Post and Taxonomy Filter Security & Risk Analysis
wordpress.org/plugins/post-and-taxonomy-filterPost and Taxonomy Filter is very simple plugin to create a post filter. You just install it and goes his setting page thant is visible in your dashboa …
Is Post and Taxonomy Filter Safe to Use in 2026?
Generally Safe
Score 85/100Post and Taxonomy Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "post-and-taxonomy-filter" v0.1 exhibits a concerning security posture, primarily due to a lack of robust security checks. While the plugin has no recorded vulnerability history and doesn't utilize dangerous functions or perform file operations or external HTTP requests, these positive aspects are overshadowed by significant risks in its entry points and data handling. The presence of two unprotected AJAX handlers, combined with two taint flows identified as having unsanitized paths with high severity, indicates a direct pathway for attackers to potentially inject malicious data or execute unintended code. Furthermore, all SQL queries are executed without prepared statements, increasing the risk of SQL injection vulnerabilities.
The absence of any nonce or capability checks on its AJAX handlers is a critical oversight, leaving these entry points wide open to unauthorized access and manipulation. The plugin also fails to properly escape a significant portion of its output, leading to potential cross-site scripting (XSS) vulnerabilities. The vulnerability history being clear is a positive, suggesting the developers may be attentive, but the current code analysis reveals significant flaws that need immediate attention before any vulnerabilities are actively exploited.
Key Concerns
- AJAX handlers without auth checks
- Taint flows with unsanitized paths (High)
- SQL queries using no prepared statements
- Output escaping is not properly handled
- No nonce checks on AJAX handlers
- No capability checks on AJAX handlers
Post and Taxonomy Filter Security Vulnerabilities
Post and Taxonomy Filter Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Post and Taxonomy Filter Attack Surface
AJAX Handlers 2
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Post and Taxonomy Filter Maintenance & Trust
Maintenance Signals
Community Trust
Post and Taxonomy Filter Alternatives
Admin Taxonomy Filter
admin-taxonomy-filter
Filter posts or custom post types in the admin area by custom taxonomies.
Filter Everything — Product Filter & WordPress Filter
filter-everything
The most universal filters plugin for WordPress and WooCommerce products.
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX
ultimate-post
A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.
Post Grid
post-grid
Post Grid is a powerful WordPress plugin for creating customizable post grid layouts with advanced query options, allowing users to display posts dyna …
Advanced Post Block – Showcase Posts with Grid, List, Card Layouts and Filters
advanced-post-block
Advanced Post Block lets you add dynamic post grids, lists, sliders, and tickers. Filter content by category, tag, author, or custom post type.
Post and Taxonomy Filter Developer Profile
1 plugin · 40 total installs
How We Detect Post and Taxonomy Filter
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-and-taxonomy-filter/assets/css/style.css/wp-content/plugins/post-and-taxonomy-filter/assets/js/filter.js/wp-content/plugins/post-and-taxonomy-filter/assets/js/filter.jsHTML / DOM Fingerprints
title-ptfabout-ptfbasicsettingsection-detailsetting-sectionfilter-showrow-postthemesetting+11 morepost_taxonomy_post_typepost_taxonomy_post_taxonomypost_taxonomy_filterpost_taxonomy_querypost_taxonomy_row_postpost_taxonomy_html+4 more[post_taxonomy_filters][tax_name][tax_link][tax_custom_name_field]