WP-Safety

Post Format Filter Security & Risk Analysis

wordpress.org/plugins/post-format-filter

Filter posts by post format, also supports custom types.

20 active installs v1.0.0 PHP + WP 3.2+ Updated Aug 18, 2011
administrationdropdownfilterformatpost
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Post Format Filter Safe to Use in 2026?

Generally Safe

Score 85/100

Post Format Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The "post-format-filter" plugin version 1.0.0 exhibits a generally good security posture, with no identified vulnerabilities in its history and a clean static analysis report regarding dangerous functions, SQL queries, file operations, and external HTTP requests. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. However, a critical concern arises from the output escaping analysis, where 100% of outputs are not properly escaped. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if any user-controllable data is directly outputted without sanitization. While the plugin has no recorded vulnerability history, which is a positive sign of developer diligence, the lack of output escaping is a significant weakness that needs immediate attention to prevent potential security incidents.

Key Concerns

  • 100% of outputs are not properly escaped
Vulnerabilities
None known

Post Format Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Post Format Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped1 total outputs
Attack Surface

Post Format Filter Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 4
actionadmin_noticespost-format-filter.php:18
actionadmin_initpost-format-filter.php:33
actionparse_querypost-format-filter.php:37
actionrestrict_manage_postspost-format-filter.php:38
Maintenance & Trust

Post Format Filter Maintenance & Trust

Maintenance Signals

WordPress version tested3.2.1
Last updatedAug 18, 2011
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs20
Alternatives

Post Format Filter Alternatives

Page Template Filter

Page Template Filter

page-template-filter

A
85

Filter pages or hierarchal custom types by page template.

40 No CVEs
Wpautop Mask

Wpautop Mask

wpautop-mask

A
85

Toggle wpautop with shortcodes.

10 No CVEs
Advanced Excerpt

Advanced Excerpt

advanced-excerpt

A
85

Control the appearance of WordPress post excerpts

80K No CVEs
Filter Everything — Product Filter & WordPress Filter

Filter Everything — Product Filter & WordPress Filter

filter-everything

A
100

The most universal filters plugin for WordPress and WooCommerce products.

50K No CVEs
Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

ultimate-post

A
88

A highly customizable plugin to create news, magazines, and any kind of blog site with post grid, post filter, post slider, and post blocks.

40K 23 CVEs
Developer Profile

Post Format Filter Developer Profile

Mark / t31os

3 plugins · 560 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Format Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<select name="post_format_filter" id="post_format_filter"><option value=""> Show all post formats </option>
FAQ

Frequently Asked Questions about Post Format Filter