Does Display Posts As List, Grid, Thumbs have any unpatched vulnerabilities?

No. All known vulnerabilities in Display Posts As List, Grid, Thumbs have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Display Posts As List, Grid, Thumbs compatible with WordPress 6.8.5?

According to WordPress.org data, Display Posts As List, Grid, Thumbs 4.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Display Posts As List, Grid, Thumbs compatible with PHP 7.3+?

Display Posts As List, Grid, Thumbs requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Display Posts As List, Grid, Thumbs updated?

Display Posts As List, Grid, Thumbs was last updated on Jun 15, 2025. Frequent updates are generally a positive security signal.

What is Display Posts As List, Grid, Thumbs's security score?

Display Posts As List, Grid, Thumbs has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Display Posts As List, Grid, Thumbs Security & Risk Analysis

wordpress.org/plugins/ultimate-content-views

This plugin lets you list posts by category, author, tags, and more, using a shortcode on posts, pages, or widgets with plenty of customization option …

900 active installs v4.4 PHP 7.3+ WP 3.5+ Updated Jun 15, 2025

author-postslist-category-postspost-listposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Display Posts As List, Grid, Thumbs Safe to Use in 2026?

Generally Safe

Score 100/100

Display Posts As List, Grid, Thumbs has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The 'ultimate-content-views' v4.4 plugin presents a mixed security picture. While it exhibits good practices regarding SQL queries, by exclusively using prepared statements, and has no recorded vulnerability history, significant concerns arise from its attack surface and code analysis. The presence of 6 unprotected AJAX handlers represents a substantial risk, as these can be exploited by unauthenticated users to trigger plugin functionality, potentially leading to unintended actions or information disclosure. The taint analysis, while not revealing critical or high severity issues, identified 3 flows with unsanitized paths, hinting at potential vulnerabilities if these paths are user-controlled and improperly handled, even if not reaching a critical stage in this analysis.

Conversely, the complete absence of known CVEs and the plugin's lack of external HTTP requests are positive indicators of a generally stable codebase. The limited number of file operations and the inclusion of Select2 as a bundled library (which itself needs to be kept updated by the developer) are not immediate red flags but require developer diligence. The primary weakness lies in the unprotected AJAX endpoints, which is a direct gateway for potential abuse and requires immediate attention. The plugin demonstrates strengths in data handling (SQL) and has a clean past, but the current code analysis highlights a notable gap in authentication and authorization checks on its primary interaction points.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths
Low output escaping coverage (53%)
No nonce checks on AJAX
No capability checks

Vulnerabilities

None known

Display Posts As List, Grid, Thumbs Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Display Posts As List, Grid, Thumbs Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

282

322 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared3 total queries

Output Escaping

53% escaped604 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

wpucv_get_list_page (inc\WPUCV_List_Renderer.php:1181)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Display Posts As List, Grid, Thumbs Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 6

authwp_ajax_wpucv_img_id_from_urlinc\WPUCV_Core.php:16

authwp_ajax_wpucv_get_list_pageinc\WPUCV_Core.php:17

noprivwp_ajax_wpucv_get_list_pageinc\WPUCV_Core.php:18

authwp_ajax_wpucv_prepare_for_previewinc\WPUCV_Core.php:19

authwp_ajax_wpucv_destroy_preview_sessioninc\WPUCV_Core.php:20

authwp_ajax_wpucv_list_edit_pageinc\WPUCV_Core.php:31

Shortcodes 1

[wpucv_list] inc\WPUCV_Core.php:27

WordPress Hooks 22

actionsave_postinc\WPUCV_Admin_Panel.php:696

actionsave_postinc\WPUCV_Admin_Panel.php:697

actionsave_postinc\WPUCV_Admin_Panel.php:1388

actionsave_postinc\WPUCV_Admin_Panel.php:1389

actioninitinc\WPUCV_Core.php:13

actionadmin_enqueue_scriptsinc\WPUCV_Core.php:14

actionwp_enqueue_scriptsinc\WPUCV_Core.php:15

actionsave_postinc\WPUCV_Core.php:21

actionsave_postinc\WPUCV_Core.php:22

actionafter_setup_themeinc\WPUCV_Core.php:23

actionadmin_headinc\WPUCV_Core.php:24

actionwp_headinc\WPUCV_Core.php:25

filterimage_size_names_chooseinc\WPUCV_Core.php:26

filtermanage_wpucv_list_posts_columnsinc\WPUCV_Core.php:28

actionmanage_wpucv_list_posts_custom_columninc\WPUCV_Core.php:29

actionadmin_head-edit.phpinc\WPUCV_Core.php:30

actiontemplate_redirectinc\WPUCV_Core.php:32

filterplugin_row_metainc\WPUCV_Core.php:34

filterthe_titleinc\WPUCV_Core.php:247

filterexcerpt_lengthinc\WPUCV_List_Renderer.php:135

filterexcerpt_moreinc\WPUCV_List_Renderer.php:136

actionrun_css_previewcssinc\WPUCV_List_Renderer.php:795

Maintenance & Trust

Display Posts As List, Grid, Thumbs Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 15, 2025

PHP min version7.3

Downloads15K

Community Trust

Rating100/100

Number of ratings7

Active installs900

Alternatives

Display Posts As List, Grid, Thumbs Alternatives

Author Category

author-category

simple lightweight plugin limit authors to post just in one category.

4K No CVEs

Advanced Posts Listing – Show Post List Easily

advanced-posts-listing

Display posts list from posts, pages or custom post types. Use Multiple designs and filters.

3K No CVEs

Zone Manager (Zoninator)

zoninator

100

Content curation made easy! Create "zones" then add and order your content!

2K No CVEs

Author Recommended Posts

author-recommended-posts

Pick specific posts to promote and recommend to your audience.

100 No CVEs

LCP Ajax Pagination

lcp-ajax-pagination

Ajax pagination add-on plugin for List Category Posts.

100 No CVEs

Developer Profile

Display Posts As List, Grid, Thumbs Developer Profile

wp-buy

13 plugins · 355K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

900 days

View full developer profile

Detection Fingerprints

How We Detect Display Posts As List, Grid, Thumbs

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ultimate-content-views/css/bootstrap-wrapper.css/wp-content/plugins/ultimate-content-views/css/bootstrap-theme-wrapper.css/wp-content/plugins/ultimate-content-views/css/admin-style.css/wp-content/plugins/ultimate-content-views/css/jquery-ui.min.css/wp-content/plugins/ultimate-content-views/css/select2.min.css/wp-content/plugins/ultimate-content-views/css/spectrum.css/wp-content/plugins/ultimate-content-views/fonts/font-awesome/css/font-awesome.min.css/wp-content/plugins/ultimate-content-views/js/bootstrap.min.js+12 more

HTML / DOM Fingerprints

CSS Classes

wpucv_list_wrapucv-post-itemucv-post-titleucv-post-excerptucv-post-metawpucv-grid-itemwpucv-classic-itemwpucv-thumbs-item+2 more

Data Attributes

data-ucv-id

JS Globals

wpucv_varsucv_data

REST Endpoints

/wp-json/wpucv/v1/lists

Shortcode Output

[wpucv_list]

FAQ