Does Posts by Taxonomy have any unpatched vulnerabilities?

No. All known vulnerabilities in Posts by Taxonomy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Posts by Taxonomy compatible with WordPress 6.7.5?

According to WordPress.org data, Posts by Taxonomy 1.0.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Posts by Taxonomy compatible with PHP 7.4+?

Posts by Taxonomy requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Posts by Taxonomy updated?

Posts by Taxonomy was last updated on Feb 19, 2025. Frequent updates are generally a positive security signal.

What is Posts by Taxonomy's security score?

Posts by Taxonomy has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Posts by Taxonomy Security & Risk Analysis

wordpress.org/plugins/posts-by-taxonomy

Display a list separated by any taxonomy via shortcode.

0 active installs v1.0.2 PHP 7.4+ WP 6.0.0+ Updated Feb 19, 2025

custom-post-displaycustom-taxonomyorder-by-taxonomy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Posts by Taxonomy Safe to Use in 2026?

Generally Safe

Score 92/100

Posts by Taxonomy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "posts-by-taxonomy" plugin v1.0.2 demonstrates a generally strong security posture based on the provided static analysis. The absence of dangerous functions, proper SQL statement preparation, and complete output escaping are commendable practices. Furthermore, the lack of file operations, external HTTP requests, and any recorded historical vulnerabilities or CVEs suggest a mature and well-maintained codebase.

However, a significant concern arises from the absence of nonce checks and capability checks. While the attack surface is currently small and there are no unprotected entry points identified in this specific analysis, the lack of these fundamental security mechanisms means that the shortcode, which is an entry point, is not adequately protected against potential cross-site request forgery (CSRF) or unauthorized access if it were to be extended or modified in the future. The total absence of taint analysis results also makes it difficult to definitively rule out all potential vulnerabilities that might arise from complex data flows.

In conclusion, the plugin exhibits excellent coding practices in several key areas, leading to a low immediate risk. Nevertheless, the missing nonce and capability checks represent a notable weakness that, while not currently exploited, leaves the plugin vulnerable to potential future attacks if the attack surface expands or if vulnerabilities are introduced. Addressing these checks would significantly enhance the plugin's overall security.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Posts by Taxonomy Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Posts by Taxonomy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped8 total outputs

Attack Surface

Posts by Taxonomy Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[bbwd-post-display] posts-by-taxonomy.php:76

WordPress Hooks 1

actionwp_enqueue_scriptsposts-by-taxonomy.php:74

Maintenance & Trust

Posts by Taxonomy Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 19, 2025

PHP min version7.4

Downloads839

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Posts by Taxonomy Alternatives

List Custom Taxonomy Widget

list-custom-taxonomy-widget

The List Custom Taxonomy Widget is a quick and easy way to display custom taxonomies. Simply choose the taxonomy name you want to display from an auto …

9K 1 CVE

Real Custom Post Order: Create a custom order for your content

real-custom-post-order

100

Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!

9K No CVEs

Categories in Hierarchical Order

categories-in-hierarchical-order

Categories in Hierarchical Order plugin maintains the hierarchical order of categories list in the Category tab under your WordPress Admin Post Editor …

2K No CVEs

Easy Post Types and Fields

easy-post-types-fields

100

Easy Post Types and Fields makes it quick and easy to add custom post types, custom fields, and taxonomies to your WordPress website.

1K No CVEs

Remove Taxonomy Url

remove-taxonomy-url

This is a purpose-oriented plugin that simply removes the taxonomy slugs from URL.

1K No CVEs

Developer Profile

Posts by Taxonomy Developer Profile

Bright Bridge Web

2 plugins · 0 total installs

trust score

Avg Security Score

96/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Posts by Taxonomy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/posts-by-taxonomy/assets/bbwd-styles.css

HTML / DOM Fingerprints

CSS Classes

bbwd-post-masterbbwd-tag-wrapbbwd-flexbbwd-full-centerbbwd-title-containerbbwd-tag-linebbwd-post-tag-titlebbwd-post-child+6 more

Data Attributes

data-post-typedata-taxonomydata-post-per-sectiondata-fallbackdata-s-and-fdata-exclude+1 more

Shortcode Output

[bbwd-post-display

FAQ