PLUGIN SECURITY
Is Custom Post Type Ui safe?
Known vulnerabilities, PHP compatibility and safer alternatives for the Custom Post Type Ui WordPress plugin — checked against WP Clinic's local security database.
Plugin details
- Slug:
custom-post-type-ui - Requires PHP: 7.4+
- Max supported PHP (analyzed): 8.4
Known vulnerabilities
- Custom Post Type UI [custom-post-type-ui] < 1.7.4 [WordPress Custom Post Type UI plugin <= 1.7.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)]
- Custom Post Type UI [custom-post-type-ui] < 1.7.4 [Custom Post Type UI < 1.7.4 - CSRF to Stored XSS]
- Custom Post Type UI [custom-post-type-ui] < 1.7.4 [Custom Post Type UI <= 1.7.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting]
- Custom Post Type UI [custom-post-type-ui] < 1.13.5 [WordPress Custom Post Type UI Plugin <= 1.13.4 is vulnerable to Cross Site Request Forgery (CSRF)]
- Custom Post Type UI [custom-post-type-ui] < 1.13.5 [CVE-2023-1623, WordPress Custom Post Type UI Plugin < 1.13.5 is vulnerable to Cross Site Request Forgery (CSRF), Custom Post Type UI <= 1.13.4 - Cross-Site Request Forgery to Sensitive Information Exposure, Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF]
+ 2 more known vulnerabilities
- Custom Post Type UI [custom-post-type-ui] < 1.18.1 [CVE-2025-12826, Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification]
- Custom Post Type UI [custom-post-type-ui] < 1.18.2 [CVE-2025-14056, Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter, EUVD-2025-203186]
Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.
Safer / more established alternatives
- Meta Box — 500000+ active installs — max PHP 8.4
- Pods – Custom Content Types and Fields — 100000+ active installs — max PHP 8.4
- Sydney Toolbox — 50000+ active installs — max PHP 8.4
- CMS Tree Page View – Reorder Pages with a Drag-and-Drop Tree — 50000+ active installs
- Essential Content Types — 20000+ active installs
Check your own WordPress site
Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.