WP-Safety

Radio Buttons for Taxonomies Security & Risk Analysis

wordpress.org/plugins/radio-buttons-for-taxonomies

Replace the default taxonomy boxes with a custom metabox that uses radio buttons... effectively limiting each post to a single term in that taxonomy.

20K active installs v2.4.7 PHP + WP 4.5.0+ Updated Jan 28, 2025
admininterfaceposttaxonomyui
92
A · Safe
CVEs total1
Unpatched0
Last CVESep 16, 2020
Plugin page Download
Safety Verdict

Is Radio Buttons for Taxonomies Safe to Use in 2026?

Generally Safe

Score 92/100

Radio Buttons for Taxonomies has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 16, 2020Updated 1yr ago
Risk Assessment

The 'radio-buttons-for-taxonomies' plugin v2.4.7 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and includes a reasonable number of nonce and capability checks, there are significant concerns regarding its attack surface. The static analysis reveals one AJAX handler that lacks authentication checks, presenting a clear entry point for potential exploitation. Taint analysis shows no critical or high-severity flows, which is a positive sign, but the absence of flows does not negate the presence of unprotected entry points.

The plugin's vulnerability history shows one previously disclosed medium-severity CVE, identified as Cross-Site Request Forgery (CSRF). The fact that this vulnerability is now patched is encouraging, but it highlights a past weakness. The lack of recent vulnerabilities is positive, however, the presence of an unprotected AJAX handler remains a prominent risk that could be leveraged for various attacks if exploited in conjunction with other potential weaknesses not immediately apparent from this data.

In conclusion, while the plugin has strengths in its SQL handling and has addressed past vulnerabilities, the unprotected AJAX handler is a critical flaw that significantly lowers its security score. This single unprotected entry point demands immediate attention. The overall security could be considered average to below-average due to this specific, exploitable gap. Further investigation into the functionality of this unprotected AJAX handler would be prudent.

Key Concerns

  • Unprotected AJAX handler found
  • Medium severity CVE in history
  • Output escaping is not fully robust (58% properly escaped)
Vulnerabilities
1

Radio Buttons for Taxonomies Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2020-36740medium · 4.3Cross-Site Request Forgery (CSRF)

Radio Buttons for Taxonomies <= 2.0.5 - Cross-Site Request Forgery Bypass

Sep 16, 2020 Patched in 2.0.6 (1224d)
Code Analysis
Analyzed Mar 16, 2026

Radio Buttons for Taxonomies Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
27
37 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

58% escaped64 total outputs
Attack Surface
1 unprotected

Radio Buttons for Taxonomies Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_inline-saveinc\class-wordpress-radio-taxonomy.php:62
WordPress Hooks 18
actionplugins_loadedinc\class-rb4t-compatibility.php:54
actionadd_meta_boxesinc\class-wordpress-radio-taxonomy.php:46
filterwp_terms_checklist_argsinc\class-wordpress-radio-taxonomy.php:49
actionsave_postinc\class-wordpress-radio-taxonomy.php:57
actionedit_attachmentinc\class-wordpress-radio-taxonomy.php:58
actionload-edit.phpinc\class-wordpress-radio-taxonomy.php:61
filterget_termsinc\class-wordpress-radio-taxonomy.php:266
filtermlp_mutually_exclusive_taxonomiesinc\modules\class-rb4t-multilingualpress-compatibility.php:23
filterwpseo_primary_term_taxonomiesinc\modules\class-rb4t-wpseo-compatibility.php:25
actioninitradio-buttons-for-taxonomies.php:113
actionwp_loadedradio-buttons-for-taxonomies.php:116
actionadmin_initradio-buttons-for-taxonomies.php:119
actionadmin_menuradio-buttons-for-taxonomies.php:122
actionadmin_enqueue_scriptsradio-buttons-for-taxonomies.php:125
actionenqueue_block_editor_assetsradio-buttons-for-taxonomies.php:128
filterplugin_row_metaradio-buttons-for-taxonomies.php:134
actionrest_api_initradio-buttons-for-taxonomies.php:137
filterget_the_termsradio-buttons-for-taxonomies.php:140
Maintenance & Trust

Radio Buttons for Taxonomies Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.0
Last updatedJan 28, 2025
PHP min version
Downloads336K

Community Trust

Rating100/100
Number of ratings50
Active installs20K
Alternatives

Radio Buttons for Taxonomies Alternatives

Single Taxonomy Selector

Single Taxonomy Selector

single-taxonomy-selector

A
92

A powerful plugin that simplifies taxonomy term selection by enabling users to select a single parent term and its child terms with flexible selection &hellip;

10 No CVEs
Admin Taxonomy Filter

Admin Taxonomy Filter

admin-taxonomy-filter

A
100

Filter posts or custom post types in the admin area by custom taxonomies.

5K No CVEs
Post Category Filter (WP Admin)

Post Category Filter (WP Admin)

admin-category-filter

A
100

Quickly search and filter categories and taxonomies inside the WordPress admin.

1K No CVEs
Require Post Category

Require Post Category

require-post-category

A
92

Require users to choose a post category before updating or publishing a post.

1K No CVEs
Taxonomy Tags to Checkboxes

Taxonomy Tags to Checkboxes

runthings-taxonomy-tags-to-checkboxes

A
100

Convert taxonomy tags to checkboxes in the WordPress admin area.

1K No CVEs
Developer Profile

Radio Buttons for Taxonomies Developer Profile

HelgaTheViking

6 plugins · 99K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
657 days
View full developer profile
Detection Fingerprints

How We Detect Radio Buttons for Taxonomies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/radio-buttons-for-taxonomies/inc/class-wordpress-radio-taxonomy.php/wp-content/plugins/radio-buttons-for-taxonomies/inc/class-walker-category-radio.php/wp-content/plugins/radio-buttons-for-taxonomies/inc/class-rb4t-compatibility.php/wp-content/plugins/radio-buttons-for-taxonomies/js/radiotax.js/wp-content/plugins/radio-buttons-for-taxonomies/js/radiotax.min.js/wp-content/plugins/radio-buttons-for-taxonomies/css/admin.css/wp-content/plugins/radio-buttons-for-taxonomies/css/admin.min.css/wp-content/plugins/radio-buttons-for-taxonomies/build/index.js
Script Paths
js/radiotax.jsjs/radiotax.min.jsbuild/index.js
Version Parameters
radio-buttons-for-taxonomies/js/radiotax.js?ver=radio-buttons-for-taxonomies/js/radiotax.min.js?ver=radio-buttons-for-taxonomies/css/admin.css?ver=radio-buttons-for-taxonomies/css/admin.min.css?ver=radio-buttons-for-taxonomies/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
rb4t-options-wraprb4t-taxonomy-settings
Data Attributes
data-taxonomydata-post-id
JS Globals
rb4t_post_idrb4t_termsrb4t_active_taxonomies
REST Endpoints
/wp-json/radio-buttons-for-taxonomies/v1/terms
FAQ

Frequently Asked Questions about Radio Buttons for Taxonomies