Third Column Security & Risk Analysis
wordpress.org/plugins/third-columnAdds a third column on the Edit Post screen.
Is Third Column Safe to Use in 2026?
Generally Safe
Score 85/100Third Column has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
Based on the provided static analysis and vulnerability history, the "third-column" plugin v2.0 appears to have a strong security posture. The absence of dangerous functions, raw SQL queries, unescaped outputs, file operations, external HTTP requests, and a complete lack of identified taint flows with unsanitized paths are all positive indicators. Furthermore, the plugin has no known CVEs, suggesting a history of secure development or effective patching.
However, a significant concern arises from the complete absence of any capability checks, nonce checks, or explicit authentication checks on all identified entry points. While the attack surface is currently reported as zero, this lack of security controls implies that if any new entry points were introduced, or if the initial assessment of the attack surface was incomplete, there would be no built-in protection against unauthorized access or malicious input. This could become a critical weakness if the plugin's functionality ever evolves to handle sensitive data or operations.
In conclusion, while the plugin demonstrates good development practices by avoiding common vulnerabilities, the complete lack of any explicit access control mechanisms presents a latent risk. The current lack of vulnerabilities is encouraging, but it's crucial to acknowledge that a security-by-obscurity approach is not sustainable. Future development should prioritize implementing appropriate capability and nonce checks to ensure robust security, even if the current attack surface is minimal.
Key Concerns
- No capability checks implemented
- No nonce checks implemented
Third Column Security Vulnerabilities
Third Column Code Analysis
Third Column Attack Surface
WordPress Hooks 6
Maintenance & Trust
Third Column Maintenance & Trust
Maintenance Signals
Community Trust
Third Column Alternatives
PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus
capability-manager-enhanced
PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.
Ultimate Dashboard – Custom WordPress Dashboard
ultimate-dashboard
The #1 Plugin to Customize the WordPress Dashboard!
WP Custom Admin Interface
wp-custom-admin-interface
With WP Custom Admin Interface you can easily customise the WordPress admin and login interfaces.
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
adminify
Transform your WordPress admin into a fully white-labeled, organized client dashboard. Customize, Dark mode, Secure, Boost productivity, and more.
Better Admin Bar
better-admin-bar
The WordPress Admin Bar reimagined. Replace the default WordPress admin bar and provide logged-in users the user experience they deserve.
Third Column Developer Profile
12 plugins · 440 total installs
How We Detect Third Column
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/third-column/admin.css/wp-content/plugins/third-column/scripts/third-column.js/wp-content/plugins/third-column/scripts/third-column.jsthird-column/admin.css?ver=third-column/scripts/third-column.js?ver=HTML / DOM Fingerprints
postbox-containerpostbox-subcolstagBox