Does Auto-tags have any unpatched vulnerabilities?

No. All known vulnerabilities in Auto-tags have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Auto-tags compatible with WordPress 3.4.2?

According to WordPress.org data, Auto-tags 0.5.1 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is Auto-tags updated?

Auto-tags was last updated on Aug 4, 2012. Frequent updates are generally a positive security signal.

What is Auto-tags's security score?

Auto-tags has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Auto-tags Security & Risk Analysis

wordpress.org/plugins/auto-tag

Automatically add relevant tags to new posts.

200 active installs v0.5.1 PHP + WP 3.0+ Updated Aug 4, 2012

automatictagtaggingtags

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Auto-tags Safe to Use in 2026?

Generally Safe

Score 85/100

Auto-tags has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The 'auto-tag' plugin v0.5.1 exhibits a generally positive security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a strong indicator of a limited attack surface. Furthermore, the code demonstrates a commitment to secure database interactions by exclusively using prepared statements for SQL queries. The plugin also correctly implements capability checks for its identified code signals.

However, a significant concern arises from the complete lack of output escaping across all 14 identified output points. This indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website if user-supplied data is not properly sanitized before being displayed. The single external HTTP request also warrants careful review to ensure it is not susceptible to man-in-the-middle attacks or other related vulnerabilities.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the limited attack surface and prepared SQL statements, suggests a well-maintained or less complex codebase. Nevertheless, the critical issue of unescaped output significantly overshadows these strengths, presenting a clear and present danger that needs immediate remediation.

Key Concerns

All outputs are unescaped, risking XSS
External HTTP request is a potential risk

Vulnerabilities

None known

Auto-tags Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Auto-tags Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped14 total outputs

Attack Surface

Auto-tags Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadd_meta_boxesauto-tag-meta-box.class.php:9

actionadmin_menuauto-tag-setup.class.php:28

actionsave_postauto-tag.class.php:76

actionload-post.phpauto-tag.php:40

filterplugin_action_linksauto-tag.php:61

Maintenance & Trust

Auto-tags Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedAug 4, 2012

PHP min version

Downloads102K

Community Trust

Rating82/100

Number of ratings20

Active installs200

Alternatives

Auto-tags Alternatives

Already Existing Tags

already-existing-tags

Looks for already existing tags within your posts.

600 No CVEs

Smart Tag Insert

smart-tag-insert

100

Automatically adds most relevant tags to posts selecting them from an admin-defined list.

100 No CVEs

Page Tagger

page-tagger

Page Tagger is a Wordpress plugin which lets you tag your pages just like you do with your posts. It adds a tagging widget in the page-editing view in …

2K No CVEs

TagPages

tagpages

Adds post-tags functionality for pages.

1K No CVEs

WP Calais Auto Tagger

calais-auto-tagger

The plugin performs semantic analysis of your posts to suggest tags using Open Calais.

40 1 unpatched

Developer Profile

Auto-tags Developer Profile

jfoucher

2 plugins · 210 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Auto-tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/auto-tag/css/auto-tag-admin.css/wp-content/plugins/auto-tag/js/auto-tag-admin.js

Script Paths

/wp-content/plugins/auto-tag/js/auto-tag-admin.js

Version Parameters

auto-tag/css/auto-tag-admin.css?ver=auto-tag/js/auto-tag-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

taghintnewtagtagaddtagchecklist

Data Attributes

id="tax-input-post_tag"name="auto_tag_removed_tags"id="new-tag-post_tag"name="auto_tag_removed_tag"name="autotag_disabled_on_post"

FAQ