WP-Safety

Plugin Columns Security & Risk Analysis

wordpress.org/plugins/plugin-columns

Plugin Columns adds several columns to the plugins list (Categories, dates, counters). Useful if you have a lot of plugins installed to filter by cate …

100 active installs v1.2.2 PHP 5.6+ WP 4.5+ Updated Jun 10, 2020
categoriescolumnsmanagerplugin-columnsplugins
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Plugin Columns Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Columns has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The plugin 'plugin-columns' v1.2.2 demonstrates a generally good security posture, with a commendable lack of known vulnerabilities and a low attack surface. The code analysis reveals a strong emphasis on security best practices, including the use of prepared statements for all SQL queries and a significant percentage of properly escaped output. The presence of nonce and capability checks on its single AJAX handler further reinforces its protected entry points. The taint analysis also indicates no critical or high-severity flows with unsanitized paths, suggesting a well-handled data flow within the plugin.

However, a minor concern arises from the taint analysis revealing one flow with an unsanitized path. While this did not escalate to a critical or high severity, it represents a potential area for future exploitation if not addressed. Additionally, only 76% of outputs being properly escaped suggests there's room for improvement to reach a more robust level of security, potentially leaving some data susceptible to cross-site scripting (XSS) if not handled by other WordPress core protections. The absence of any historical vulnerabilities is a positive sign, indicating consistent good development practices. Overall, 'plugin-columns' v1.2.2 is a relatively secure plugin, with only minor areas for enhancement to achieve a near-perfect security profile.

Key Concerns

  • Flow with unsanitized path detected
  • Percentage of properly escaped outputs is 76%
Vulnerabilities
None known

Plugin Columns Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Plugin Columns Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
19 escaped
Nonce Checks
4
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

76% escaped25 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
pinned_category_redirect (plugin-columns.php:1212)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Plugin Columns Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_plugin_columns_actionplugin-columns.php:337
WordPress Hooks 44
actionadmin_menuplugin-columns.php:16
actionnetwork_admin_menuplugin-columns.php:17
filterpre_set_site_transient_update_pluginsplugin-columns.php:54
filtersite_transient_update_pluginsplugin-columns.php:55
filtertransient_update_pluginsplugin-columns.php:56
actioninitplugin-columns.php:103
actioninitplugin-columns.php:104
actionadmin_initplugin-columns.php:105
filterplugin_row_metaplugin-columns.php:216
filterall_pluginsplugin-columns.php:229
filterviews_pluginsplugin-columns.php:236
filterviews_plugins-networkplugin-columns.php:237
filterall_pluginsplugin-columns.php:259
filternetwork_admin_plugin_action_linksplugin-columns.php:265
filterplugin_action_linksplugin-columns.php:266
filtermanage_plugins_sortable_columnsplugin-columns.php:267
filtermanage_plugins-network_sortable_columnsplugin-columns.php:268
filteradmin_body_classplugin-columns.php:269
filtermanage_plugins_sortable_columnsplugin-columns.php:277
filtermanage_plugins-network_sortable_columnsplugin-columns.php:278
filtermanage_plugins_sortable_columnsplugin-columns.php:283
filtermanage_plugins-network_sortable_columnsplugin-columns.php:284
filterwp_redirectplugin-columns.php:289
filterall_pluginsplugin-columns.php:304
actionactivate_pluginplugin-columns.php:308
actiondeactivate_pluginplugin-columns.php:309
actionupgrader_process_completeplugin-columns.php:312
actiondelete_pluginplugin-columns.php:313
filtermanage_plugins_columnsplugin-columns.php:316
filtermanage_plugins-network_columnsplugin-columns.php:317
actionmanage_plugins_custom_columnplugin-columns.php:318
filterbulk_actions-pluginsplugin-columns.php:321
filterhandle_bulk_actions-pluginsplugin-columns.php:322
filterbulk_actions-plugins-networkplugin-columns.php:323
filterhandle_bulk_actions-plugins-networkplugin-columns.php:324
actionadmin_footer-plugins.phpplugin-columns.php:327
actionadmin_footer-plugins.phpplugin-columns.php:330
actionpre_current_active_pluginsplugin-columns.php:333
actionadmin_footer-plugins.phpplugin-columns.php:334
actionpre_current_active_pluginsplugin-columns.php:340
filterscreen_settingsplugin-columns.php:343
filterplugin_action_linksplugin-columns.php:347
filternetwork_admin_plugin_action_linksplugin-columns.php:348
actionadmin_enqueue_scriptsplugin-columns.php:352
Maintenance & Trust

Plugin Columns Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedJun 10, 2020
PHP min version5.6
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Plugin Columns Alternatives

WP Plugin Manager – Deactivate plugins per page

WP Plugin Manager – Deactivate plugins per page

wp-plugin-manager

A
98

"WP Plugin Manager" is a plugin that allows you to disable plugins on specific pages, posts, or devices for better performance.

3K 2 CVEs
News Manager

News Manager

news-manager

A
85

Every CMS site needs a news section. News Manager allows you add, manage and display news, date archives, AJAX Calendar, Categories, Tags and more.

700 No CVEs
iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

iFolders – Ultimate Folder Organizer for Media Library, Pages, Posts and Users

ifolders

A
100

Take control of your media library, posts, pages, and other content with our folder manager. Organize your WordPress data into specific categories.

300 1 CVE
MediaCommander – Bring Folders to Media, Posts, and Pages

MediaCommander – Bring Folders to Media, Posts, and Pages

mediacommander

A
99

Take control of your data with our folder manager - organize your WordPress media library, posts, and pages into specific categories with ease.

40 1 CVE
Version Locker – Update Control

Version Locker – Update Control

version-locker

A
100

Securely lock plugin updates. Prevent accidental or automatic updates and keep your site stable.

20 No CVEs
Developer Profile

Plugin Columns Developer Profile

Roger Grimstad

1 plugin · 100 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Plugin Columns

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plugin-columns/js/plugin-columns.js/wp-content/plugins/plugin-columns/css/plugin-columns.css
Script Paths
/wp-content/plugins/plugin-columns/js/plugin-columns.js
Version Parameters
plugin-columns/js/plugin-columns.js?ver=plugin-columns/css/plugin-columns.css?ver=

HTML / DOM Fingerprints

CSS Classes
plugin-columns-actionsplugin-columns-category-pageplugin-columns-delete-buttonplugin-columns-header-actionsplugin-columns-import-buttonplugin-columns-noupdateplugin-columns-option-inputplugin-columns-options-container+4 more
HTML Comments
<!-- The plugin-columns plugin was automatically disabled because it was not present in the plugins.php file -->
Data Attributes
data-plugin-columns-category
JS Globals
plugin_columns_adminplugin_columns_current_blog_idplugin_columns_delete_pluginplugin_columns_get_optionplugin_columns_hide_pluginplugin_columns_pin_category+6 more
FAQ

Frequently Asked Questions about Plugin Columns