Does hreflang Flag have any unpatched vulnerabilities?

No. All known vulnerabilities in hreflang Flag have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is hreflang Flag compatible with WordPress 3.0.5?

According to WordPress.org data, hreflang Flag 1.2 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is hreflang Flag updated?

hreflang Flag was last updated on Oct 29, 2010. Frequent updates are generally a positive security signal.

What is hreflang Flag's security score?

hreflang Flag has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

hreflang Flag Security & Risk Analysis

wordpress.org/plugins/hreflang-flag

Add a flag icon to link corresponding to the hreflang attribute.

10 active installs v1.2 PHP + WP 2.7+ Updated Oct 29, 2010

cssflagflagshreflanglang

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is hreflang Flag Safe to Use in 2026?

Generally Safe

Score 85/100

hreflang Flag has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "hreflang-flag" v1.2 plugin exhibits a strong security posture based on the provided static analysis. The plugin has no identifiable entry points like AJAX handlers, REST API routes, or shortcodes, significantly minimizing its attack surface. Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, which are common sources of vulnerabilities.

However, a significant concern arises from the complete lack of output escaping across all 24 detected output points. This represents a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is directly reflected in the output without proper sanitization. While the plugin has no recorded vulnerability history, the absence of security checks (nonces and capability checks) alongside the unescaped output means that any potential vulnerability would be entirely unprotected.

In conclusion, the "hreflang-flag" plugin benefits from a very small attack surface and secure data handling for database operations. The critical flaw lies in its output sanitization, leaving it highly susceptible to XSS attacks. The lack of any recorded vulnerabilities might be due to its limited functionality or previous low exposure, but the current analysis reveals a significant, unaddressed risk.

Key Concerns

100% of outputs are unescaped
No capability checks
No nonce checks

Vulnerabilities

None known

hreflang Flag Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

hreflang Flag Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped24 total outputs

Attack Surface

hreflang Flag Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menuhreflang-flag-admin.inc.php:241

actionadmin_inithreflang-flag-admin.inc.php:242

actionwp_print_styleshreflang-flag-public.inc.php:47

actioninithreflang-flag.php:39

Maintenance & Trust

hreflang Flag Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedOct 29, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

hreflang Flag Alternatives

Flag Icons

language-icons-flags-switcher

Flags Icons Language Switcher.

4K 1 unpatched

Language Switcher for Transposh

language-switcher-for-transposh

A professional, highly customizable language switcher for Transposh. Requires Transposh Translation Filter plugin to be installed.

1K 1 CVE

Stella Flags Widget

stella-flags

100

Plugin creates language selector widget with country flags for the Stella plugin.

20 No CVEs

No Function Language Widget

no-function-language-widget

With this you can bridge the gap between multiple translation plugins. It is a no function language widget with multiple options.

10 No CVEs

International Telephone Input for Contact Form 7

international-telephone-input-for-contact-form-7

Addon for Contact Form 7 that creates a new type of input for entering and validating international telephone numbers. It adds a flag dropdown, detect …

9K No CVEs

Developer Profile

hreflang Flag Developer Profile

julienvdg

2 plugins · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect hreflang Flag

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hreflang-flag/css/hreflang-flag.css/wp-content/plugins/hreflang-flag/js/hreflang-flag.js

Script Paths

/wp-content/plugins/hreflang-flag/js/hreflang-flag.js

Version Parameters

hreflang-flag/css/hreflang-flag.css?ver=hreflang-flag/js/hreflang-flag.js?ver=

HTML / DOM Fingerprints

CSS Classes

hreflang-flag-icon

HTML Comments

JS Globals

hreflang_flag_params

FAQ