WP-Safety

Ruven Themes: Post Formats UI Security & Risk Analysis

wordpress.org/plugins/ruven-themes-post-formats-ui

RT Post Formats UI provides a UI for post formats.

10 active installs v1.0 PHP + WP 3.5.0+ Updated Sep 5, 2014
post-formatspost-formats-ui
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Ruven Themes: Post Formats UI Safe to Use in 2026?

Generally Safe

Score 85/100

Ruven Themes: Post Formats UI has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "ruven-themes-post-formats-ui" v1.0 plugin presents a mixed security posture. On one hand, it demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerability history, suggesting a generally well-maintained codebase in the past. However, significant concerns arise from the static analysis. The presence of two AJAX handlers without authentication checks creates a direct attack surface, allowing unauthenticated users to potentially trigger plugin functionality. Furthermore, the identified taint analysis flows with unsanitized paths, specifically two high-severity flows, indicate a risk of malicious input being processed without proper sanitization, which could lead to vulnerabilities if these flows are tied to the unprotected AJAX handlers. The use of `unserialize` is also a point of concern, especially when combined with unsanitized input, as it can lead to remote code execution vulnerabilities. While the plugin has no known CVEs, the identified code signals and taint flows point to potential weaknesses that could be exploited.

Key Concerns

  • AJAX handlers without auth checks
  • Taint flows with unsanitized paths (High severity)
  • Dangerous function: unserialize
  • Low percentage of properly escaped output
Vulnerabilities
None known

Ruven Themes: Post Formats UI Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Ruven Themes: Post Formats UI Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
48
13 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$datetime = unserialize( $meta_value );includes\cmb\helpers\cmb_Meta_Box_types.php:486

SQL Query Safety

100% prepared2 total queries

Output Escaping

21% escaped61 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
sanitize_field (includes\cmb\init.php:641)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Ruven Themes: Post Formats UI Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_cmb_oembed_handlerincludes\cmb\init.php:1045
noprivwp_ajax_cmb_oembed_handlerincludes\cmb\init.php:1046
WordPress Hooks 21
filtercmb_meta_boxesincludes\cmb\example-functions.php:11
actioninitincludes\cmb\example-functions.php:406
filterget_post_metadataincludes\cmb\helpers\cmb_Meta_Box_ajax.php:112
filterupdate_post_metadataincludes\cmb\helpers\cmb_Meta_Box_ajax.php:114
filtercmb_show_onincludes\cmb\init.php:171
actionadmin_enqueue_scriptsincludes\cmb\init.php:175
actionadmin_menuincludes\cmb\init.php:178
actionadd_attachmentincludes\cmb\init.php:179
actionedit_attachmentincludes\cmb\init.php:180
actionsave_postincludes\cmb\init.php:181
actionadmin_enqueue_scriptsincludes\cmb\init.php:182
actionadmin_headincludes\cmb\init.php:185
actionshow_user_profileincludes\cmb\init.php:200
actionedit_user_profileincludes\cmb\init.php:201
actionpersonal_options_updateincludes\cmb\init.php:203
actionedit_user_profile_updateincludes\cmb\init.php:204
actionadmin_headincludes\cmb\init.php:207
actioninitruven-themes-post-formats-ui.php:31
filtercmb_meta_boxesruven-themes-post-formats-ui.php:32
actionadmin_enqueue_scriptsruven-themes-post-formats-ui.php:33
actionplugins_loadedruven-themes-post-formats-ui.php:36
Maintenance & Trust

Ruven Themes: Post Formats UI Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedSep 5, 2014
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Ruven Themes: Post Formats UI Alternatives

Bulk Convert Post Format

Bulk Convert Post Format

bulk-convert-post-format

A
100

Bulk convert posts in a category to a selected post format.

100 No CVEs
IFTTT Post Formats & Post Types

IFTTT Post Formats & Post Types

ifttt-post-formats

A
85

Set a post format or post type for your IFTTT-created posts via a post format or post type category.

80 No CVEs
Better Formats

Better Formats

better-formats

A
85

Improves the UI for WordPress's built-in post formats.

30 No CVEs
McNinja Post Styles

McNinja Post Styles

mcninja-post-styles

A
85

It's like Post Formats, but actually useful. Every post is unique, start treating them that way.

20 No CVEs
Disable Post Format UI

Disable Post Format UI

disable-post-format-ui

A
85

Disables the post format UI on the edit post screen.

10 No CVEs
Developer Profile

Ruven Themes: Post Formats UI Developer Profile

Ruven

5 plugins · 80 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Ruven Themes: Post Formats UI

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ruven-themes-post-formats-ui/includes/jquery.cmb-toggler.js
Script Paths
/wp-content/plugins/ruven-themes-post-formats-ui/includes/jquery.cmb-toggler.js
Version Parameters
ruven-themes-post-formats-ui/includes/jquery.cmb-toggler.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-cmb-toggler
JS Globals
rt_post_formats_ui
FAQ

Frequently Asked Questions about Ruven Themes: Post Formats UI