WP-Safety

Flexible Custom Post Type Order Security & Risk Analysis

wordpress.org/plugins/flexible-custom-post-type-order

Create multiple re-ordering interfaces for any post type and manage custom post order flexibly and easily.

0 active installs v1.1.3 PHP 7.2+ WP 6.2+ Updated Unknown
flexible-custom-post-typesflexible-custom-post-types-orderingmultiple-post-types-orderposts-ordersort
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Flexible Custom Post Type Order Safe to Use in 2026?

Generally Safe

Score 100/100

Flexible Custom Post Type Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'flexible-custom-post-type-order' plugin, version 1.1.3, exhibits a generally good security posture based on the provided static analysis. It demonstrates strong adherence to secure coding practices, with 100% of SQL queries using prepared statements and an exceptionally high rate of output escaping (99%). The absence of known CVEs and a clean vulnerability history further bolster confidence in its security. However, the presence of eight instances of the 'unserialize' function represents a significant potential risk. While no critical taint flows were identified, 'unserialize' can be a vector for deserialization vulnerabilities if the data being unserialized is not properly validated and comes from an untrusted source. The plugin also has 3 AJAX handlers, and while the analysis indicates that 0 are unprotected, the fact that not all 3 have explicit capability checks listed alongside nonce checks warrants attention. This could indicate a reliance on default WordPress checks that might not be granular enough for all scenarios.

Key Concerns

  • Use of unserialize function
  • Limited capability checks on AJAX
Vulnerabilities
None known

Flexible Custom Post Type Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Flexible Custom Post Type Order Code Analysis

Dangerous Functions
8
Raw SQL Queries
0
8 prepared
Unescaped Output
1
67 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$fcpto_options = unserialize($fcpto_options);fcpto-option.php:9
unserialize$fcpto_order_options = unserialize($fcpto_order_options);fcpto-option.php:13
unserialize$fcpto_options = unserialize($fcpto_options);flexible-custom-post-type-order.php:62
unserialize$fcpto_order_options = unserialize($fcpto_order_options);flexible-custom-post-type-order.php:65
unserialize$fcpto_options = unserialize(get_option('fcpto_options'));flexible-custom-post-type-order.php:91
unserialize$fcpto_order_options = unserialize(get_option('fcpto_order_options'));flexible-custom-post-type-order.php:109
unserialize$fcpto_order_options = unserialize($fcpto_order_options);flexible-custom-post-type-order.php:153
unserialize$fcpto_options = unserialize($fcpto_options);flexible-custom-post-type-order.php:155

SQL Query Safety

100% prepared8 total queries

Output Escaping

99% escaped68 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
fcpto_list (fcpto-list.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Flexible Custom Post Type Order Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_fcpto_list_updatefcpto-list.php:184
authwp_ajax_fcpto_list_reset_orderfcpto-list.php:201
authwp_ajax_fcpto_save_optionfcpto-option.php:120
WordPress Hooks 5
actionadmin_enqueue_scriptsflexible-custom-post-type-order.php:44
actionadmin_enqueue_scriptsflexible-custom-post-type-order.php:52
actionadmin_menuflexible-custom-post-type-order.php:56
actionadd_meta_boxesflexible-custom-post-type-order.php:87
actionsave_postflexible-custom-post-type-order.php:130
Maintenance & Trust

Flexible Custom Post Type Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.2
Downloads469

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

Flexible Custom Post Type Order Alternatives

Post Types Order

Post Types Order

post-types-order

A
100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs
GR Order Category Post

GR Order Category Post

gr-order-category-post

A
85

This plugin let you change the order from a category to an alphabetical order (A-Z).

200 No CVEs
GNA Post Order

GNA Post Order

gna-post-order

A
85

Post order and custom post type objects (posts, any custom post types) using a drag and drop sortable javascript ajax user interface.

100 No CVEs
Selected Categories Post Ordering

Selected Categories Post Ordering

selected-categories-post-ordering

A
85

Simple plugin to change the order of your posts for selected categories! Posts of selected categories will be displayed in chronological order.

0 No CVEs
Category Order and Taxonomy Terms Order

Category Order and Taxonomy Terms Order

taxonomy-terms-order

A
99

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs
Developer Profile

Flexible Custom Post Type Order Developer Profile

satish

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Flexible Custom Post Type Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/flexible-custom-post-type-order/css/style.css
Version Parameters
flexible-custom-post-type-order/css/style.css?ver=

HTML / DOM Fingerprints

Data Attributes
name="fcpto_order_display_*
FAQ

Frequently Asked Questions about Flexible Custom Post Type Order