Does autometa's CATAG have any unpatched vulnerabilities?

No. All known vulnerabilities in autometa's CATAG have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is autometa's CATAG compatible with WordPress 4.9.29?

According to WordPress.org data, autometa's CATAG 2.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is autometa's CATAG updated?

autometa's CATAG was last updated on Jan 18, 2018. Frequent updates are generally a positive security signal.

What is autometa's CATAG's security score?

autometa's CATAG has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

autometa's CATAG Security & Risk Analysis

wordpress.org/plugins/catag

It reproduces categories and tags in posts and it generates a cloud mixing categories and tags of posts simply via: [cats] and [tags] and [catag].

10 active installs v2.2 PHP + WP 2.5.0+ Updated Jan 18, 2018

automationcloudmetadatashortcodetaxonomy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is autometa's CATAG Safe to Use in 2026?

Generally Safe

Score 85/100

autometa's CATAG has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The plugin "catag" v2.2 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, file operations, external HTTP requests, and the complete use of prepared statements for SQL queries are excellent indicators of secure coding practices. Furthermore, the 100% output escaping and the lack of any recorded vulnerabilities, including CVEs, suggest a mature and well-maintained plugin. The limited attack surface, consisting solely of shortcodes, also contributes positively to its security profile.

However, a significant concern arises from the complete absence of nonce checks and capability checks across all entry points. While the static analysis reported zero unprotected entry points, this is likely due to the assumption that shortcodes inherently have some level of authorization, which is not always the case. Without explicit checks, these shortcodes could be susceptible to CSRF attacks if they perform actions that modify data or trigger significant events. The lack of any recorded vulnerabilities is positive, but the absence of security checks creates a potential blind spot that could lead to future vulnerabilities if not addressed. This is a weakness that, while not currently exploited, represents a notable security risk.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

autometa's CATAG Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

autometa's CATAG Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

autometa's CATAG Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[cats] catag.php:34

[tags] catag.php:42

[catag] catag.php:58

Maintenance & Trust

autometa's CATAG Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJan 18, 2018

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

autometa's CATAG Alternatives

autometa's FOLIO

folio

It reproduces portfolio categories and attributes in portfolios and it generates a cloud mixing categories and attributes of portfolios simply via: [p …

10 No CVEs