WP-Safety

Post Type Spotlight Security & Risk Analysis

wordpress.org/plugins/post-type-spotlight

x-release-please-start-version Stable tag: 3.0.3 x-release-please-end License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.

40 active installs v3.0.3 PHP + WP 5.1+ Updated Jan 24, 2024
custom-post-typesfeaturedpost-typepostssticky
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Post Type Spotlight Safe to Use in 2026?

Generally Safe

Score 85/100

Post Type Spotlight has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin "post-type-spotlight" v3.0.3 exhibits a very strong security posture based on the provided static analysis. There are no identified vulnerabilities in its attack surface, dangerous functions, SQL queries, output escaping, file operations, or external HTTP requests. The presence of nonce and capability checks further reinforces good security practices. The absence of any recorded CVEs in its vulnerability history, coupled with the clean code signals, suggests a mature and secure codebase that has likely been well-maintained and vetted.

However, it's important to note that the static analysis did not reveal any taint flows. While this is an excellent sign, it doesn't entirely eliminate the possibility of complex, context-dependent vulnerabilities that might be missed by automated tools. The limited attack surface is a significant strength, but the fact that there are *zero* entry points without authentication checks is also a data point worth considering, implying a very minimal feature set for public interaction. Overall, this plugin appears to be exceptionally secure.

Vulnerabilities
None known

Post Type Spotlight Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Post Type Spotlight Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
45 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped45 total outputs
Attack Surface

Post Type Spotlight Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 22
actioninitclass-post-type-spotlight-block-editor.php:17
actioninitclass-post-type-spotlight-block-editor.php:18
actioninitclass-post-type-spotlight-block-editor.php:19
filterpre_render_blockclass-post-type-spotlight-block-editor.php:21
filterposts_orderbyclass-post-type-spotlight-block-editor.php:24
filterquery_loop_block_query_varsclass-post-type-spotlight-block-editor.php:105
actionplugins_loadedclass-post-type-spotlight.php:20
actioninitclass-post-type-spotlight.php:21
actionwidgets_initclass-post-type-spotlight.php:22
actionadmin_initclass-post-type-spotlight.php:24
actionadmin_initclass-post-type-spotlight.php:25
actionrest_api_initclass-post-type-spotlight.php:26
actionadd_meta_boxesclass-post-type-spotlight.php:28
actionsave_postclass-post-type-spotlight.php:29
actionedit_attachmentclass-post-type-spotlight.php:30
actionpre_get_postsclass-post-type-spotlight.php:31
actionadmin_enqueue_scriptsclass-post-type-spotlight.php:32
filterpost_classclass-post-type-spotlight.php:34
filtermanage_media_columnsclass-post-type-spotlight.php:222
actionmanage_media_custom_columnclass-post-type-spotlight.php:223
actionattachment_submitbox_misc_actionsclass-post-type-spotlight.php:349
actionpost_submitbox_misc_actionsclass-post-type-spotlight.php:351
Maintenance & Trust

Post Type Spotlight Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedJan 24, 2024
PHP min version
Downloads15K

Community Trust

Rating100/100
Number of ratings2
Active installs40
Alternatives

Post Type Spotlight Alternatives

Ultimate Posts Widget

Ultimate Posts Widget

ultimate-posts-widget

A
92

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE
Featured Posts and Custom Posts

Featured Posts and Custom Posts

featured-posts-and-custom-posts

A
85

Allows the user to feature posts and custom posts. When a post is featured it gets the post metta _jsFeaturedPost.

100 No CVEs
WP Featured News – Custom Posts Listing Elements

WP Featured News – Custom Posts Listing Elements

wp-featured-news-custom-posts-listing-elements

A
100

WP Featured News plugin allows you to display your posts anywhere of your web-pages with 10 powerful and creatively designed post blocks.

10 No CVEs
MB Custom Post Types & Custom Taxonomies

MB Custom Post Types & Custom Taxonomies

mb-custom-post-type

A
99

Create and manage custom post types and custom taxonomies with an easy-to-use UI in WordPress.

10K 1 CVE
No Page Comment

No Page Comment

no-page-comment

A
99

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs
Developer Profile

Post Type Spotlight Developer Profile

Jonathan Desrosiers

9 plugins · 21K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Post Type Spotlight

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/post-type-spotlight/build/index.js/wp-content/plugins/post-type-spotlight/build/index.css
Version Parameters
post-type-spotlight/build/index.js?ver=post-type-spotlight/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-post-type-spotlight-featured-listis-featured-postpost-type-spotlight-featured-post
Data Attributes
data-namespace="post-type-spotlight/featured-list"data-querytypedata-perpagedata-orderbydata-order
JS Globals
postTypeSpotlightpts_featured_post_types_settings
REST Endpoints
/wp-json/post-type-spotlight/v1/all
FAQ

Frequently Asked Questions about Post Type Spotlight