WP-Safety

LH Add ID Columns Security & Risk Analysis

wordpress.org/plugins/lh-add-id-columns

LH Add ID Columns adds user and post ID's to the WordPress user, post, page, and custom post type listings.

20 active installs v1.03 PHP + WP 4.0+ Updated Jul 28, 2022
idpost-idsortableuser-id
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is LH Add ID Columns Safe to Use in 2026?

Generally Safe

Score 85/100

LH Add ID Columns has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The lh-add-id-columns plugin version 1.03 exhibits a generally positive security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, cron events, dangerous functions, file operations, and external HTTP requests significantly limits the plugin's attack surface. Furthermore, the complete absence of known CVEs in its vulnerability history suggests a history of stable and potentially well-maintained code.

However, the analysis does highlight one significant concern: 100% of the identified outputs are not properly escaped. This presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious script code could be injected into the WordPress admin interface or potentially exposed to users depending on where these outputs are rendered. The lack of capability checks and nonce checks, while not immediately exploitable due to the limited attack surface, could become a weakness if the plugin were to introduce new entry points in future versions without proper security considerations.

In conclusion, the plugin's limited functionality and lack of complex features contribute to a low overall risk profile. The primary area for improvement is addressing the unescaped output, which is a common and potentially severe security flaw. If this can be rectified, the plugin would represent a very secure addition to a WordPress site.

Key Concerns

  • All identified outputs are unescaped
  • No capability checks implemented
  • No nonce checks implemented
Vulnerabilities
None known

LH Add ID Columns Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

LH Add ID Columns Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped3 total outputs
Attack Surface

LH Add ID Columns Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 21
filtermanage_users_columnslh-add-id-columns.php:174
filtermanage_users_sortable_columnslh-add-id-columns.php:175
actionmanage_users_custom_columnlh-add-id-columns.php:176
filterwpmu_users_columnslh-add-id-columns.php:181
actionwpmu_users_custom_columnlh-add-id-columns.php:182
filtermanage_users-network_sortable_columnslh-add-id-columns.php:183
filtermanage_posts_columnslh-add-id-columns.php:186
filtermanage_edit-post_sortable_columnslh-add-id-columns.php:187
actionmanage_posts_custom_columnlh-add-id-columns.php:188
filtermanage_upload_columnslh-add-id-columns.php:190
filtermanage_upload_sortable_columnslh-add-id-columns.php:191
actionmanage_media_custom_columnlh-add-id-columns.php:192
filtermanage_pages_columnslh-add-id-columns.php:194
filtermanage_edit-page_sortable_columnslh-add-id-columns.php:195
actionmanage_pages_custom_columnlh-add-id-columns.php:196
filtermanage_edit-comments_columnslh-add-id-columns.php:230
filtermanage_comments_custom_columnlh-add-id-columns.php:231
filterbp_groups_list_table_get_columnslh-add-id-columns.php:235
filterbp_groups_admin_get_group_custom_columnlh-add-id-columns.php:236
filterdefault_hidden_columnslh-add-id-columns.php:239
actionadmin_initlh-add-id-columns.php:262
Maintenance & Trust

LH Add ID Columns Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 28, 2022
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

LH Add ID Columns Alternatives

Show IDs by DraftPress

Show IDs by DraftPress

wpsite-show-ids

A
100

The Show IDs plugin displays the ID of all posts, categories, pages, taxonomies, users, tags, and more.

10K No CVEs
Show IDs by Echo

Show IDs by Echo

echo-show-ids

A
100

Show IDs on admin pages for posts, pages, categories, taxonomies, custom post types and more.

2K No CVEs
HH sortable ID columns

HH sortable ID columns

hh-sortable

A
85

Sortable ID columns for all standard data types in WordPress admin panel.

300 No CVEs
Random User IDs

Random User IDs

random-user-ids

A
92

This WordPress plugin randomizes the user_id for the user created on WordPress setup, removing one potential attack factor from the site.

300 No CVEs
WP Tabbed Widget

WP Tabbed Widget

wp-tabbed-widget

A
100

Display all your favorites widgets into a tabbed style widget.

300 No CVEs
Developer Profile

LH Add ID Columns Developer Profile

shawfactor

77 plugins · 15K total installs

91
trust score
Avg Security Score
87/100
Avg Patch Time
7 days
View full developer profile
Detection Fingerprints

How We Detect LH Add ID Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters
lh-add-id-columns/style.css?ver=lh-add-id-columns/script.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about LH Add ID Columns