Descripción

The Cutmap Editorial Workflow (CEW) is a professional-grade content management solution for WordPress. It is designed to bring structure, accountability, and security to the content creation process by implementing a multi-stage editorial workflow.

Whether you are managing a small blog or a large-scale news portal, CEW ensures that every piece of content is reviewed and approved before it reaches your audience.

Key Features:

Role-Based Access Control (RBAC): Specialized user roles (Creators, Approvers) with restricted admin access.
Multi-Stage Workflow Tracking: Post lifecycle stages including Assigned, In Review, and Approved.
Centralized Assignment Dashboard: Admins can manage all active workflows and assign specific Creators and Approvers to any post, page, or custom post type.
Content Isolation & Focus: Creators and Approvers only see the content they are currently assigned to, reducing clutter and preventing unauthorized edits.
Transparent Revision Management: Safe editing of live content via snapshots that only go live after approval.
Activity & Audit Logging: Detailed logs for tracking all workflow events.
Automated Notifications: Real-time email/admin alerts on task assignments and status updates.

Instalación

Upload the cutmap-editorial-workflow folder to the /wp-content/plugins/ directory.
Activate the plugin through the ‘Plugins’ menu in WordPress.
Use the ‘Workflows’ menu in the admin dashboard to start assigning content.

Preguntas frecuentes

Can I use this for Custom Post Types?: Yes, the Cutmap Editorial Workflow supports Posts, Pages, and all registered Custom Post Types.
How do I add a Creator?: The plugin automatically creates a ‘Creator’ role upon activation. You can assign this role to any user from the WordPress ‘Users’ menu.

Reseñas

kiyotakakiritoooo 1 de mayo de 2026 1 respuesta

Hello sir, Installed this plugin for just taking a look and the core workflow works fine. creator, approver, assignments all function as expected. the approved snapshot idea is actually very nicee sir. But found some real problems while going through the code the plugin comes with a hardcoded password «W***f***1*3» for sample users I am hiding it so that I don’t wanna disclose the password. anyone who reads the source code will know it. not safe at all for a real website.the entire workflow can be bypassed by calling the wordpress REST API directly. send a POST request to wp-json with status publish and it goes live without any approval. the plugin doesnt cover this at all.when an approver rejects a post, the approved snapshot gets overwritten with the rejected content…. so visitors end up seeing the version that was literally just rejected. seems like a bug.every single page load in wp-admin triggers a full database schema check… makes the admin panel noticeably slow especially on shared hosting…. when you uninstall the plugin it only removes the user roles…. the database tables and all the post meta it created are left behind…. had to clean manually with phpmyadmin… The audit log is supposed to track every edit but it keeps overwriting the same row instead of adding new entries. so you lose the history of intermediate changes completely… I just found out these using the normal analysis I do when I install new plugins and sorta stuff… I hope this review and feedback find you well sir…

Leer la 1 reseña

Colaboradores y desarrolladores

«Cutmap Editorial Workflow» es un software de código abierto. Las siguientes personas han colaborado con este plugin.

aswinikumar

Traduce «Cutmap Editorial Workflow» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

1.4.6

Security: Removed hardcoded sample-user password (Workflow@123). Each new sample user now receives a unique password generated via wp_generate_password(16, true), displayed once in the admin notice and never stored in source.
Security: Added rest_pre_insert_{post_type} enforcement to block unauthorized publish attempts via the REST API. Admin-role REST tokens can no longer bypass the editorial workflow when a post has an active assignment.
Bug fix: reject() no longer overwrites the approved content snapshot with the rejected draft. Visitors continue seeing the last explicitly approved version while the creator revises and re-submits.
Performance: dbDelta() schema checks in CUTMAP_DB and CUTMAP_WNS are now guarded by a version option (cew_db_version, cew_wns_version). The expensive schema introspection runs only on activation/upgrade, not on every page load.
Cleanup: uninstall.php now deletes all _cew_* post meta rows and removes plugin version options, leaving no orphaned data after deletion.
Reliability: The ALTER TABLE … DROP INDEX migration for the audit-log unique key now runs reliably on every upgrade because the schema version option is cleared on activation.

1.4.5

Resolved remaining critical security checklist issues including strict nonce validation across all forms/actions.
Sanitized remaining raw $_POST and $_GET superglobal accesses and strictly avoided empty() checks for them.
Re-audited output escaping inside admin tables and guaranteed all display logic passes through esc_html() and esc_url().
Ensured every single admin_post action starts with a firm current_user_can() capability check followed by wp_die().

1.4.4

Hardened admin actions with strict current_user_can() capability checks.
Improved security by ensuring complete table cleanup on uninstall.
Verified input sanitization and output escaping across the plugin.

1.4.3

Removed UTF-8 Byte Order Marks (BOM) from PHP files to satisfy automated checks.

1.4.2

Fixed unescaped translatable label strings in the frontend shortcode output by using esc_html__.

1.4.1

Fixed the_title escaping context from wp_kses_post to esc_html.
Fixed stale admin hook slug to ensure assets enqueue correctly.

1.4.0

Fixed wp_enqueue issues by converting raw script/style tags.
Added rigorous escaping output (wp_kses_post) to all filter callbacks.
Cleaned up unclosed ob_start buffers to ensure safe hook flows.
Changed short prefixes to longer CUTMAP_ prefixes.

1.3.0

Fixed plugin header metadata parsing issues for strict WordPress.org compatibility.

1.2.0

Renamed plugin to Cutmap Editorial Workflow.
Enhanced security: Enqueued all inline scripts and styles using WP core APIs.
Refactored prefixes to comply with WordPress official plugin guidelines.
Improved dashboard UI and workflow assignment screen.

1.1.0

Hardened security and addressed plugin review feedback.
Refined capabilities and user role checks.
Removed redundant database tables for improved performance.

1.0.0

Initial release.
Added Creator and Approver roles.
Added assignment tracking for posts and pages.
Added email notification system.