:349
filterwpc_seo_descriptionsrc\wpc-default-hooks.php:350
filterwpc_seo_h1src\wpc-default-hooks.php:351
filterwpc_filter_classessrc\wpc-default-hooks.php:398
filterwpc_filter_classessrc\wpc-default-hooks.php:407
actionwpc_all_set_wp_queried_postssrc\wpc-default-hooks.php:436
filterwpc_chips_term_namesrc\wpc-default-hooks.php:459
filterquery_loop_block_query_varssrc\wpc-default-hooks.php:491
filterwpc_settings_field_checkboxsrc\wpc-default-hooks.php:514
filterwpc_input_type_checkboxsrc\wpc-default-hooks.php:526
actionwpc_after_filter_inputsrc\wpc-default-hooks.php:544
filterflrt_before_render_admin_select_optionsrc\wpc-default-hooks.php:557
filterwpc_set_min_maxsrc\wpc-default-hooks.php:596
actionwoocommerce_before_shop_loopsrc\wpc-third-party.php:43
actionwoocommerce_no_products_foundsrc\wpc-third-party.php:44
actionwpsrc\wpc-third-party.php:355
filterwpc_theme_posts_containersrc\wpc-third-party.php:385
filterwpc_theme_colorsrc\wpc-third-party.php:388
filterwpc_pre_save_filtersrc\wpc-third-party.php:392
filterwpc_default_sorting_termssrc\wpc-third-party.php:393
actioninitsrc\wpc-third-party.php:397
actionelementor/editor/before_enqueue_scriptssrc\wpc-third-party.php:422
actionafter_setup_themesrc\wpc-third-party.php:458
filterpll_get_post_typessrc\wpc-third-party.php:461
actioninitsrc\wpc-third-party.php:481
filterwpc_set_num_shiftsrc\wpc-third-party.php:487
filterwpc_unset_num_shiftsrc\wpc-third-party.php:507
filterwpc_set_num_shiftsrc\wpc-third-party.php:536
filterwpc_unset_num_shiftsrc\wpc-third-party.php:560
filterelementor/widget/render_contentsrc\wpc-third-party.php:697
filterwpc_remove_pagination_basesrc\wpc-third-party.php:745
actiontemplate_redirectsrc\WpManager.php:69
Maintenance & Trust

Filter Everything — Product Filter & WordPress Filter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 14, 2026
PHP min version5.7
Downloads737K

Community Trust

Rating92/100
Number of ratings142
Active installs50K
Alternatives

Filter Everything — Product Filter & WordPress Filter Alternatives

Filter Everything Extra

Filter Everything Extra

filter-everything-extra

A
92

Additional functionality for the Filter Everything plugin.

0 No CVEs
annasta Filters for WooCommerce

annasta Filters for WooCommerce

annasta-woocommerce-product-filters

A
100

All-in-one products search and filtering solution for your WooCommerce shop with rich features and customization options.

2K No CVEs
Filter Plus – Product Filter & WordPress Filter

Filter Plus – Product Filter & WordPress Filter

filter-plus

A
99

Filter Plus is WordPress and WooCommerce Product Filter plugin that enable filter anything in your website.

100 1 CVE
PWF – Products Filter for WooCommerce

PWF – Products Filter for WooCommerce

pwf-wc-product-filters

A
85

Filter WooCommerce products and WordPress post types. Filter by any criteria including categories, tags, taxonomies, price, and custom fields.

90 No CVEs
YITH WooCommerce Ajax Product Filter

YITH WooCommerce Ajax Product Filter

yith-woocommerce-ajax-navigation

A
97

YITH WooCommerce Ajax Product Filter offers you the perfect way to filter all products of your WooCommerce shop.

80K 3 CVEs
Developer Profile

Filter Everything — Product Filter & WordPress Filter Developer Profile

stepasyuk

1 plugin · 50K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Filter Everything — Product Filter & WordPress Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/filter-everything/assets/css/frontend.css/wp-content/plugins/filter-everything/assets/css/frontend.css.map/wp-content/plugins/filter-everything/assets/js/frontend.js/wp-content/plugins/filter-everything/assets/js/frontend.js.map/wp-content/plugins/filter-everything/assets/css/filters-list.css/wp-content/plugins/filter-everything/assets/css/filters-list.css.map/wp-content/plugins/filter-everything/assets/js/filters-list.js/wp-content/plugins/filter-everything/assets/js/filters-list.js.map+6 more
Generator Patterns
Filter Everything
Script Paths
/wp-content/plugins/filter-everything/assets/js/frontend.js/wp-content/plugins/filter-everything/assets/js/filters-list.js/wp-content/plugins/filter-everything/assets/js/main.js/wp-content/plugins/filter-everything/assets/js/editor.js
Version Parameters
filter-everything/assets/css/frontend.css?ver=filter-everything/assets/js/frontend.js?ver=filter-everything/assets/css/filters-list.css?ver=filter-everything/assets/js/filters-list.js?ver=filter-everything/assets/css/style.css?ver=filter-everything/assets/js/main.js?ver=filter-everything/assets/js/editor.js?ver=

HTML / DOM Fingerprints

CSS Classes
flrt-form-containerflrt-widget-containerflrt-filter-controlflrt-filter-itemflrt-filters-list-wrapperflrt-chips-containerflrt-orderby-containerflrt-range-slider-wrapper+1 more
HTML Comments
<!-- Filter Everything --><!-- Filters Widget --><!-- Chips Widget --><!-- Sorting Widget -->+1 more
Data Attributes
data-flrt-widgetdata-flrt-filter-iddata-flrt-filter-typedata-flrt-filter-taxonomydata-flrt-filter-meta-keydata-flrt-filter-post-type+3 more
JS Globals
flrt_frontend_paramsFilterEverythingFrontendflrt_filters_list_paramsFilterEverythingList
REST Endpoints
/wp-json/filter-everything/v1/get_terms/wp-json/filter-everything/v1/get_meta_values/wp-json/filter-everything/v1/get_posts
Shortcode Output
[filter_products][filter_posts][filter_search][filter_breadcrumbs]
FAQ

Frequently Asked Questions about Filter Everything&nbsp;— Product Filter & WordPress Filter