Does Automatic Post Tagger have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Automatic Post Tagger compatible with WordPress 4.4.34?

According to WordPress.org data, Automatic Post Tagger 1.8.2 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is Automatic Post Tagger updated?

Automatic Post Tagger was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Automatic Post Tagger's security score?

Automatic Post Tagger has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Automatic Post Tagger Security & Risk Analysis

wordpress.org/plugins/automatic-post-tagger

Adds relevant taxonomy terms to posts using a keyword list provided by the user.

2K active installs v1.8.2 PHP + WP 3.0+ Updated Nov 28, 2017

auto-tagskeywordspostpostsseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Automatic Post Tagger Safe to Use in 2026?

Generally Safe

Score 85/100

Automatic Post Tagger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "automatic-post-tagger" plugin version 1.8.2 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to WordPress security best practices by implementing robust nonce and capability checks for its identified entry points, which include two AJAX handlers and two cron events. The absence of any reported CVEs and a clean vulnerability history further suggest a history of secure development. However, significant concerns arise from the static analysis of its code. Notably, a substantial 64% of SQL queries are not using prepared statements, presenting a risk of SQL injection. Furthermore, a critical finding is that 0% of the plugin's 254 output operations are properly escaped, leaving it vulnerable to Cross-Site Scripting (XSS) attacks. While the taint analysis did not reveal critical or high-severity flows, the unsanitized path in all analyzed flows warrants attention. The presence of file operations, though not directly flagged as risky in this analysis, could be an additional vector if combined with other vulnerabilities.

Key Concerns

SQL queries not using prepared statements
Output escaping not properly implemented
Unsanitized paths in taint analysis

Vulnerabilities

None known

Automatic Post Tagger Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Automatic Post Tagger Release Timeline

v1.8.2Current

v1.8.1

Code Analysis

Analyzed Mar 16, 2026

Automatic Post Tagger Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

253

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

36% prepared11 total queries

Output Escaping

0% escaped254 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

apt_meta_box_create_new_keyword_set (automatic-post-tagger.php:1111)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Automatic Post Tagger Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_apt_meta_box_create_new_keyword_setautomatic-post-tagger.php:159

authwp_ajax_apt_set_widget_visibilityautomatic-post-tagger.php:160

WordPress Hooks 16

filterplugin_row_metaautomatic-post-tagger.php:142

actionadmin_print_scriptsautomatic-post-tagger.php:145

actionadmin_enqueue_scriptsautomatic-post-tagger.php:146

actionadmin_print_scriptsautomatic-post-tagger.php:149

actionadmin_enqueue_scriptsautomatic-post-tagger.php:150

actionadd_meta_boxesautomatic-post-tagger.php:151

actionadmin_menuautomatic-post-tagger.php:156

actionadmin_noticesautomatic-post-tagger.php:157

actionadmin_initautomatic-post-tagger.php:158

actionplugins_loadedautomatic-post-tagger.php:164

actionplugins_loadedautomatic-post-tagger.php:168

actionpublish_postautomatic-post-tagger.php:174

actionwp_insert_postautomatic-post-tagger.php:177

actionsave_postautomatic-post-tagger.php:180

actionapt_bulk_tagging_eventautomatic-post-tagger.php:184

actionapt_bulk_tagging_event_single_batchautomatic-post-tagger.php:185

Scheduled Events 2

apt_bulk_tagging_event_single_batch

apt_bulk_tagging_event

Maintenance & Trust

Automatic Post Tagger Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedNov 28, 2017

PHP min version

Downloads88K

Community Trust

Rating96/100

Number of ratings77

Active installs2K

Alternatives

Automatic Post Tagger Alternatives

HeadMeta

headmeta

Automatically add <link>, <meta> description and <meta> keywords to your HTML on a per-post (or page) basis.

60 No CVEs

Post Filter

post-filter

Prevent from publishing posts with unwanted content/words Delete posts on your WordPress blog by keyword immediately after published

10 No CVEs

TagΒee Post Tagger

tagbee-automatic-post-tagging

100

TagBee is the easy way to add tags to your posts.TagBee works in a simple way: it proposes tags for your content. However, under the hood, TagBee uses …

10 No CVEs

WP Delete Posts

wp-delete-posts

Delete posts on your WordPress blog by keyword searching

10 No CVEs

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Developer Profile

Automatic Post Tagger Developer Profile

Devtard

2 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Automatic Post Tagger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/automatic-post-tagger/js/apt-admin-meta-box.js/wp-content/plugins/automatic-post-tagger/js/apt-meta-box-common.js/wp-content/plugins/automatic-post-tagger/js/apt-options-page.js/wp-content/plugins/automatic-post-tagger/css/apt-admin.css/wp-content/plugins/automatic-post-tagger/css/apt-admin-meta-box.css

Script Paths

/wp-content/plugins/automatic-post-tagger/js/apt-admin-meta-box.js/wp-content/plugins/automatic-post-tagger/js/apt-meta-box-common.js/wp-content/plugins/automatic-post-tagger/js/apt-options-page.js

Version Parameters

automatic-post-tagger/js/apt-admin-meta-box.js?ver=automatic-post-tagger/js/apt-meta-box-common.js?ver=automatic-post-tagger/js/apt-options-page.js?ver=automatic-post-tagger/css/apt-admin.css?ver=automatic-post-tagger/css/apt-admin-meta-box.css?ver=

HTML / DOM Fingerprints

CSS Classes

apt_keyword_setapt_remove_keyword_setapt_add_keyword_setapt_add_keyword_set_buttonapt_meta_box_containerapt_settings_formapt_option_input

HTML Comments

+4 more

Data Attributes

data-apt-keyword-set-iddata-apt-group-id

JS Globals

apt_ajax_nonceapt_plugin_urlapt_ajax_url

REST Endpoints

/wp-json/automatic-post-tagger/v1/settings

FAQ

Automatic Post Tagger Security & Risk Analysis

Is Automatic Post Tagger Safe to Use in 2026?

Generally Safe

Key Concerns

Automatic Post Tagger Security Vulnerabilities

Automatic Post Tagger Release Timeline

Automatic Post Tagger Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Automatic Post Tagger Attack Surface

AJAX Handlers 2

Scheduled Events 2

Automatic Post Tagger Maintenance & Trust

Maintenance Signals

Community Trust

Automatic Post Tagger Alternatives

HeadMeta

Post Filter

TagΒee Post Tagger

WP Delete Posts

YARPP – Yet Another Related Posts Plugin

Automatic Post Tagger Developer Profile

How We Detect Automatic Post Tagger

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Automatic Post Tagger