Does WP Sort Order have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Sort Order have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Sort Order compatible with WordPress 6.8.5?

According to WordPress.org data, WP Sort Order 1.3.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Sort Order compatible with PHP 7.0+?

WP Sort Order requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Sort Order updated?

WP Sort Order was last updated on Jan 7, 2025. Frequent updates are generally a positive security signal.

What is WP Sort Order's security score?

WP Sort Order has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Sort Order Security & Risk Analysis

wordpress.org/plugins/wp-sort-order

Order terms (Users, Posts, Pages, Custom Post Types and Custom Taxonomies) using a Drag and Drop with jQuery ui Sortable.

6K active installs v1.3.5 PHP 7.0+ WP 3.5.0+ Updated Jan 7, 2025

plugins-orderpost-ordertaxonomy-orderuser-order

A · Safe

CVEs total1

Unpatched0

Last CVEApr 5, 2024

Plugin page Download

Safety Verdict

Is WP Sort Order Safe to Use in 2026?

Generally Safe

Score 91/100

WP Sort Order has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 5, 2024Updated 1yr ago

Risk Assessment

The wp-sort-order plugin v1.3.5 exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with all identified AJAX handlers protected by nonce checks. The absence of file operations and external HTTP requests is also a good sign. However, significant concerns arise from the code analysis, particularly regarding output escaping and SQL query practices. With nearly half of the output not being properly escaped, there's a notable risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, a substantial portion of SQL queries are not using prepared statements, which could lead to SQL injection vulnerabilities if these queries are not properly sanitized. The vulnerability history, while currently showing no unpatched CVEs, indicates a past medium-severity vulnerability, specifically missing authorization. This pattern, combined with the zero capability checks observed in the static analysis, suggests a recurring theme of authorization weaknesses that could be exploited.

Key Concerns

Unescaped output detected
SQL queries not using prepared statements
Past medium vulnerability (missing authorization)
No capability checks on entry points
Flow with unsanitized path in taint analysis

Vulnerabilities

WP Sort Order Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-31294medium · 4.3Missing Authorization

WP Sort Order <= 1.3.1 - Missing Authorization

Apr 5, 2024 Patched in 1.3.2 (7d)

Code Analysis

Analyzed Mar 16, 2026

WP Sort Order Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

41% prepared34 total queries

Output Escaping

49% escaped41 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

update_options (inc\hooks.php:686)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Sort Order Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_update-menu-orderinc\hooks.php:28

authwp_ajax_update-menu-order-tagsinc\hooks.php:29

authwp_ajax_update-menu-order-usersinc\hooks.php:31

authwp_ajax_update-menu-order-extrasinc\hooks.php:32

WordPress Hooks 20

actionwp_enqueue_scriptsinc\functions.php:104

actionadmin_enqueue_scriptsinc\functions.php:121

actionadmin_initinc\functions.php:199

actionplugins_loadedinc\hooks.php:14

actionadmin_menuinc\hooks.php:16

actionadmin_initinc\hooks.php:19

actionadmin_initinc\hooks.php:23

actionadmin_initinc\hooks.php:24

actionadmin_initinc\hooks.php:25

actionpre_get_postsinc\hooks.php:36

filterget_previous_post_whereinc\hooks.php:38

filterget_previous_post_sortinc\hooks.php:39

filterget_next_post_whereinc\hooks.php:40

filterget_next_post_sortinc\hooks.php:41

filterget_terms_orderbyinc\hooks.php:44

filterwp_get_object_termsinc\hooks.php:45

filterget_termsinc\hooks.php:46

actionpre_user_queryinc\hooks.php:49

actionsave_postinc\hooks.php:1022

actionadmin_footerinc\hooks.php:1071

Maintenance & Trust

WP Sort Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJan 7, 2025

PHP min version7.0

Downloads89K

Community Trust

Rating90/100

Number of ratings17

Active installs6K

Alternatives

WP Sort Order Alternatives

Real Custom Post Order: Create a custom order for your content

real-custom-post-order

100

Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!

9K No CVEs

Reshuffle – Change Post Order, Product Order, Taxonomy Order

reshuffle

Reorder posts, products, and taxonomy terms via a drag-and-drop interface.

40 No CVEs

Bracket Post Order

bracket-post-order

100

Drag-and-drop ordering for posts, pages, custom post types, and taxonomy terms — with per-category post ordering.

0 No CVEs

Post Types Order

post-types-order

100

Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard

600K No CVEs

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

Developer Profile

WP Sort Order Developer Profile

Fahad Mahmood

40 plugins · 33K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

237 days

View full developer profile

Detection Fingerprints

How We Detect WP Sort Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-sort-order/css/fontawesome.min.css/wp-content/plugins/wp-sort-order/js/fontawesome.min.js/wp-content/plugins/wp-sort-order/js/bootstrap.min.js/wp-content/plugins/wp-sort-order/css/bootstrap.min.css/wp-content/plugins/wp-sort-order/js/front-scripts.js

Script Paths

js/front-scripts.jsjs/fontawesome.min.jsjs/bootstrap.min.js

Version Parameters

wp-sort-order/js/front-scripts.js?ver=wp-sort-order/js/fontawesome.min.js?ver=wp-sort-order/css/fontawesome.min.css?ver=wp-sort-order/js/bootstrap.min.js?ver=wp-sort-order/css/bootstrap.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

premium

Data Attributes

data-term_id

JS Globals

wpso

FAQ