Does News CPT have any unpatched vulnerabilities?

No. All known vulnerabilities in News CPT have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is News CPT compatible with WordPress 3.9.40?

According to WordPress.org data, News CPT 1.1.1 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is News CPT updated?

News CPT was last updated on May 17, 2014. Frequent updates are generally a positive security signal.

What is News CPT's security score?

News CPT has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

News CPT Security & Risk Analysis

wordpress.org/plugins/news-cpt

A quick, easy way to add an extensible News custom post type to Wordpress.

100 active installs v1.1.1 PHP + WP 3.1+ Updated May 17, 2014

cptcustom-post-typenewsshortcodewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is News CPT Safe to Use in 2026?

Generally Safe

Score 85/100

News CPT has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the "news-cpt" plugin v1.1.1 exhibits a generally positive security posture. The absence of known CVEs and any recorded vulnerabilities in its history is a strong indicator of a well-maintained and secure codebase over time. The static analysis further supports this, showing no dangerous functions, no direct SQL queries (all using prepared statements), no file operations, and no external HTTP requests, all of which are excellent security practices.

However, several areas present potential concerns. The most significant is the low percentage (21%) of properly escaped output. This indicates a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, where unescaped data rendered on the frontend could be manipulated by attackers to execute malicious scripts. Additionally, the complete lack of nonce checks and capability checks, particularly with the presence of a shortcode as an entry point, leaves the plugin vulnerable to unauthorized actions if the shortcode can be triggered without proper user authentication or authorization.

While the plugin boasts a small attack surface, the lack of robust input validation and authorization checks on the available entry point (shortcode) is a weakness. The absence of taint analysis results is also noted; while this could mean no issues were found, it's important to note that complex vulnerabilities might be missed by static analysis alone without specific taint flow configuration. Overall, the plugin has a good foundation but requires immediate attention to output escaping and authentication/authorization mechanisms to mitigate identified risks.

Key Concerns

Low output escaping percentage
Missing nonce checks on entry points
Missing capability checks on entry points

Vulnerabilities

None known

News CPT Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

News CPT Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped14 total outputs

Attack Surface

News CPT Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[list-news-items] news-cpt.php:369

WordPress Hooks 4

actioninitnews-cpt.php:36

actionwidgets_initnews-cpt.php:172

filtertemplate_includenews-cpt.php:199

actiongenerate_rewrite_rulesnews-cpt.php:250

Maintenance & Trust

News CPT Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMay 17, 2014

PHP min version

Downloads10K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

News CPT Alternatives

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Another Mailchimp Widget

another-mailchimp-widget

Simple Mailchimp subscription form to your lists and groups.

5K No CVEs

CPT Calender Widget for WordPress

cpt-calender-widget

Create Custom Post and and select CPT from dropdown.

100 No CVEs

Custom Post Type List Shortcode

custom-post-type-list-shortcode

A shortcode with which you can easily list all of the posts within a post-type and sort by regular or custom fields.

100 1 unpatched

Nekto Core

nekto-core

100

Adds custom post types, categories, meta boxes, shortcodes, and widgets for displaying projects.

20 No CVEs

Developer Profile

News CPT Developer Profile

vanjwilson

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect News CPT

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/news-cpt/css/news-cpt.css/wp-content/plugins/news-cpt/js/news-cpt.js

Version Parameters

news-cpt/css/news-cpt.css?ver=news-cpt/js/news-cpt.js?ver=

HTML / DOM Fingerprints

CSS Classes

title-news-cptrecent-news-items

HTML Comments

Data Attributes

id="news_cpt_widget"

Shortcode Output

<h4 class="title-news-cpt"><div class="recent-news-items"><a class="post-title" href="<?php the_permalink(); ?>" title="

FAQ