Does Mass Delete Unused Tags have any unpatched vulnerabilities?

No. All known vulnerabilities in Mass Delete Unused Tags have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Mass Delete Unused Tags compatible with WordPress 6.1.10?

According to WordPress.org data, Mass Delete Unused Tags 3.1.0 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

How often is Mass Delete Unused Tags updated?

Mass Delete Unused Tags was last updated on Mar 16, 2023. Frequent updates are generally a positive security signal.

What is Mass Delete Unused Tags's security score?

Mass Delete Unused Tags has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Mass Delete Unused Tags Security & Risk Analysis

wordpress.org/plugins/mass-delete-unused-tags

Deletes all unused tags, handy tool if you want to start over with a quick clean blog.

900 active installs v3.1.0 PHP + WP 2.3+ Updated Mar 16, 2023

admincleandeletemasstags

A · Safe

CVEs total1

Unpatched0

Last CVEMar 10, 2023

Plugin page Download

Safety Verdict

Is Mass Delete Unused Tags Safe to Use in 2026?

Generally Safe

Score 85/100

Mass Delete Unused Tags has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 10, 2023Updated 3yr ago

Risk Assessment

The 'mass-delete-unused-tags' plugin v3.1.0 exhibits a generally strong security posture with no identified critical or high-severity vulnerabilities in the static analysis and taint analysis. The absence of dangerous functions, file operations, and external HTTP requests, along with the use of prepared statements for all SQL queries, are significant strengths. The presence of a nonce check is also a positive indicator. However, the fact that 100% of output is not properly escaped presents a notable concern, potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities, especially if the plugin's output is ever rendered in a user-facing context without further sanitization.

The vulnerability history shows a single medium-severity CVE related to Cross-Site Request Forgery (CSRF) that is now patched. While this is reassuring, it highlights a past area of weakness. The lack of any explicit capability checks on entry points (even though there are no identified entry points in the static analysis) is a potential area for improvement. Overall, the plugin is not introducing new critical vulnerabilities based on the provided analysis, but the unescaped output warrants attention for a more robust security implementation.

Key Concerns

Output not properly escaped
Missing capability checks

Vulnerabilities

Mass Delete Unused Tags Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-27430medium · 5.4Cross-Site Request Forgery (CSRF)

Mass Delete Unused Tags <= 2.0.0 - Cross-Site Request Forgery via plugin_mass_delete_unused_tags_init

Mar 10, 2023 Patched in 3.0.0 (319d)

Code Analysis

Analyzed Mar 16, 2026

Mass Delete Unused Tags Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

0% escaped7 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

plugin_mass_delete_unused_tags_init (plugin_mass_delete_unused_tags.php:11)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Mass Delete Unused Tags Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menuplugin_mass_delete_unused_tags.php:112

Maintenance & Trust

Mass Delete Unused Tags Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedMar 16, 2023

PHP min version

Downloads26K

Community Trust

Rating100/100

Number of ratings7

Active installs900

Alternatives

Mass Delete Unused Tags Alternatives

Auto Prune Posts

auto-prune-posts

Auto deletes expires (prunes) posts after a certain amount of time. On a per category basis (single category, or all at once.

1K 3 CVEs

WP Bulk Delete

wp-bulk-delete

Delete posts, pages, comments, users, taxonomy terms and meta fields in bulk with different powerful filters and conditions.

100K 2 CVEs

Conditional Menus

conditional-menus

100

This plugin enables you to set conditional menus per posts, pages, categories, archive pages, etc.

60K 1 CVE

Optimize Database after Deleting Revisions

rvg-optimize-database

One-click database optimization with precise revision cleanup and flexible scheduling. Speeding up sites since 2011!

60K 3 CVEs

Bulk Delete

bulk-delete

100

Bulk delete posts, pages, users, attachments, and meta fields based on complex bulk conditions & filters.

30K 1 CVE

Developer Profile

Mass Delete Unused Tags Developer Profile

ramon fincken

12 plugins · 5K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

249 days

View full developer profile

Detection Fingerprints

How We Detect Mass Delete Unused Tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ