WP-Safety

Intuitive Custom Post Order Security & Risk Analysis

wordpress.org/plugins/intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K active installs v3.2.0 PHP + WP 3.5.0+ Updated Sep 16, 2025
custom-post-type-orderorder-postorder-postspost-orderposts-order
99
A · Safe
CVEs total4
Unpatched0
Last CVEJan 25, 2023
Plugin page Download
Safety Verdict

Is Intuitive Custom Post Order Safe to Use in 2026?

Generally Safe

Score 99/100

Intuitive Custom Post Order has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 25, 2023Updated 6mo ago
Risk Assessment

The plugin 'intuitive-custom-post-order' v3.2.0 exhibits a generally good security posture based on the static analysis, with no reported critical or high severity vulnerabilities in its history. The code analysis indicates a robust implementation of security best practices, including 100% proper output escaping and a high percentage (78%) of SQL queries utilizing prepared statements. Furthermore, all identified AJAX entry points have nonce checks, and four capability checks are present, suggesting a strong emphasis on authorization. The absence of dangerous functions, file operations, and external HTTP requests also contributes positively to its security profile. However, the plugin has a history of four medium severity CVEs, primarily related to SQL Injection, Missing Authorization, and CSRF. While none are currently unpatched, this history indicates a recurring pattern of potential vulnerabilities that, if not meticulously addressed in future updates, could re-emerge. The presence of 3 AJAX handlers, even with auth checks, represents a potential attack surface that, while currently secured, warrants continued vigilance.

Key Concerns

  • History of 4 medium severity CVEs
  • 3 AJAX handlers represent a potential attack surface
Vulnerabilities
4

Intuitive Custom Post Order Security Vulnerabilities

CVEs by Year

4 CVEs in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

WF-b19d0156-1fd9-4c18-be47-bce633b2f704-intuitive-custom-post-ordermedium · 4.3Missing Authorization

Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change

Jan 25, 2023 Patched in 3.1.4 (363d)
CVE-2023-1016medium · 6.6Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Intuitive Custom Post Order <= 3.1.4.1 - Authenticated (Admin+) SQL Injection

Jan 25, 2023 Patched in 3.1.5 (363d)
CVE-2022-4385medium · 4.3Missing Authorization

Intuitive Custom Post Order <= 3.1.3 - Missing Authorization to Authenticated Settings Change

Jan 24, 2023 Patched in 3.1.4 (364d)
CVE-2022-4386medium · 4.3Cross-Site Request Forgery (CSRF)

Intuitive Custom Post Order <= 3.1.3 - Cross-Site Request Forgery

Jan 24, 2023 Patched in 3.1.4 (364d)
Code Analysis
Analyzed Mar 16, 2026

Intuitive Custom Post Order Code Analysis

Dangerous Functions
0
Raw SQL Queries
9
32 prepared
Unescaped Output
0
25 escaped
Nonce Checks
5
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

78% prepared41 total queries

Output Escaping

100% escaped25 total outputs
Attack Surface

Intuitive Custom Post Order Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_update-menu-orderintuitive-custom-post-order.php:100
authwp_ajax_update-menu-order-tagsintuitive-custom-post-order.php:101
authwp_ajax_update-menu-order-sitesintuitive-custom-post-order.php:120
WordPress Hooks 22
actionplugins_loadedintuitive-custom-post-order.php:86
actionadmin_menuintuitive-custom-post-order.php:89
actionadmin_initintuitive-custom-post-order.php:93
actionadmin_initintuitive-custom-post-order.php:95
actionadmin_initintuitive-custom-post-order.php:96
actionadmin_initintuitive-custom-post-order.php:97
actionpre_get_postsintuitive-custom-post-order.php:104
filterget_previous_post_whereintuitive-custom-post-order.php:106
filterget_previous_post_sortintuitive-custom-post-order.php:107
filterget_next_post_whereintuitive-custom-post-order.php:108
filterget_next_post_sortintuitive-custom-post-order.php:109
filterget_terms_orderbyintuitive-custom-post-order.php:112
filterwp_get_object_termsintuitive-custom-post-order.php:113
filterget_termsintuitive-custom-post-order.php:114
actionnetwork_admin_menuintuitive-custom-post-order.php:118
actionadmin_initintuitive-custom-post-order.php:119
filtersites_clausesintuitive-custom-post-order.php:132
actionadmin_initintuitive-custom-post-order.php:134
filterget_blogs_of_userintuitive-custom-post-order.php:137
actioninitintuitive-custom-post-order.php:141
filterqueryintuitive-custom-post-order.php:383
filterqueryintuitive-custom-post-order.php:1091
Maintenance & Trust

Intuitive Custom Post Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 16, 2025
PHP min version
Downloads3.0M

Community Trust

Rating88/100
Number of ratings139
Active installs400K
Alternatives

Intuitive Custom Post Order Alternatives

Custom Category Post Order

Custom Category Post Order

custom-post-order-category

A
99

Order your post by category or custom post type by drag & drop interface.

500 1 CVE
Simple Custom Post Order

Simple Custom Post Order

simple-custom-post-order

A
99

Easily reorder posts, pages, custom post types, and taxonomies with intuitive drag-and-drop sorting in the WordPress admin.

300K 1 CVE
GAP3 Coders Taxonomy Post Order

GAP3 Coders Taxonomy Post Order

gap3coders-taxonomy-post-order

A
100

Easily reorder posts within taxonomy terms using drag-and-drop interface. Custom order automatically applies to frontend without any code changes.

10 No CVEs
Post Types Order

Post Types Order

post-types-order

A
100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs
Reorder Posts

Reorder Posts

metronet-reorder-posts

A
100

A simple and easy way to reorder your custom post types in WordPress.

10K No CVEs
Developer Profile

Intuitive Custom Post Order Developer Profile

hijiri

3 plugins · 400K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
364 days
View full developer profile
Detection Fingerprints

How We Detect Intuitive Custom Post Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/intuitive-custom-post-order/admin/js/common.js/wp-content/plugins/intuitive-custom-post-order/admin/js/tag.js/wp-content/plugins/intuitive-custom-post-order/admin/js/post.js/wp-content/plugins/intuitive-custom-post-order/admin/js/sites.js/wp-content/plugins/intuitive-custom-post-order/admin/css/style.css
Script Paths
/wp-content/plugins/intuitive-custom-post-order/admin/js/common.js/wp-content/plugins/intuitive-custom-post-order/admin/js/tag.js/wp-content/plugins/intuitive-custom-post-order/admin/js/post.js/wp-content/plugins/intuitive-custom-post-order/admin/js/sites.js
Version Parameters
/wp-content/plugins/intuitive-custom-post-order/admin/js/common.js?ver=/wp-content/plugins/intuitive-custom-post-order/admin/js/tag.js?ver=/wp-content/plugins/intuitive-custom-post-order/admin/js/post.js?ver=/wp-content/plugins/intuitive-custom-post-order/admin/js/sites.js?ver=/wp-content/plugins/intuitive-custom-post-order/admin/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
hicpo-settings-wraphicpo-settings-formhicpo-post-type-settingshicpo-taxonomy-settingshicpo-sites-settingshicpo-sortable
Data Attributes
data-hicpo-ptdata-hicpo-taxonomydata-hicpo-sites
JS Globals
hicpo_order_settingshicpo_order_post_typeshicpo_order_taxonomieshicpo_order_siteshicpo_current_post_typehicpo_current_taxonomy
FAQ

Frequently Asked Questions about Intuitive Custom Post Order