Does Sortable Sticky Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Sortable Sticky Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Sortable Sticky Posts compatible with WordPress 3.6.1?

According to WordPress.org data, Sortable Sticky Posts 1.0 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Sortable Sticky Posts updated?

Sortable Sticky Posts was last updated on May 1, 2013. Frequent updates are generally a positive security signal.

What is Sortable Sticky Posts's security score?

Sortable Sticky Posts has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sortable Sticky Posts Security & Risk Analysis

wordpress.org/plugins/sortable-sticky-posts

Adds drag and drop Sticky Post sorting to the Settings > Reading Page. WordPress likes to store Stickies in order they were stickied.

30 active installs v1.0 PHP + WP 3.5.1+ Updated May 1, 2013

postsstickiessticky

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Sortable Sticky Posts Safe to Use in 2026?

Generally Safe

Score 85/100

Sortable Sticky Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The sortable-sticky-posts plugin version 1.0 presents a generally good security posture with several strengths. The absence of known vulnerabilities (CVEs) and a clean vulnerability history are positive indicators. Furthermore, the code analysis reveals no dangerous functions, external HTTP requests, or file operations, and all SQL queries utilize prepared statements, which are excellent security practices.

However, there are notable areas of concern. The plugin has a total of 1 entry point which is an AJAX handler, and it has no capability checks. While a nonce check is present for this handler, the lack of capability checks means that any authenticated user, regardless of their role or permissions, could potentially interact with this AJAX endpoint, leading to unintended actions or information exposure. The most significant weakness identified is the output escaping; none of the identified outputs are properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output without sanitization.

In conclusion, while the plugin avoids common pitfalls like SQL injection and lacks a history of critical flaws, the absence of capability checks on its sole AJAX endpoint and the complete lack of output escaping are significant weaknesses that require immediate attention. The presence of a nonce check is a partial mitigation, but XSS remains a substantial risk.

Key Concerns

AJAX handler without capability checks
Outputs are not properly escaped

Vulnerabilities

None known

Sortable Sticky Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Sortable Sticky Posts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

dr_sort_stickies (wp-sortable-stickies.php:108)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Sortable Sticky Posts Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_dr-sort-stickieswp-sortable-stickies.php:23

WordPress Hooks 4

actionadmin_initwp-sortable-stickies.php:19

actionadmin_enqueue_scriptswp-sortable-stickies.php:20

actionadmin_headwp-sortable-stickies.php:21

actionadmin_headwp-sortable-stickies.php:22

Maintenance & Trust

Sortable Sticky Posts Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedMay 1, 2013

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings2

Active installs30

Alternatives

Sortable Sticky Posts Alternatives

Ultimate Posts Widget

ultimate-posts-widget

The ultimate widget for displaying posts, custom post types or sticky posts with an array of options.

10K 1 CVE

Expire Sticky Posts

expire-sticky-posts

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, it will no longer be sticky.

1K No CVEs

Swifty Bar, sticky bar by WPGens

swifty-bar

Adds sticky bar at the bottom of post that shows category,post title, author, time needed to read article, share buttons and previous/next post links

400 1 CVE

Content Scheduler

content-scheduler

Schedule content to automatically expire and change at a certain time, and notify people of expiration.

200 No CVEs

Sticky Posts Expire

sticky-posts-expire

A simple plugin that allows you to set an expiration date on posts. Once a post is expired, it will no longer be sticky.

100 No CVEs

Developer Profile

Sortable Sticky Posts Developer Profile

Aaron Brazell

4 plugins · 60 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

4008 days

View full developer profile

Detection Fingerprints

How We Detect Sortable Sticky Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sortable-sticky-posts/sortable-sticky-posts.php

HTML / DOM Fingerprints

CSS Classes

dr-sticky-listdr-sticky-sorter-container

Data Attributes

data-postid

JS Globals

ajaxurl

FAQ