WP-Safety

SORTD Security & Risk Analysis

wordpress.org/plugins/sortd

Introducing The Most Advanced and Intuitive WordPress plug-in to build Progressive Web Apps & Accelerated Mobile Pages for content websites.

50 active installs v3.0.7 PHP 5.6+ WP 5.3+ Updated Feb 26, 2025
ampmobile-sitemobile-friendlyprogressive-web-apppwa
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SORTD Safe to Use in 2026?

Generally Safe

Score 92/100

SORTD has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "sortd" v3.0.7 plugin exhibits a concerning security posture, primarily due to an extremely large and unprotected attack surface. With 91 AJAX handlers, all of which lack authentication checks, there is a significant risk of unauthorized actions being performed by unauthenticated users. While the static analysis indicates good practices in other areas, such as 100% of SQL queries using prepared statements and 91% of outputs being properly escaped, these strengths are overshadowed by the critical flaw in its AJAX endpoint security. The taint analysis also identified 3 flows with unsanitized paths, though they are not categorized as critical or high severity, these still warrant investigation as they represent potential avenues for injection vulnerabilities.

The plugin's vulnerability history is notably clean, with no recorded CVEs. This absence of past vulnerabilities could suggest either rigorous past security practices or simply a lack of successful past exploitation attempts. However, given the significant number of unprotected entry points, this clean history should not be seen as a guarantee of current security. The plugin does utilize 111 nonce checks, but these are clearly not being enforced on the vast majority of its AJAX handlers.

In conclusion, while "sortd" v3.0.7 demonstrates strengths in SQL querying and output escaping, its security is severely compromised by the overwhelming presence of unprotected AJAX endpoints. This massive attack surface without proper authorization checks presents a critical risk to any WordPress site using it. The presence of unsanitized paths in the taint analysis further amplifies these concerns, demanding immediate attention to secure these entry points.

Key Concerns

  • 91 unprotected AJAX handlers
  • 3 flows with unsanitized paths
Vulnerabilities
None known

SORTD Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SORTD Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
278
2763 escaped
Nonce Checks
111
Capability Checks
1
File Operations
2
External Requests
5
Bundled Libraries
3

Bundled Libraries

Select2DataTablesjQuery

SQL Query Safety

100% prepared2 total queries

Output Escaping

91% escaped3041 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

25 flows3 with unsanitized paths
manual_sync_article (admin\class-sortd-article.php:236)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
91 unprotected

SORTD Attack Surface

Entry Points91
Unprotected91

AJAX Handlers 91

authwp_ajax_sortd_ajax_manual_syncadmin\class-sortd-article.php:72
authwp_ajax_unsync_articleadmin\class-sortd-article.php:73
authwp_ajax_sync_articles_in_bulkadmin\class-sortd-article.php:74
authwp_ajax_sortd_update_bulk_countadmin\class-sortd-article.php:75
authwp_ajax_sortd_update_bulk_flagadmin\class-sortd-article.php:76
authwp_ajax_unsync_articles_in_bulkadmin\class-sortd-article.php:77
authwp_ajax_update_bulk_unsync_countadmin\class-sortd-article.php:78
authwp_ajax_sortd_update_bulk_unsync_flagadmin\class-sortd-article.php:79
authwp_ajax_sync_webstoryadmin\class-sortd-article.php:80
authwp_ajax_unsync_webstoryadmin\class-sortd-article.php:81
authwp_ajax_bulk_sync_webstoriesadmin\class-sortd-article.php:82
authwp_ajax_update_bulk_count_webstoryadmin\class-sortd-article.php:83
authwp_ajax_update_bulk_flag_webstoryadmin\class-sortd-article.php:84
authwp_ajax_bulk_unsync_webstoriesadmin\class-sortd-article.php:85
authwp_ajax_update_bulk_count_webstory_unsyncadmin\class-sortd-article.php:86
authwp_ajax_update_bulk_flag_webstory_unsyncadmin\class-sortd-article.php:87
authwp_ajax_get_data_articleadmin\class-sortd-article.php:88
authwp_ajax_rate_lateradmin\class-sortd-article.php:89
authwp_ajax_sortd_sync_tagadmin\class-sortd-article.php:90
authwp_ajax_show_not_againadmin\class-sortd-article.php:91
authwp_ajax_sortd_unsync_tagadmin\class-sortd-article.php:92
authwp_ajax_list_tagsadmin\class-sortd-article.php:93
authwp_ajax_get_data_webstoryadmin\class-sortd-article.php:94
authwp_ajax_filter_article_arrayadmin\class-sortd-article.php:95
authwp_ajax_sortd_sync_unsync_categoryadmin\class-sortd-categories.php:77
authwp_ajax_sortd_ajax_reorder_rename_categoryadmin\class-sortd-categories.php:78
authwp_ajax_sortd_ajax_rename_categoryadmin\class-sortd-categories.php:79
authwp_ajax_sortd_ajax_save_reorder_categoryadmin\class-sortd-categories.php:80
authwp_ajax_get_cat_childrenadmin\class-sortd-categories.php:81
authwp_ajax_get_all_heirarchy_cat_childrenadmin\class-sortd-categories.php:82
authwp_ajax_check_for_syncedadmin\class-sortd-categories.php:83
authwp_ajax_get_categoriesadmin\class-sortd-categories.php:84
authwp_ajax_sortd_category_url_redirectionadmin\class-sortd-categories.php:85
authwp_ajax_sortd_article_url_redirectionadmin\class-sortd-categories.php:86
authwp_ajax_sync_web_catadmin\class-sortd-categories.php:87
authwp_ajax_unsync_web_catadmin\class-sortd-categories.php:88
authwp_ajax_list_web_catsadmin\class-sortd-categories.php:89
authwp_ajax_refresh_custom_columnadmin\class-sortd-categories.php:90
authwp_ajax_refresh_custom_column_for_tagadmin\class-sortd-categories.php:91
authwp_ajax_check_parent_cat_syncadmin\class-sortd-categories.php:92
authwp_ajax_sortd_canonical_url_redirectionadmin\class-sortd-categories.php:93
authwp_ajax_sortd_sync_taxonomy_typeadmin\class-sortd-categories.php:94
authwp_ajax_sortd_get_taxonomy_viewadmin\class-sortd-categories.php:95
authwp_ajax_sortd_get_synced_taxonomytype_listadmin\class-sortd-categories.php:96
authwp_ajax_sortd_get_synced_taxonomomiesadmin\class-sortd-categories.php:97
authwp_ajax_filter_category_arrayadmin\class-sortd-categories.php:98
authwp_ajax_update_bulk_category_flagadmin\class-sortd-categories.php:99
authwp_ajax_sync_categories_in_bulkadmin\class-sortd-categories.php:100
authwp_ajax_sortd_check_for_parentadmin\class-sortd-categories.php:101
authwp_ajax_unsync_categories_in_bulkadmin\class-sortd-categories.php:102
authwp_ajax_update_bulk_unsync_count_catadmin\class-sortd-categories.php:103
authwp_ajax_sortd_update_bulk_unsync_flag_catadmin\class-sortd-categories.php:104
authwp_ajax_get_parentadmin\class-sortd-categories.php:105
authwp_ajax_sortd_ajax_config_file_uploadadmin\class-sortd-config.php:71
authwp_ajax_sortd_ajax_save_configadmin\class-sortd-config.php:72
authwp_ajax_sortd_ajax_display_group_configadmin\class-sortd-config.php:73
authwp_ajax_sortd_unsync_articleadmin\class-sortd-dashboard.php:74
authwp_ajax_sortd_restoreadmin\class-sortd-dashboard.php:75
authwp_ajax_sortd_dailyingestedarticlesadmin\class-sortd-dashboard.php:76
authwp_ajax_article-type-countadmin\class-sortd-dashboard.php:77
authwp_ajax_get_notification_stats_dashboardadmin\class-sortd-dashboard.php:78
authwp_ajax_get_config_dataadmin\class-sortd-dashboard.php:79
authwp_ajax_sortd_sync_authorsadmin\class-sortd-dashboard.php:80
authwp_ajax_webstories_countadmin\class-sortd-dashboard.php:81
authwp_ajax_sortd_create_domainadmin\class-sortd-domains.php:71
authwp_ajax_sortd_update_public_hostadmin\class-sortd-domains.php:72
authwp_ajax_generate_ssladmin\class-sortd-domains.php:73
authwp_ajax_validate_ssladmin\class-sortd-domains.php:74
authwp_ajax_deploy_cdnadmin\class-sortd-domains.php:75
authwp_ajax_verify_cnameadmin\class-sortd-domains.php:76
authwp_ajax_sortd_sync_authorsadmin\class-sortd-domains.php:77
authwp_ajax_save_shors_catadmin\class-sortd-domains.php:78
authwp_ajax_get_shors_catadmin\class-sortd-domains.php:79
authwp_ajax_sortd_send_notificationadmin\class-sortd-notifications.php:72
authwp_ajax_sortd_get_notificationsadmin\class-sortd-notifications.php:73
authwp_ajax_get_notification_statsadmin\class-sortd-notifications.php:74
authwp_ajax_sortd_build_default_configadmin\class-sortd-oneclick.php:72
authwp_ajax_sortd_sync_relevant_categoriesadmin\class-sortd-oneclick.php:73
authwp_ajax_sortd_sync_relevant_articlesadmin\class-sortd-oneclick.php:74
authwp_ajax_sortd_preview_mobile_websiteadmin\class-sortd-oneclick.php:75
authwp_ajax_save_redirection_valuesadmin\class-sortd-redirection.php:71
authwp_ajax_show_warning_msgadmin\class-sortd-redirection.php:72
authwp_ajax_get_sortd_serviceadmin\class-sortd-redirection.php:73
authwp_ajax_sortd_save_templateadmin\class-sortd-templates.php:71
authwp_ajax_get_template_idadmin\class-sortd-templates.php:72
authwp_ajax_sortd_verify_credentialsadmin\class-sortd-utils.php:72
authwp_ajax_sortd_get_contractdetailsafter_verifyadmin\class-sortd-utils.php:73
authwp_ajax_sortd_get_paid_articlesadmin\class-sortd-utils.php:74
authwp_ajax_mark_free_sortd_actionadmin\class-sortd-utils.php:75
authwp_ajax_search_based_on_filtersadmin\class-sortd-utils.php:76
authwp_ajax_get_count_after_resetadmin\class-sortd-utils.php:77
WordPress Hooks 58
actionadmin_enqueue_scriptsadmin\class-sortd-admin.php:86
actionadmin_enqueue_scriptsadmin\class-sortd-admin.php:87
actionadmin_menuadmin\class-sortd-admin.php:88
actionwp_headadmin\class-sortd-admin.php:89
filtermanage_posts_columnsadmin\class-sortd-admin.php:90
actionmanage_posts_custom_columnadmin\class-sortd-admin.php:91
filterviews_edit-postadmin\class-sortd-admin.php:92
actionadmin_noticesadmin\class-sortd-admin.php:93
actionadmin_bar_menuadmin\class-sortd-admin.php:94
actiondelete_categoryadmin\class-sortd-admin.php:95
actionpublish_to_trashadmin\class-sortd-admin.php:96
actionpublish_to_draftadmin\class-sortd-admin.php:97
actiontransition_post_statusadmin\class-sortd-admin.php:98
actionwp_trash_postadmin\class-sortd-admin.php:99
actionpublish_to_draftadmin\class-sortd-admin.php:100
actionadmin_headadmin\class-sortd-admin.php:101
actionviews_edit-web-storyadmin\class-sortd-admin.php:102
actionviews_edit-makestories_storyadmin\class-sortd-admin.php:103
actionadd_meta_boxesadmin\class-sortd-admin.php:104
actionsave_postadmin\class-sortd-admin.php:105
actionedit_user_created_useradmin\class-sortd-admin.php:106
actionprofile_updateadmin\class-sortd-admin.php:107
actiondeleted_useradmin\class-sortd-admin.php:108
actionadded_post_metaadmin\class-sortd-admin.php:109
actionupdated_post_metaadmin\class-sortd-admin.php:110
filtermanage_category_custom_columnadmin\class-sortd-admin.php:112
filtermanage_edit-category_columnsadmin\class-sortd-admin.php:113
actionadmin_initadmin\class-sortd-admin.php:115
actionwp_insert_postadmin\class-sortd-admin.php:117
actionwp_headadmin\class-sortd-admin.php:118
actiondelete_post_tagadmin\class-sortd-admin.php:120
filtermanage_web_story_category_custom_columnadmin\class-sortd-admin.php:121
filtermanage_edit-web_story_category_columnsadmin\class-sortd-admin.php:122
actionadmin_noticesadmin\class-sortd-admin.php:123
actioncreate_termadmin\class-sortd-admin.php:124
filtermanage_edit-post_tag_columnsadmin\class-sortd-admin.php:125
actionmanage_post_tag_custom_columnadmin\class-sortd-admin.php:126
actionedit_termadmin\class-sortd-admin.php:127
actionedited_termadmin\class-sortd-admin.php:128
actionsave_postadmin\class-sortd-admin.php:129
actionviews_edit-categoryadmin\class-sortd-admin.php:130
actionadmin_headadmin\class-sortd-admin.php:131
actionshutdownadmin\class-sortd-admin.php:1446
actionadmin_enqueue_scriptsadmin\class-sortd-article.php:71
actionadmin_enqueue_scriptsadmin\class-sortd-categories.php:75
actionadmin_enqueue_scriptsadmin\class-sortd-config.php:70
actionadmin_enqueue_scriptsadmin\class-sortd-dashboard.php:73
actionadmin_enqueue_scriptsadmin\class-sortd-domains.php:70
actionadmin_enqueue_scriptsadmin\class-sortd-notifications.php:71
actionadmin_enqueue_scriptsadmin\class-sortd-oneclick.php:71
actionadmin_enqueue_scriptsadmin\class-sortd-redirection.php:70
actionadmin_enqueue_scriptsadmin\class-sortd-templates.php:70
actionadmin_enqueue_scriptsadmin\class-sortd-utils.php:71
filterposts_whereadmin\class-sortd-utils.php:1002
actionplugins_loadedincludes\class-sortd.php:203
actionwp_enqueue_scriptsincludes\class-sortd.php:279
actionwp_enqueue_scriptsincludes\class-sortd.php:280
actionadmin_initsortd.php:61
Maintenance & Trust

SORTD Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 26, 2025
PHP min version5.6
Downloads24K

Community Trust

Rating76/100
Number of ratings11
Active installs50
Alternatives

SORTD Alternatives

Super Progressive Web Apps

Super Progressive Web Apps

super-progressive-web-apps

A
99

SuperPWA helps you convert your WordPress website into a Progressive Web App instantly.

50K 2 CVEs
PWA

PWA

pwa

A
100

WordPress feature plugin to bring Progressive Web App (PWA) capabilities to Core

20K No CVEs
PWA for WP – Progressive Web Apps Made Simple

PWA for WP – Progressive Web Apps Made Simple

pwa-for-wp

A
95

PWA plugin is bringing the power of the Progressive Web Apps to the WP & AMP to take the user experience to the next level.

20K 5 CVEs
PWA — easy way to Progressive Web App

PWA — easy way to Progressive Web App

iworks-pwa

A
99

Your easy way to Progressive Web Application.

2K 1 CVE
Hyper PWA

Hyper PWA

hyper-pwa

A
92

Provide Manifest and Service Worker, convert WordPress into Progressive Web Apps (PWA).

300 No CVEs
Developer Profile

SORTD Developer Profile

sortd

1 plugin · 50 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SORTD

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about SORTD