WP-Safety

Simple SEO Security & Risk Analysis

wordpress.org/plugins/cds-simple-seo

Allows the modification of META titles, descriptions and keywords for all pages and posts. Also allows for default setting for of META title, descript …

10K active installs v2.0.33 PHP 7.4+ WP 4.6.2+ Updated Dec 1, 2025
mera-descriptionmetameta-keywordsmeta-titleseo
91
A · Safe
CVEs total6
Unpatched0
Last CVESep 23, 2025
Plugin page Download
Safety Verdict

Is Simple SEO Safe to Use in 2026?

Generally Safe

Score 91/100

Simple SEO has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Sep 23, 2025Updated 4mo ago
Risk Assessment

The static analysis of cds-simple-seo v2.0.33 reveals a generally good security posture with a clean attack surface. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without authentication or permission checks. The code shows a decent level of output escaping (86%) and a moderate use of prepared statements for SQL queries (25%). The absence of any reported taint flows is a positive sign, indicating no readily identifiable paths for malicious data injection leading to critical or high severity issues based on this analysis.

However, the plugin's vulnerability history is a significant concern. With a total of 6 known CVEs, including 2 high and 4 medium severity vulnerabilities, it suggests a pattern of past security weaknesses. The common vulnerability types, Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS), are common but impactful. The fact that there are currently no unpatched vulnerabilities is a mitigating factor, but the historical prevalence of these issues implies that diligent updating is crucial for users of this plugin. The last vulnerability being in the recent past also suggests ongoing security challenges.

In conclusion, while the current version's code analysis shows no immediate critical vulnerabilities in its attack surface, the historical vulnerability record warrants caution. Users should ensure they are always running the latest version and be aware of the plugin's past security issues. The moderate use of prepared statements and less than perfect output escaping percentage, while not critical in this version's direct analysis, contribute to the overall risk profile given the plugin's history.

Key Concerns

  • High historical CVE count
  • Past high severity vulnerabilities
  • Past medium severity vulnerabilities
  • SQL queries not fully prepared
  • Output escaping below 100%
Vulnerabilities
6

Simple SEO Security Vulnerabilities

CVEs by Year

4 CVEs in 2022
2022
1 CVE in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
2
Medium
4

6 total CVEs

CVE-2025-10357medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple SEO <= 2.0.31 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 23, 2025 Patched in 2.0.32 (24d)
CVE-2023-45269medium · 5.4Cross-Site Request Forgery (CSRF)

Simple SEO <= 2.0.25 - Cross-Site Request Forgery via multiple admin_post functions

Oct 6, 2023 Patched in 2.0.26 (109d)
CVE-2022-36404high · 8.8Cross-Site Request Forgery (CSRF)

Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation

Oct 20, 2022 Patched in 1.8.13 (460d)
CVE-2022-44627high · 8.8Cross-Site Request Forgery (CSRF)

Simple SEO <= 1.8.12 - Cross-Site Request Forgery

Oct 20, 2022 Patched in 1.8.13 (460d)
CVE-2022-1628medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple SEO <= 1.7.91 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 29, 2022 Patched in 1.7.92 (543d)
WF-9a83f381-a8ce-472d-a202-f7d7f22fd650-cds-simple-seomedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple SEO <= 1.7.91 - Reflected Cross-Site Scripting

Jul 12, 2022 Patched in 1.7.92 (560d)
Code Analysis
Analyzed Mar 16, 2026

Simple SEO Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
1 prepared
Unescaped Output
15
90 escaped
Nonce Checks
6
Capability Checks
8
File Operations
4
External Requests
0
Bundled Libraries
0

SQL Query Safety

25% prepared4 total queries

Output Escaping

86% escaped105 total outputs
Attack Surface

Simple SEO Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 35
actionadmin_menuapp\Admin\Admin.php:21
actionsave_postapp\Admin\Admin.php:22
actionedit_attachmentapp\Admin\Admin.php:23
actionadd_attachmentapp\Admin\Admin.php:24
actionedited_categoryapp\Admin\Admin.php:25
actioncreate_categoryapp\Admin\Admin.php:26
actionedited_post_tagapp\Admin\Admin.php:27
actioncreate_post_tagapp\Admin\Admin.php:28
actionadmin_post_sseo_allinone_importapp\Admin\Admin.php:32
actionadmin_post_sseo_rankmath_importapp\Admin\Admin.php:33
actionadmin_post_sseo_yoast_importapp\Admin\Admin.php:34
actionedited_product_catapp\Admin\Admin.php:38
actioncreate_product_catapp\Admin\Admin.php:39
actionedited_product_tagapp\Admin\Admin.php:40
actioncreate_product_tagapp\Admin\Admin.php:41
actionpublish_postapp\Admin\Admin.php:47
actionedit_postapp\Admin\Admin.php:48
actiondelete_postapp\Admin\Admin.php:49
actionadmin_post_sseo_create_sitemapapp\Admin\Admin.php:51
actionadmin_post_sseo_delete_sitemapapp\Admin\Admin.php:52
actionadd_meta_boxesapp\init\init.php:45
actioncategory_add_form_fieldsapp\init\init.php:48
actioncategory_edit_form_fieldsapp\init\init.php:49
actionpost_tag_add_form_fieldsapp\init\init.php:50
actionpost_tag_edit_form_fieldsapp\init\init.php:51
actionquick_edit_custom_boxapp\init\init.php:54
actionproduct_cat_add_form_fieldsapp\init\init.php:58
actionproduct_cat_edit_form_fieldsapp\init\init.php:59
actionproduct_tag_add_form_fieldsapp\init\init.php:60
actionproduct_tag_edit_form_fieldsapp\init\init.php:61
actionwp_headapp\init\init.php:65
filterpre_get_document_titleapp\init\init.php:67
filterwp_titleapp\init\init.php:68
filterwp_headapp\init\init.php:71
actioninitapp\SimpleSEO.php:23
Maintenance & Trust

Simple SEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 1, 2025
PHP min version7.4
Downloads181K

Community Trust

Rating94/100
Number of ratings31
Active installs10K
Alternatives

Simple SEO Alternatives

Codevyne SEO Meta Keywords

Codevyne SEO Meta Keywords

wpcc-seo-meta-keywords

A
100

Short Description: Add wordpress website page, post and product SEO meta keywords to speedup your website google search engine visibility.

4K No CVEs
FV Simpler SEO

FV Simpler SEO

fv-all-in-one-seo-pack

A
99

Simple and effective SEO. Non-invasive, elegant. Ideal for client facing projects.

2K 1 CVE
Add Meta Tag Keywords

Add Meta Tag Keywords

add-meta-tag-keywords

A
85

The plugin allows you to add Meta Tag keywords for posts, pages or basically any custom post type. The Meta Keywords are important words or phrases th &hellip;

1K No CVEs
Meta Keywords for Each Page

Meta Keywords for Each Page

meta-keywords-for-each-page

A
100

Easily add SEO meta keywords to enhance your website's search engine optimization.

600 No CVEs
Auto Meta Keywords

Auto Meta Keywords

auto-meta-keywords

A
100

This plugin automatically gets the keywords of your post/page content and shows them in the meta keywords tag. Meta keywords tag can be used when dete &hellip;

100 No CVEs
Developer Profile

Simple SEO Developer Profile

David Cole

1 plugin · 10K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
359 days
View full developer profile
Detection Fingerprints

How We Detect Simple SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cds-simple-seo/css/style.css/wp-content/plugins/cds-simple-seo/js/script.js/wp-content/plugins/cds-simple-seo/js/quickedit.js
Script Paths
/wp-content/plugins/cds-simple-seo/js/script.js/wp-content/plugins/cds-simple-seo/js/quickedit.js
Version Parameters
cds-simple-seo/css/style.css?ver=cds-simple-seo/js/script.js?ver=cds-simple-seo/js/quickedit.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Simple SEO