Plugin inspection:

Simple Custom Post Order

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


  • This plugin stores values from $_POST in the database (simple-custom-post-order.php line 231) then takes those values back out of the database (line 233) and then puts those values, unescaped, into SQL queries (241)

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

Authenticated users may be able to perform SQL injections.

Failure criteria

  • Execution of unprepared SQL statements

Read more about our failure criteria.