WP-Safety

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Security & Risk Analysis

wordpress.org/plugins/post-type-column-editor

Customize WordPress admin columns for post types, users, taxonomies & more. Add, reorder, or remove columns easily – no coding needed.

0 active installs v1.0.5 PHP 7.4+ WP 5.8+ Updated Aug 11, 2025
columncolumnspost-typetaxonomy-columnwp-columns
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Safe to Use in 2026?

Generally Safe

Score 100/100

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "post-type-column-editor" plugin, v1.0.5, exhibits a generally good security posture with several strengths. The plugin demonstrates strong practices regarding SQL query sanitization and output escaping, with 80% of SQL queries using prepared statements and 95% of outputs properly escaped. Furthermore, the absence of known vulnerabilities (CVEs) and critical taint analysis findings suggests a mature and well-maintained codebase. The use of nonces and capability checks on 8 and 2 entry points respectively also indicates an effort to secure the plugin's functionality.

However, a notable concern lies in the plugin's attack surface. With a total of 6 AJAX handlers, 3 of them lack authentication checks. This presents a potential entry point for malicious actors to trigger functionalities without proper authorization. While the taint analysis did not reveal any unsanitized paths with critical or high severity, the presence of unprotected AJAX endpoints warrants careful attention and potential remediation. The bundled Select2 library, while common, could also pose a risk if it's an outdated version, though this is not explicitly stated in the provided data.

In conclusion, while the plugin benefits from a clean vulnerability history and robust SQL/output sanitization, the unprotected AJAX handlers represent a significant weakness. Addressing these unauthenticated entry points should be the priority to further strengthen the plugin's security. The overall security is moderate, with a strong foundation but a specific area of vulnerability that could be exploited.

Key Concerns

  • Unprotected AJAX handlers
  • AJAX handlers without auth checks (3/6)
Vulnerabilities
None known

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
4
73 escaped
Nonce Checks
8
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

80% prepared5 total queries

Output Escaping

95% escaped77 total outputs
Data Flows
All sanitized

Data Flow Analysis

5 flows
reset_columns (includes\class-column-manager.php:168)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Attack Surface

Entry Points6
Unprotected3

AJAX Handlers 6

authwp_ajax_ptcm_get_columnsincludes\class-ajax-handler.php:9
authwp_ajax_ptcm_save_columnsincludes\class-ajax-handler.php:10
authwp_ajax_ptcm_reload_list_tableincludes\class-ajax-handler.php:11
authwp_ajax_ptcm_reset_columnsincludes\class-ajax-handler.php:12
authwp_ajax_ptcm_save_post_type_custom_fieldsincludes\class-ajax-handler.php:13
authwp_ajax_ptcm_get_hook_sampleincludes\class-ajax-handler.php:14
WordPress Hooks 12
actioncurrent_screenincludes\class-column-manager.php:9
actioncurrent_screenincludes\class-help-tab.php:10
actioninitincludes\class-plugin.php:19
actionadmin_initincludes\class-plugin.php:20
filterptcm_should_enqueue_popup_assetsincludes\class-plugin.php:39
actionptcm_current_screenincludes\class-plugin.php:40
actionadmin_enqueue_scriptsincludes\class-plugin.php:41
actionin_admin_headerincludes\class-plugin.php:45
actionadmin_footerincludes\class-plugin.php:152
actionplugins_loadedpost-type-column-editor.php:42
actionadmin_menusrc\Settings\SettingsPage.php:10
actionadmin_initsrc\Settings\SettingsPage.php:11
Maintenance & Trust

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 11, 2025
PHP min version7.4
Downloads381

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Alternatives

Post Admin Word Count

Post Admin Word Count

post-admin-word-count

A
100

Adds a sortable word count column to the admin post list for all public post types. Efficient, lightweight and built with modern best practices.

3K No CVEs
Genesis Easy Columns

Genesis Easy Columns

genesis-easy-columns

A
85

Easily add Genesis column shortcodes to your WordPress editor.

2K No CVEs
Boone's Sortable Columns

Boone's Sortable Columns

boones-sortable-columns

A
100

A handy, extensible class for adding sortable columns your custom post type lists.

10 No CVEs
Hide Admin Columns

Hide Admin Columns

hide-admin-columns

A
92

Hide columns in the WordPress admin list tables for custom post types.

10 No CVEs
Mimo Masonry

Mimo Masonry

mimo-masonry

A
85

Creates a Widget to display a Masonry, Infinite scroll, filterable loop of posts or whatever custom post type you have. Includes 1-20 columns layout.

10 No CVEs
Developer Profile

WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More Developer Profile

Dipankar Pal

3 plugins · 400 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-type-column-editor/assets/css/plugin-settings.css/wp-content/plugins/post-type-column-editor/assets/css/main.css/wp-content/plugins/post-type-column-editor/assets/css/select2.min.css/wp-content/plugins/post-type-column-editor/assets/js/plugins/ptcm-utils.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmTooltip.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmRenderRow.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmColumnManager.js/wp-content/plugins/post-type-column-editor/assets/js/main.js+1 more
Script Paths
/wp-content/plugins/post-type-column-editor/assets/js/plugins/ptcm-utils.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmTooltip.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmRenderRow.js/wp-content/plugins/post-type-column-editor/assets/js/plugins/jquery.ptcmColumnManager.js/wp-content/plugins/post-type-column-editor/assets/js/main.js/wp-content/plugins/post-type-column-editor/assets/js/select2.min.js

HTML / DOM Fingerprints

CSS Classes
ptcm-column-manager-wrapperptcm-settings-page
Data Attributes
data-ptcm-debugdata-ptcm-noncedata-ptcm-col-typesdata-ptcm-sourcesdata-ptcm-fieldsdata-ptcm-post-type+2 more
JS Globals
window.ptcmDatawindow.PTCM
FAQ

Frequently Asked Questions about WP Admin Columns – Easy Admin Columns Builder for WordPress – Custom Post Types, Taxonomy, Users & More