Does MB Custom Post Types & Custom Taxonomies have any unpatched vulnerabilities?

No. All known vulnerabilities in MB Custom Post Types & Custom Taxonomies have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MB Custom Post Types & Custom Taxonomies compatible with WordPress 6.9.4?

According to WordPress.org data, MB Custom Post Types & Custom Taxonomies 2.11.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MB Custom Post Types & Custom Taxonomies compatible with PHP 7.2+?

MB Custom Post Types & Custom Taxonomies requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MB Custom Post Types & Custom Taxonomies updated?

MB Custom Post Types & Custom Taxonomies was last updated on Mar 6, 2026. Frequent updates are generally a positive security signal.

What is MB Custom Post Types & Custom Taxonomies's security score?

MB Custom Post Types & Custom Taxonomies has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MB Custom Post Types & Custom Taxonomies Security & Risk Analysis

wordpress.org/plugins/mb-custom-post-type

Create and manage custom post types and custom taxonomies with an easy-to-use UI in WordPress.

10K active installs v2.11.3 PHP 7.2+ WP 6.5+ Updated Mar 6, 2026

custom-post-typescustom-taxonomiespoststaxonomies

A · Safe

CVEs total1

Unpatched0

Last CVEMar 3, 2025

Plugin page Download

Safety Verdict

Is MB Custom Post Types & Custom Taxonomies Safe to Use in 2026?

Generally Safe

Score 99/100

MB Custom Post Types & Custom Taxonomies has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 3, 2025Updated 28d ago

Risk Assessment

The "mb-custom-post-type" v2.11.3 plugin presents a generally good security posture with a strong emphasis on prepared SQL statements and output escaping, indicating developers are aware of common web vulnerabilities. The absence of external HTTP requests and bundled libraries is also a positive sign. However, the presence of two unprotected AJAX handlers creates a notable attack surface. While taint analysis found no critical or high severity flows, these unprotected entry points could potentially be exploited if they process user-supplied data without proper validation or sanitization. The plugin has a history of one medium-severity CVE related to Cross-Site Scripting, which, although patched and not current, highlights a past weakness that warrants attention. The absence of unpatched vulnerabilities is reassuring, but the historical XSS issue combined with unprotected AJAX handlers suggests a need for continued vigilance and a review of how these handlers process input.

Key Concerns

Unprotected AJAX handlers
Past medium severity XSS vulnerability

Vulnerabilities

MB Custom Post Types & Custom Taxonomies Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-10143medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

MB Custom Post Types & Custom Taxonomies <= 2.7.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Mar 3, 2025 Patched in 2.7.7 (86d)

Code Analysis

Analyzed Mar 16, 2026

MB Custom Post Types & Custom Taxonomies Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared13 total queries

Output Escaping

96% escaped25 total outputs

Attack Surface

2 unprotected

MB Custom Post Types & Custom Taxonomies Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_mbcpt_migrate_post_typessrc\Ajax.php:8

authwp_ajax_mbcpt_migrate_taxonomiessrc\Ajax.php:9

authwp_ajax_mb_cpt_save_ordersrc\PostTypeReorder.php:11

authwp_ajax_mb_cpt_save_order_termssrc\TaxonomyReorder.php:12

WordPress Hooks 46

actioninitmb-custom-post-type.php:38

filterrwmb_admin_menumb-custom-post-type.php:69

actionadmin_enqueue_scriptssrc\Edit.php:11

actionadd_meta_boxessrc\Edit.php:13

filterpost_row_actionssrc\Export.php:8

actionadmin_initsrc\Export.php:9

actionadmin_footer-edit.phpsrc\Import.php:7

actionadmin_print_styles-edit.phpsrc\Import.php:8

actionadmin_initsrc\Import.php:9

filtermbcpt_post_typesrc\Integrations\Polylang\PostType.php:43

filtermbcpt_post_typesrc\Integrations\Polylang\PostType.php:44

filtermbcpt_taxonomysrc\Integrations\Polylang\Taxonomy.php:40

filtermbcpt_taxonomysrc\Integrations\Polylang\Taxonomy.php:41

actionsave_post_mb-post-typesrc\Integrations\WPML\PostType.php:45

filtermbcpt_post_typesrc\Integrations\WPML\PostType.php:46

actiondeleted_post_mb-post-typesrc\Integrations\WPML\PostType.php:47

actionsave_post_mb-taxonomysrc\Integrations\WPML\Taxonomy.php:42

filtermbcpt_taxonomysrc\Integrations\WPML\Taxonomy.php:43

actiondeleted_post_mb-taxonomysrc\Integrations\WPML\Taxonomy.php:44

actionadmin_menusrc\Menu.php:6

actionadmin_menusrc\Migration.php:6

actionadmin_head-edit.phpsrc\PostListTable.php:6

filterget_the_excerptsrc\PostListTable.php:25

actionadmin_menusrc\PostTypeRegister.php:81

actionadmin_initsrc\PostTypeRegister.php:353

actionadmin_menusrc\PostTypeRegister.php:354

actionadminmenusrc\PostTypeRegister.php:355

filtersanitize_html_classsrc\PostTypeRegister.php:377

actionload-edit.phpsrc\PostTypeReorder.php:9

actionadmin_print_styles-edit.phpsrc\PostTypeReorder.php:10

actionpre_get_postssrc\PostTypeReorder.php:12

filterget_previous_post_wheresrc\PostTypeReorder.php:13

filterget_previous_post_sortsrc\PostTypeReorder.php:14

filterget_next_post_wheresrc\PostTypeReorder.php:15

filterget_next_post_sortsrc\PostTypeReorder.php:16

filterpost_updated_messagessrc\Register.php:9

filterbulk_post_updated_messagessrc\Register.php:10

filterrest_prepare_taxonomysrc\TaxonomyRegister.php:10

actionadmin_print_styles-edit-tags.phpsrc\TaxonomyReorder.php:10

actionadmin_print_styles-edit-tags.phpsrc\TaxonomyReorder.php:11

filterget_terms_orderbysrc\TaxonomyReorder.php:13

filterwp_get_object_termssrc\TaxonomyReorder.php:14

filterget_termssrc\TaxonomyReorder.php:15

actionadmin_initsrc\ToggleStatusColumn.php:9

filtermbb_toggle_status_post_typessrc\ToggleStatusColumn.php:16

actionadmin_noticessrc\Warning.php:7

Maintenance & Trust

MB Custom Post Types & Custom Taxonomies Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 6, 2026

PHP min version7.2

Downloads356K

Community Trust

Rating94/100

Number of ratings13

Active installs10K

Alternatives

MB Custom Post Types & Custom Taxonomies Alternatives

All in one demo Export/Import

all-in-one-demo-importexport

Easily export or import your WordPress customizer settings!

20 No CVEs

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 6 CVEs

Pods – Custom Content Types and Fields

pods

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Custom post types, Custom Fields & more

custom-post-types

Custom Post Types, Custom Fields, Custom Taxonomies, Custom Templates, Custom Admin Pages, Custom Admin Notices. Directly from the WP dashboard.

3K 3 CVEs

Developer Profile

MB Custom Post Types & Custom Taxonomies Developer Profile

Anh Tran

17 plugins · 85K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

76 days

View full developer profile

Detection Fingerprints

How We Detect MB Custom Post Types & Custom Taxonomies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mb-custom-post-type/assets/style.css/wp-content/plugins/mb-custom-post-type/assets/edit.js

Script Paths

/wp-content/plugins/mb-custom-post-type/assets/build/post-type.js/wp-content/plugins/mb-custom-post-type/assets/build/taxonomy.js

Version Parameters

mb-custom-post-type/assets/style.css?ver=mb-custom-post-type/assets/edit.js?ver=post-type.js?ver=taxonomy.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-mb-cpt-typedata-mb-taxonomy-type

JS Globals

MBCPT

FAQ