WP-Safety

Hoo Hreflang Tags Security & Risk Analysis

wordpress.org/plugins/hoo-hreflang-tags

Add Hreflang meta tags to the head of your Multi-Language WordPress Website. It is compatible with the elementor plugin.

100 active installs v1.1 PHP 5.3+ WP 4.0+ Updated Nov 11, 2018
hreflang-tags
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Hoo Hreflang Tags Safe to Use in 2026?

Generally Safe

Score 85/100

Hoo Hreflang Tags has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The hoo-hreflang-tags plugin, version 1.1, presents a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for its SQL queries, handling file operations correctly, and making no external HTTP requests, several significant concerns emerge from the static analysis.

The most prominent risks stem from the two AJAX handlers, both of which lack authentication checks. This creates a direct attack vector where unauthenticated users could potentially trigger these handlers, leading to unintended consequences. Furthermore, the presence of the `unserialize` function, combined with two taint flows exhibiting unsanitized paths, raises a critical red flag. This combination suggests a high risk of remote code execution or other severe vulnerabilities if user-supplied data is not meticulously validated before being passed to `unserialize`.

The plugin's vulnerability history is clean, with no recorded CVEs. This is a positive indicator, suggesting the developers may have a good understanding of common security pitfalls or that the plugin hasn't been a target. However, the current code analysis reveals potential weaknesses that could be exploited regardless of past history. The lack of proper output escaping on nearly 71% of outputs is another area of concern, potentially leading to cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths (High severity)
  • Use of unserialize()
  • Low output escaping coverage
Vulnerabilities
None known

Hoo Hreflang Tags Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Hoo Hreflang Tags Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Hoo Hreflang Tags Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
50
20 escaped
Nonce Checks
4
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$datetime = unserialize( $meta_value );includes\metabox\helpers\cmb_Meta_Box_types.php:486

SQL Query Safety

100% prepared2 total queries

Output Escaping

29% escaped70 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
sanitize_field (includes\metabox\init.php:641)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Hoo Hreflang Tags Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_cmb_oembed_handlerincludes\metabox\init.php:1047
noprivwp_ajax_cmb_oembed_handlerincludes\metabox\init.php:1048
WordPress Hooks 22
actionadmin_enqueue_scriptshoo-hreflang-tags.php:19
actionwp_headhoo-hreflang-tags.php:20
actionadmin_menuhoo-hreflang-tags.php:21
actionplugins_loadedhoo-hreflang-tags.php:22
actionadmin_inithoo-hreflang-tags.php:68
filterget_post_metadataincludes\metabox\helpers\cmb_Meta_Box_ajax.php:112
filterupdate_post_metadataincludes\metabox\helpers\cmb_Meta_Box_ajax.php:114
filtercmb_show_onincludes\metabox\init.php:171
actionadmin_enqueue_scriptsincludes\metabox\init.php:175
actionadmin_menuincludes\metabox\init.php:178
actionadd_attachmentincludes\metabox\init.php:179
actionedit_attachmentincludes\metabox\init.php:180
actionsave_postincludes\metabox\init.php:181
actionadmin_enqueue_scriptsincludes\metabox\init.php:182
actionadmin_headincludes\metabox\init.php:185
actionshow_user_profileincludes\metabox\init.php:200
actionedit_user_profileincludes\metabox\init.php:201
actionpersonal_options_updateincludes\metabox\init.php:203
actionedit_user_profile_updateincludes\metabox\init.php:204
actionadmin_headincludes\metabox\init.php:207
filtercmb_meta_boxesincludes\metabox\options.php:3
actioninitincludes\metabox\options.php:203
Maintenance & Trust

Hoo Hreflang Tags Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedNov 11, 2018
PHP min version5.3
Downloads2K

Community Trust

Rating70/100
Number of ratings2
Active installs100
Alternatives

Hoo Hreflang Tags Alternatives

No alternatives data available yet.

Developer Profile

Hoo Hreflang Tags Developer Profile

HooThemes

6 plugins · 560 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Hoo Hreflang Tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/hoo-hreflang-tags/assets/css/admin.css

HTML / DOM Fingerprints

HTML Comments
<!-- Hoo hreflang tags --><!-- / Hoo hreflang tags -->
FAQ

Frequently Asked Questions about Hoo Hreflang Tags