WP-Safety

Post Lists View Custom Security & Risk Analysis

wordpress.org/plugins/post-lists-view-custom

Customize the list of the post and page and the custom post type.

1K active installs v1.7.4 PHP + WP 3.8+ Updated Aug 13, 2015
adminpagepostpostsupload
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Post Lists View Custom Safe to Use in 2026?

Generally Safe

Score 85/100

Post Lists View Custom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "post-lists-view-custom" v1.7.4 plugin exhibits a mixed security posture. On the positive side, the plugin has no recorded vulnerabilities, no external HTTP requests, and correctly uses prepared statements for all its SQL queries. It also includes nonce and capability checks for its limited entry points and avoids bundled libraries. This indicates a developer who has some awareness of common security practices.

However, significant concerns arise from the static analysis. The plugin has 8 taint flows with unsanitized paths, which is a critical indicator of potential security weaknesses, even though they are not classified as critical or high severity in this specific analysis. Furthermore, a very low percentage of output (12%) is properly escaped, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The single file operation also warrants careful scrutiny to ensure it's not being used in a dangerous way.

Overall, while the plugin lacks a public vulnerability history, the presence of numerous unsanitized paths and widespread output escaping issues presents a notable risk. The absence of known CVEs might be due to limited security auditing or the plugin's specific implementation, rather than a guarantee of its safety. Further investigation into the specific nature of the unsanitized paths and output escaping would be crucial for a definitive assessment, but based on the provided data, caution is advised.

Key Concerns

  • Unsanitized paths in taint flows
  • Low percentage of properly escaped output
  • File operations detected
Vulnerabilities
None known

Post Lists View Custom Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Post Lists View Custom Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
119
16 escaped
Nonce Checks
2
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

12% escaped135 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
update_post (inc\class-data.php:434)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Post Lists View Custom Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 41
actionplugins_loadedinc\class-config.php:10
actionplugins_loadedinc\class-config.php:11
actioninitinc\class-config.php:12
actioninitinc\class-config.php:13
actioninitinc\class-config.php:14
actioninitinc\class-config.php:15
actioninitinc\class-config.php:16
actionwp_loadedinc\class-data.php:11
actionadmin_initinc\class-data.php:20
actioninitinc\class-manager.php:18
actioninitinc\class-manager.php:19
actionadmin_menuinc\class-manager.php:68
actionadmin_noticesinc\class-manager.php:69
actionadmin_print_scriptsinc\class-manager.php:71
actionplugins_loadedpost-lists-view-custom.php:61
actionload-edit.phppost-lists-view-custom.php:69
actionload-edit-comments.phppost-lists-view-custom.php:70
actionload-upload.phppost-lists-view-custom.php:71
actionload-users.phppost-lists-view-custom.php:72
actioninitpost-lists-view-custom.php:74
actionwp_loadedpost-lists-view-custom.php:76
actionadmin_print_scriptspost-lists-view-custom.php:382
actionadmin_initpost-lists-view-custom.php:383
actionadmin_initpost-lists-view-custom.php:387
filterrequestpost-lists-view-custom.php:605
filterposts_orderbypost-lists-view-custom.php:606
filtermanage_media_columnspost-lists-view-custom.php:623
actionmanage_media_custom_columnpost-lists-view-custom.php:624
filtermanage_upload_sortable_columnspost-lists-view-custom.php:625
filterrequestpost-lists-view-custom.php:626
filterposts_orderbypost-lists-view-custom.php:627
filtermanage_edit-comments_columnspost-lists-view-custom.php:644
actionmanage_comments_custom_columnpost-lists-view-custom.php:645
filtermanage_edit-comments_sortable_columnspost-lists-view-custom.php:646
filtermanage_users_columnspost-lists-view-custom.php:663
filtermanage_users_custom_columnpost-lists-view-custom.php:664
filtermanage_users_sortable_columnspost-lists-view-custom.php:665
filterwidgets_admin_pagepost-lists-view-custom.php:682
filteradmin_head-nav-menus.phppost-lists-view-custom.php:699
filtermanage_nav-menus_columnspost-lists-view-custom.php:707
actionadmin_head-nav-menus.phppost-lists-view-custom.php:708
Maintenance & Trust

Post Lists View Custom Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34
Last updatedAug 13, 2015
PHP min version
Downloads22K

Community Trust

Rating80/100
Number of ratings7
Active installs1K
Alternatives

Post Lists View Custom Alternatives

WP Admin UI Customize

WP Admin UI Customize

wp-admin-ui-customize

A
91

Customize the management screen UI.

30K 2 CVEs
LH Archived Post Status

LH Archived Post Status

lh-archived-post-status

A
92

Allows posts and pages to be archived so you can remove content from the main loop and feed without having to trash it.

4K No CVEs
HiFi (Head Injection, Foot Injection)

HiFi (Head Injection, Foot Injection)

hifi

A
85

HiFi is a head and foot injection plugin. It allows you to inject code into the head and foot areas of your posts and pages on a per-page basis.

2K No CVEs
Sortable Word Count Reloaded

Sortable Word Count Reloaded

sortable-word-count-reloaded

A
100

Adds a sortable column to the posts and pages admin list with the word count of each page/post.

2K No CVEs
Bulk Edit YOAST SEO fields in Spreadsheet

Bulk Edit YOAST SEO fields in Spreadsheet

wp-sheet-editor-yoast-seo

A
85

Bulk Edit posts, pages, and WooCommerce products YOAST SEO fields using a spreadsheet.

1K No CVEs
Developer Profile

Post Lists View Custom Developer Profile

gqevu6bsiz

10 plugins · 47K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
183 days
View full developer profile
Detection Fingerprints

How We Detect Post Lists View Custom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-lists-view-custom/inc/class-config.php/wp-content/plugins/post-lists-view-custom/inc/class-data.php/wp-content/plugins/post-lists-view-custom/inc/class-manager.php/wp-content/plugins/post-lists-view-custom/inc/class-plugin-info.php
Version Parameters
post-lists-view-custom/style.css?ver=post-lists-view-custom/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
show-fieldcolumn-titlecolumn-toggleedit-fieldinput-column-namesort_labelremove-actioncolumn-check+1 more
HTML Comments
Copyright 2012 gqevu6bsiz (email : gqevu6bsiz@gmail.com)This program is free software; you can redistribute it and/or modifyit under the terms of the GNU General Public License, version 2, aspublished by the Free Software Foundation.+9 more
Data Attributes
id="column-class="show-field"class="column-title"class="column-toggle"class="edit-field"class="large-text input-column-name"+5 more
FAQ

Frequently Asked Questions about Post Lists View Custom