Does Post Types Order have any unpatched vulnerabilities?

No. All known vulnerabilities in Post Types Order have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Post Types Order compatible with WordPress 6.9.4?

According to WordPress.org data, Post Types Order 2.4.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Post Types Order compatible with PHP 5.6+?

Post Types Order requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Post Types Order updated?

Post Types Order was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Post Types Order's security score?

Post Types Order has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Post Types Order Security & Risk Analysis

wordpress.org/plugins/post-types-order

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K active installs v2.4.6 PHP 5.6+ WP 2.8+ Updated Mar 13, 2026

post-orderpost-sortpost-types-orderposts-orderposts-sort

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Post Types Order Safe to Use in 2026?

Generally Safe

Score 100/100

Post Types Order has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The post-types-order v2.4.6 plugin exhibits a generally strong security posture, as indicated by the static analysis and vulnerability history. A key strength is the complete absence of any known CVEs, suggesting a history of good security practices and timely patching by the developers. The code analysis reveals a small attack surface, with all identified entry points protected by authentication checks. Furthermore, the plugin makes excellent use of prepared statements for all SQL queries, a critical defense against SQL injection vulnerabilities. The overwhelming majority of output is properly escaped, mitigating cross-site scripting (XSS) risks. Taint analysis also shows no concerning flows with unsanitized data. However, a minor area for improvement lies in the output escaping, where a small percentage (10%) is not properly escaped, potentially leaving a small window for XSS if specific outputs are user-controlled and not adequately sanitized at the source. While the current version shows no critical or high-severity issues, maintaining this high standard with continued vigilance is important.

Key Concerns

10% of outputs not properly escaped

Vulnerabilities

None known

Post Types Order Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Post Types Order Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

90% escaped42 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

saveArchiveAjaxOrder (include\class.cpto.php:439)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Post Types Order Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_update-custom-type-orderinclude\class.cpto.php:47

authwp_ajax_update-custom-type-order-archiveinclude\class.cpto.php:48

WordPress Hooks 24

filterpto/posts_orderby/ignorecompatibility\acf.php:27

filterpto/posts_orderby/ignorecompatibility\formidable.php:23

actionPTO/order_update_completecompatibility\LiteSpeed_Cache.php:22

filterpto/posts_orderby/ignorecompatibility\the-events-calendar.php:21

filterpto/posts_orderby/ignorecompatibility\themes\enfold.php:20

actionadmin_noticesinclude\class.cpto.php:23

filterinitinclude\class.cpto.php:25

filterpre_get_postsinclude\class.cpto.php:27

filterposts_orderbyinclude\class.cpto.php:28

actionadmin_initinclude\class.cpto.php:39

actionadmin_menuinclude\class.cpto.php:40

actionadmin_menuinclude\class.cpto.php:42

actionadmin_enqueue_scriptsinclude\class.cpto.php:45

filterplugin_action_links_post-types-order/post-types-order.phpinclude\class.cpto.php:50

filternetwork_admin_plugin_action_links_post-types-order/post-types-order.phpinclude\class.cpto.php:51

filterget_previous_post_whereinclude\class.cpto.php:80

filterget_previous_post_sortinclude\class.cpto.php:81

filterget_next_post_whereinclude\class.cpto.php:82

filterget_next_post_sortinclude\class.cpto.php:83

actionadmin_initinclude\class.interface.php:24

actionadmin_noticesinclude\class.options.php:51

actionplugins_loadedpost-types-order.php:32

actionplugins_loadedpost-types-order.php:43

actionwp_loadedpost-types-order.php:74

Maintenance & Trust

Post Types Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version5.6

Downloads16.1M

Community Trust

Rating90/100

Number of ratings296

Active installs600K

Alternatives

Post Types Order Alternatives

GR Order Category Post

gr-order-category-post

This plugin let you change the order from a category to an alphabetical order (A-Z).

200 No CVEs

GNA Post Order

gna-post-order

Post order and custom post type objects (posts, any custom post types) using a drag and drop sortable javascript ajax user interface.

100 No CVEs

Reshuffle – Change Post Order, Product Order, Taxonomy Order

reshuffle

Reorder posts, products, and taxonomy terms via a drag-and-drop interface.

40 No CVEs

Selected Categories Post Ordering

selected-categories-post-ordering

Simple plugin to change the order of your posts for selected categories! Posts of selected categories will be displayed in chronological order.

0 No CVEs

Intuitive Custom Post Order

intuitive-custom-post-order

Intuitively reorder Posts, Pages, Custom Post Types, Taxonomies, and Sites with a simple drag-and-drop interface.

400K 4 CVEs

Developer Profile

Post Types Order Developer Profile

nsp-code

5 plugins · 1.2M total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1630 days

View full developer profile

Detection Fingerprints

How We Detect Post Types Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/post-types-order/js/jquery.ui.core.min.js/wp-content/plugins/post-types-order/js/jquery.ui.mouse.min.js/wp-content/plugins/post-types-order/js/jquery.ui.sortable.min.js/wp-content/plugins/post-types-order/js/scripts.js/wp-content/plugins/post-types-order/css/admin.css/wp-content/plugins/post-types-order/css/style.css/wp-content/plugins/post-types-order/js/jquery.tablednd.js/wp-content/plugins/post-types-order/js/admin.js

Script Paths

/wp-content/plugins/post-types-order/js/jquery.ui.core.min.js/wp-content/plugins/post-types-order/js/jquery.ui.mouse.min.js/wp-content/plugins/post-types-order/js/jquery.ui.sortable.min.js/wp-content/plugins/post-types-order/js/scripts.js/wp-content/plugins/post-types-order/js/jquery.tablednd.js/wp-content/plugins/post-types-order/js/admin.js

Version Parameters

post-types-order/css/admin.css?ver=post-types-order/css/style.css?ver=post-types-order/js/jquery.ui.core.min.js?ver=post-types-order/js/jquery.ui.mouse.min.js?ver=post-types-order/js/jquery.ui.sortable.min.js?ver=post-types-order/js/scripts.js?ver=post-types-order/js/jquery.tablednd.js?ver=post-types-order/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

order-colsortable-tableorder-handle

HTML Comments

+86 more

Data Attributes

data-post-typedata-taxonomy

JS Globals

CPTOcpto_settings

FAQ