Does HeadSpace2 SEO have any unpatched vulnerabilities?

No. All known vulnerabilities in HeadSpace2 SEO have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is HeadSpace2 SEO compatible with WordPress 3.4.2?

According to WordPress.org data, HeadSpace2 SEO 3.6.41 has been tested up to WordPress 3.4.2. Check the plugin's changelog for the latest compatibility information.

How often is HeadSpace2 SEO updated?

HeadSpace2 SEO was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is HeadSpace2 SEO's security score?

HeadSpace2 SEO has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

HeadSpace2 SEO Security & Risk Analysis

wordpress.org/plugins/headspace2

Controls almost every aspect of your site's meta-data, including advanced tagging, Analytics, and dozens of plugins. The best WordPress SEO solu …

3K active installs v3.6.41 PHP + WP 3.0+ Updated Nov 28, 2017

meta-datapagepostseotitle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is HeadSpace2 SEO Safe to Use in 2026?

Generally Safe

Score 85/100

HeadSpace2 SEO has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The headspace2 plugin, version 3.6.41, presents a mixed security posture. On one hand, the static analysis reveals a commendably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication checks. The plugin also demonstrates a reasonable number of nonce and capability checks, suggesting some level of security awareness in its development. However, significant concerns arise from the code analysis, particularly the presence of 9 instances of the dangerous `unserialize` function. Furthermore, 100% of its 35 SQL queries are not using prepared statements, creating a high risk of SQL injection vulnerabilities. Taint analysis also indicates flows with unsanitized paths, though no critical or high severity issues were found in this area. The plugin's complete lack of recorded vulnerability history (CVEs) is a positive sign, implying a historically secure codebase or perhaps infrequent security scrutiny. Despite the absence of known vulnerabilities, the presence of `unserialize` and a complete lack of prepared statements for SQL queries represent critical security weaknesses that should be addressed proactively.

Key Concerns

Unsanitized SQL queries (100%)
Dangerous unserialize function usage (9 instances)
Taint flows with unsanitized paths (3 flows)
Moderate output escaping (55% proper)

Vulnerabilities

None known

HeadSpace2 SEO Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

HeadSpace2 SEO Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

185

223 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$custom = unserialize ($data['custom_fields']);headspace_library.php:29

unserialize$custom = unserialize($custom);headspace_library.php:31

unserialize$data = unserialize ($meta['custom_fields']);modules\page\custom.php:35

unserialize$data = unserialize ($data);modules\page\custom.php:37

unserialize$this->links = unserialize ($meta['follow_link']);modules\page\follow-links.php:45

unserialize$this->links = unserialize ($this->links);modules\page\follow-links.php:47

unserialize$data = unserialize( $data );modules\page\page-links.php:70

unserializereturn unserialize( $data );modules\page\page-links.php:72

unserialize$output = unserialize ($output);modules\page\tags\yahoo.php:44

SQL Query Safety

0% prepared35 total queries

Output Escaping

55% escaped408 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

hs_tag_update (ajax.php:304)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

HeadSpace2 SEO Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 71

actioninitajax.php:29

actionadmin_menuheadspace.php:45

actionload-settings_page_headspaceheadspace.php:46

actionload-post.phpheadspace.php:47

actionload-post-new.phpheadspace.php:48

actionadd_meta_boxesheadspace.php:49

actionsave_postheadspace.php:51

actionedit_category_formheadspace.php:53

actionedit_categoryheadspace.php:54

actionedit_termheadspace.php:55

actioninitheadspace.php:57

actionmanage_posts_columnsheadspace.php:60

actionmanage_pages_columnsheadspace.php:61

actionmanage_posts_custom_columnheadspace.php:63

actionmanage_pages_custom_columnheadspace.php:64

filterthematic_seoheadspace.php:478

filterthematic_doctitleheadspace.php:479

actionwp_headmodels\headspace.php:41

actionheadspace_wp_headmodels\headspace.php:42

actionlogin_headmodels\headspace.php:43

actioninitmodels\headspace.php:46

filterwp_tag_cloudmodules\page\follow-links.php:60

filterprev_posts_link_attributesmodules\page\follow-links.php:64

filternext_posts_link_attributesmodules\page\follow-links.php:65

filterthe_contentmodules\page\more_text.php:43

filterthe_excerptmodules\page\more_text.php:46

filterwp_list_pages_excludesmodules\page\page-links.php:77

filterwp_list_pagesmodules\page\page-links.php:78

filterwp_titlemodules\page\page_title.php:47

filterinitmodules\page\plugin.php:46

filterinitmodules\page\plugin.php:49

actionwp_footermodules\page\raw-footer.php:35

filterparent_post_rel_linkmodules\page\relative-links.php:51

filterstart_post_rel_linkmodules\page\relative-links.php:52

filterend_post_rel_linkmodules\page\relative-links.php:53

filternext_post_rel_linkmodules\page\relative-links.php:54

filterprevious_post_rel_linkmodules\page\relative-links.php:55

filterget_wp_title_rssmodules\page\rss_name.php:29

filterget_bloginfo_rssmodules\page\rss_tagline.php:29

filteroption_blognamemodules\page\site_name.php:29

filteroption_blogdescriptionmodules\page\site_tagline.php:29

filterthe_contentmodules\page\tags.php:100

filterposts_requestmodules\page\tags.php:103

filtertemplatemodules\page\theme.php:53

filterstylesheetmodules\page\theme.php:54

actionwp_footermodules\site\103bees.php:41

actionwp_footermodules\site\analytics.php:45

actionlogin_headmodules\site\analytics.php:48

actionwp_footermodules\site\apture.php:41

actionwp_footermodules\site\awstats.php:40

actionwp_footermodules\site\crazyegg.php:43

filteruser_can_richeditmodules\site\disable_visual_editing.php:43

filterthe_contentmodules\site\feedburner-stats.php:45

filterthe_excerptmodules\site\feedburner-stats.php:46

filterthe_excerpt_reloadedmodules\site\feedburner-stats.php:47

filterthe_contentmodules\site\first-time-visitor.php:55

filterthe_contentmodules\site\google-ad-wrap.php:45

filterthe_excerptmodules\site\google-ad-wrap.php:46

filterthe_excerpt_reloadedmodules\site\google-ad-wrap.php:47

filtercomment_textmodules\site\google-ad-wrap.php:48

filterwp_headmodules\site\google_webmaster.php:36

actionwp_footermodules\site\hittail.php:41

filterwp_headmodules\site\microsoft-live.php:39

actionwp_footermodules\site\mint.php:42

filterpre_option_posts_per_pagemodules\site\page_counts.php:43

actionthe_postsmodules\site\page_counts.php:46

actionwp_footermodules\site\piwik.php:47

actionwp_footermodules\site\statcounter.php:44

actioninitmodules\site\widgets.php:42

filterwp_headmodules\site\yahoo-site-explorer.php:39

actioninitplugin.php:135

Maintenance & Trust

HeadSpace2 SEO Maintenance & Trust

Maintenance Signals

WordPress version tested3.4.2

Last updatedNov 28, 2017

PHP min version

Downloads778K

Community Trust

Rating82/100

Number of ratings9

Active installs3K

Alternatives

HeadSpace2 SEO Alternatives

PEPS Media SEO Simple

peps-media-seo

Set a custom page/post title, description and social share image. Adds OG Meta tags and Twitter card tags automatically. Add custom code to header, bo …

40 No CVEs

dig Title

dig-title

Just the Meta Title. / 投稿ページやアーカイブページに、ただメタタイトルを設定できるだけのプラグインです。

0 No CVEs

Title Remover

title-remover

Gives you the ability to hide the title of any post, page or custom post type item without affecting menus or titles in the admin area.

80K No CVEs

Hide Page And Post Title

hide-page-and-post-title

Hide title on single pages and posts.

40K No CVEs

MM Title Manager — Hide Page and Post Title

hide-titles

100

Control visibility of post and page titles on your WordPress site.

9K No CVEs

Developer Profile

HeadSpace2 SEO Developer Profile

John Godley

14 plugins · 2.1M total installs

trust score

Avg Security Score

87/100

Avg Patch Time

4069 days

View full developer profile

Detection Fingerprints

How We Detect HeadSpace2 SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/headspace2/css/admin.css/wp-content/plugins/headspace2/css/farbtastic.css/wp-content/plugins/headspace2/css/style.css/wp-content/plugins/headspace2/js/admin.js/wp-content/plugins/headspace2/js/farbtastic.js/wp-content/plugins/headspace2/js/headspace.js

Generator Patterns

HeadSpace2

Script Paths

/wp-content/plugins/headspace2/js/admin.js/wp-content/plugins/headspace2/js/farbtastic.js/wp-content/plugins/headspace2/js/headspace.js

Version Parameters

headspace2/css/admin.css?ver=headspace2/css/farbtastic.css?ver=headspace2/css/style.css?ver=headspace2/js/admin.js?ver=headspace2/js/farbtastic.js?ver=headspace2/js/headspace.js?ver=

HTML / DOM Fingerprints

CSS Classes

headspace-metaboxheadspace-module-settingsheadspace-settings

HTML Comments

Data Attributes

data-headspace-moduledata-headspace-post-id

JS Globals

Headspace2HeadSpace2Admin

FAQ