Does IAF HEADERTAGS have any unpatched vulnerabilities?

No. All known vulnerabilities in IAF HEADERTAGS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IAF HEADERTAGS compatible with WordPress 5.7.15?

According to WordPress.org data, IAF HEADERTAGS 1.1 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is IAF HEADERTAGS updated?

IAF HEADERTAGS was last updated on Jul 13, 2021. Frequent updates are generally a positive security signal.

What is IAF HEADERTAGS's security score?

IAF HEADERTAGS has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IAF HEADERTAGS Security & Risk Analysis

wordpress.org/plugins/iaf-headertags

Add meta description and meta keywords to your platform

0 active installs v1.1 PHP + WP 5.0+ Updated Jul 13, 2021

descriptionheaderkeyworksseotag

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is IAF HEADERTAGS Safe to Use in 2026?

Generally Safe

Score 85/100

IAF HEADERTAGS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The iaf-headertags v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerabilities or known CVEs. This suggests a generally careful development approach regarding database interactions and a history of responsible security.

However, significant concerns arise from the static analysis. The presence of one unprotected AJAX handler presents a clear attack vector. This handler is an entry point into the plugin's functionality that is not protected by any authentication or authorization checks, making it vulnerable to exploitation by unauthenticated users. Furthermore, the plugin fails to implement any nonce checks, which are crucial for preventing Cross-Site Request Forgery (CSRF) attacks, especially on AJAX endpoints.

The plugin also shows a weakness in output escaping, with only 50% of outputs being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not sanitized before being displayed. While there are no critical taint flows identified, the combination of an unprotected AJAX handler and insufficient output escaping creates a tangible risk of XSS and unauthorized actions. The lack of capability checks on its entry points further exacerbates these risks.

Key Concerns

Unprotected AJAX handler
Missing nonce checks
Insufficient output escaping (50%)
Missing capability checks

Vulnerabilities

None known

IAF HEADERTAGS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

IAF HEADERTAGS Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped14 total outputs

Attack Surface

1 unprotected

IAF HEADERTAGS Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_iaf_headertags_save_optionsiaf-headertags.php:37

WordPress Hooks 6

actionadmin_enqueue_scriptsiaf-headertags.php:34

actionwp_headiaf-headertags.php:35

actionadmin_menuiaf-headertags.php:36

actionadd_meta_boxesiaf-headertags.php:38

actionsave_postiaf-headertags.php:39

actionplugins_loadediaf-headertags.php:40

Maintenance & Trust

IAF HEADERTAGS Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJul 13, 2021

PHP min version

Downloads892

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

IAF HEADERTAGS Alternatives

Simple SEO Meta

simple-seo-metadata

Edit meta description, meta keywords and title for each page, post, post type.

0 No CVEs

Simple Meta Tags

simple-meta-tags

Allows you to set global meta tags and customize on each individual page/post. Please Note: Does not support custom post types

800 1 unpatched

Meta Tags Generator

meta-tags-generator

Automatic generate meta tags. Let your WordPress site optimize with Search engine & Social sharing.

100 No CVEs

Bulk Meta Tags Updater

bulk-meta-tags-updater

100

Efficiently update meta titles and descriptions in bulk for WordPress posts and pages.

40 No CVEs

AutoDescriptor – Automatic Meta Description Generator

autodescriptor

100

Meta description generator and manager for posts and pages, working automatically and in bulk.

20 No CVEs

Developer Profile

IAF HEADERTAGS Developer Profile

Fotso Fonkam

4 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IAF HEADERTAGS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/iaf-headertags/assets/css/admin-style.css/wp-content/plugins/iaf-headertags/assets/js/admin-script.js

Script Paths

/wp-content/plugins/iaf-headertags/assets/js/admin-script.js

Version Parameters

iaf-headertags/assets/css/admin-style.css?ver=iaf-headertags/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

iaf-headertags-boxiaf-headertags-rowiaf-headertags-inner-rowiaf-headertags-colleft-coliaf-headertags-titleright-col

Data Attributes

id="iaf-headertags-description"id="iaf-headertags-keywords"

JS Globals

iaf_headertags_obj

FAQ