Does PublishPress Statuses – Custom Post Status and Workflow have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is PublishPress Statuses – Custom Post Status and Workflow compatible with WordPress 6.9.4?

According to WordPress.org data, PublishPress Statuses – Custom Post Status and Workflow 1.2.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PublishPress Statuses – Custom Post Status and Workflow compatible with PHP 7.2.5+?

PublishPress Statuses – Custom Post Status and Workflow requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

PublishPress Statuses – Custom Post Status and Workflow Security & Risk Analysis

wordpress.org/plugins/publishpress-statuses

The PublishPress Statuses plugin allows you to create additional statuses for your posts. You can use each status to create publishing workflows.

1K active installs v1.2.4 PHP 7.2.5+ WP 5.5+ Updated Apr 9, 2026

archived-statuscustom-statusespending-reviewstatus-managerworkflow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PublishPress Statuses – Custom Post Status and Workflow Safe to Use in 2026?

Generally Safe

Score 100/100

PublishPress Statuses – Custom Post Status and Workflow has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The PublishPress Statuses plugin v1.2.4 exhibits a generally positive security posture, with a strong emphasis on output escaping and a significant number of capability checks. The absence of known CVEs and taint analysis findings indicates good development practices regarding common vulnerability types. However, the presence of two unprotected AJAX handlers represents a notable concern. These entry points, without proper authentication or authorization checks, could be exploited by attackers to perform unintended actions or access sensitive data. While the majority of SQL queries use prepared statements, and there are no indications of dangerous functions or file operations, these unprotected AJAX endpoints remain a significant weakness in an otherwise well-secured plugin.

Key Concerns

2 unprotected AJAX handlers

Vulnerabilities

None known

PublishPress Statuses – Custom Post Status and Workflow Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PublishPress Statuses – Custom Post Status and Workflow Release Timeline

v1.2.4Current

v1.2.3

v1.2.2

v1.2.0

v1.1.14

v1.1.14-rc

v1.1.13

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.1.7

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.0.9

v1.0.8

Code Analysis

Analyzed Mar 16, 2026

PublishPress Statuses – Custom Post Status and Workflow Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

467 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared3 total queries

Output Escaping

91% escaped512 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

handleEditCustomStatus (StatusHandler.php:212)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

PublishPress Statuses – Custom Post Status and Workflow Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_pp_get_selectable_statusesPublishPress_Statuses.php:115

authwp_ajax_pp_set_workflow_actionPublishPress_Statuses.php:116

authwp_ajax_pp_update_status_positionsPublishPress_Statuses.php:118

authwp_ajax_pp_delete_custom_statusPublishPress_Statuses.php:119

WordPress Hooks 105

actionadmin_menuAdmin.php:11

filterplugin_row_metaAdmin.php:13

actionadmin_print_stylesAdmin.php:31

actionadmin_enqueue_scriptsAdmin.php:32

filterdisplay_post_statesAdmin.php:34

actionpublishpress_statuses_maintenance_doneAdmin.php:917

actionshutdownAdmin.php:918

actionpublishpress_statuses_maintenance_doneAdmin.php:938

actionshutdownAdmin.php:939

actionpublishpress_statuses_maintenance_doneAdmin.php:962

actionshutdownAdmin.php:963

actionpublishpress_statuses_maintenance_doneAdmin.php:986

actionshutdownAdmin.php:987

actionpublishpress_statuses_maintenance_doneAdmin.php:1010

actionshutdownAdmin.php:1011

actionpublishpress_statuses_maintenance_doneAdmin.php:1034

actionshutdownAdmin.php:1035

actionpublishpress_statuses_maintenance_doneAdmin.php:1064

actionshutdownAdmin.php:1065

actionpublishpress_statuses_maintenance_doneAdmin.php:1094

actionshutdownAdmin.php:1095

actionpublishpress_statuses_maintenance_doneAdmin.php:1124

actionshutdownAdmin.php:1125

actionpublishpress_statuses_maintenance_doneAdmin.php:1154

actionshutdownAdmin.php:1155

actionpublishpress_statuses_maintenance_doneAdmin.php:1185

actionshutdownAdmin.php:1186

actionpublishpress_statuses_maintenance_doneAdmin.php:1218

actionshutdownAdmin.php:1219

actionpublishpress_statuses_maintenance_doneAdmin.php:1255

actionshutdownAdmin.php:1256

actionpublishpress_statuses_maintenance_doneAdmin.php:1286

actionshutdownAdmin.php:1287

actionpublishpress_statuses_maintenance_doneAdmin.php:1359

actionshutdownAdmin.php:1360

actioninitincludes-core\Core.php:9

filterpublishpress_wp_reviews_display_banner_publishpress-statusesincludes-core\Core.php:24

actionadmin_menuincludes-core\CoreAdmin.php:9

actionadmin_print_scriptsincludes-core\CoreAdmin.php:11

actionpublishpress_statuses_settings_sidebarincludes-core\CoreAdmin.php:13

filterpublishpress_statuses_settings_sidebar_classincludes-core\CoreAdmin.php:14

actionadmin_initLibWordPressReviews.php:31

filterpublishpress-statuses_wp_reviews_allow_display_noticeLibWordPressReviews.php:36

actionenqueue_block_editor_assetsPostEdit.php:12

actionadd_meta_boxesPostEdit.php:16

actionadmin_print_scriptsPostEdit.php:18

actionadmin_enqueue_scriptsPostEdit.php:20

actionadmin_headPostEdit.php:31

actionadmin_print_scriptsPostEditClassic.php:12

actionadmin_headPostEditClassic.php:13

actionadmin_print_scriptsPostEditGutenberg.php:107

filtermanage_posts_columnsPostsListing.php:13

filtermanage_pages_columnsPostsListing.php:14

actionmanage_posts_custom_columnPostsListing.php:16

actionmanage_pages_custom_columnPostsListing.php:17

actionadmin_print_footer_scriptsPostsListing.php:20

actionplugins_loadedPostsListing.php:22

actionthe_postPostsListing.php:26

actionadmin_noticespublishpress-statuses.php:52

actionadmin_noticespublishpress-statuses.php:69

filterplugin_row_metapublishpress-statuses.php:113

actionadmin_noticespublishpress-statuses.php:173

actionadmin_noticespublishpress-statuses.php:190

actionadmin_noticespublishpress-statuses.php:207

actioninitpublishpress-statuses.php:256

actionplugins_loadedpublishpress-statuses.php:276

filterpresspermit_get_post_statusesPublishPress_Statuses.php:121

filter_presspermit_get_post_statusesPublishPress_Statuses.php:122

filterpresspermit_order_statusesPublishPress_Statuses.php:124

filterpre_post_IDPublishPress_Statuses.php:129

filterwp_insert_post_empty_contentPublishPress_Statuses.php:137

filterpre_post_statusPublishPress_Statuses.php:147

filterpublishpress_statuses_default_visibilityPublishPress_Statuses.php:148

actionuser_has_capPublishPress_Statuses.php:150

filterget_user_metadataPublishPress_Statuses.php:152

filterrest_pre_dispatchPublishPress_Statuses.php:153

actionrest_api_initPublishPress_Statuses.php:154

filterpre_post_statusPublishPress_Statuses.php:156

filterwp_insert_post_dataPublishPress_Statuses.php:157

filterwp_insert_post_dataPublishPress_Statuses.php:158

filtercme_plugin_capabilitiesPublishPress_Statuses.php:160

filtercme_capability_descriptionsPublishPress_Statuses.php:161

filtershortpixel_critical_css_manual_term_cssPublishPress_Statuses.php:164

actionpp_statuses_initPublishPress_Statuses.php:230

actioninitPublishPress_Statuses.php:241

actionadmin_initPublishPress_Statuses.php:438

filterpresspermit_rest_post_typeREST.php:134

filterpresspermit_rest_post_idREST.php:135

filterpresspermit_edit_status_default_tabStatusesUI.php:30

actionadmin_initStatusesUI.php:34

actionadmin_initStatusesUI.php:38

actioninitStatusesUI.php:49

filteradmin_titleStatusesUI.php:117

actioninitStatusesUI.php:121

actionpublishpress_header_buttonStatusesUI.php:1091

actionadmin_footerStatusListTable.php:35

filterpreview_post_linkWorkarounds.php:8

filterpost_linkWorkarounds.php:9

filterpage_linkWorkarounds.php:10

filterpost_type_linkWorkarounds.php:11

filterget_sample_permalinkWorkarounds.php:12

filterget_sample_permalink_htmlWorkarounds.php:13

filterpost_row_actionsWorkarounds.php:14

filterpage_row_actionsWorkarounds.php:15

filterwp_insert_post_dataWorkarounds.php:17

Maintenance & Trust

PublishPress Statuses – Custom Post Status and Workflow Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 9, 2026

PHP min version7.2.5

Downloads39K

Community Trust

Rating100/100

Number of ratings4

Active installs1K

Alternatives

PublishPress Statuses – Custom Post Status and Workflow Alternatives

Pending Status

pending-status

Get notified when your site has posts pending review.

100 No CVEs

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

200K 2 CVEs

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 7 CVEs

Zapier for WordPress

zapier

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs

Edit Flow

edit-flow

100

Redefining your editorial workflow.

5K No CVEs

Developer Profile

PublishPress Statuses – Custom Post Status and Workflow Developer Profile

PublishPress

11 plugins · 272K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

242 days

View full developer profile

Detection Fingerprints

How We Detect PublishPress Statuses – Custom Post Status and Workflow

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/publishpress-statuses/assets/css/statuses.css/wp-content/plugins/publishpress-statuses/assets/js/statuses.js/wp-content/plugins/publishpress-statuses/assets/js/admin-script.js

Script Paths

/wp-content/plugins/publishpress-statuses/assets/js/statuses.js/wp-content/plugins/publishpress-statuses/assets/js/admin-script.js

Version Parameters

publishpress-statuses/assets/css/statuses.css?ver=publishpress-statuses/assets/js/statuses.js?ver=publishpress-statuses/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

publishpress-statuses-admin

Data Attributes

data-statuses-plugin-settings

JS Globals

PublishPressStatuses

REST Endpoints

/wp-json/publishpress-statuses/v1/statuses

FAQ