Matt’s Community Tags Security & Risk Analysis
wordpress.org/plugins/matts-community-tagsAllow a moderated community to assist in tagging primarily photographic content, image attachments and such.
Is Matt’s Community Tags Safe to Use in 2026?
Generally Safe
Score 85/100Matt’s Community Tags has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'matts-community-tags' v0.4 plugin exhibits a mixed security posture. On one hand, the absence of known CVEs and a clean vulnerability history is a positive indicator. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries and avoiding file operations or external HTTP requests. However, the static analysis reveals significant concerns, particularly the presence of the 'unserialize' function, which is a known attack vector if used with untrusted input. While taint analysis did not identify critical or high severity issues in the limited flows analyzed, the presence of one unsanitized flow warrants caution. Furthermore, the low percentage of properly escaped output (11%) suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data might be reflected in the output without adequate sanitization.
Key Concerns
- Presence of 'unserialize' function
- Low percentage of output escaping
- Unsanitized flow in taint analysis
- No nonce checks on entry points
Matt’s Community Tags Security Vulnerabilities
Matt’s Community Tags Release Timeline
Matt’s Community Tags Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Matt’s Community Tags Attack Surface
WordPress Hooks 7
Maintenance & Trust
Matt’s Community Tags Maintenance & Trust
Maintenance Signals
Community Trust
Matt’s Community Tags Alternatives
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
instagram-feed
Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.
WPZOOM Social Feed Widget & Block
instagram-widget-by-wpzoom
Instagram feed plugin for WordPress: Display your Instagram photos, videos & reels. Easy setup with Gutenberg block, widget, shortcode & Elementor
Easy Social Feed – Social Photos Gallery and Post Feed for WordPress
easy-facebook-likebox
Display Instagram, Facebook & YouTube feeds with photos, videos, reels, events & galleries. Fast, responsive & easy to set up.
Advanced Image Styles
advanced-image-styles
Adjust an image's margins and border with ease in the Visual editor.
Widgets for Social Photo Feed
social-photo-feed-widget
Instagram Feed Widgets. Display your Instagram feed on your website to increase engagement, sales and SEO.
Matt’s Community Tags Developer Profile
415 plugins · 21.0M total installs
How We Detect Matt’s Community Tags
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/matts-community-tags/suggest.css/wp-content/plugins/matts-community-tags/suggest.jsHTML / DOM Fingerprints
mct-postmct-im<!-- -->id="tagthis"id="tagthisform"id="mct_people"name="mct_people"id="post_id"name="post_id"+2 morevar $j = jQuery.noConflict();var mct_peoplefunction mct_process_form()function mct_process_form()function mct_process_form()/index.php?addtag=go/index.php?suggesttag=go<p>Recognize someone in this photo? Tag them.</p><form action="/index.php?addtag=go" method="post" id="tagthisform"><p>Separate multiple people with commas, example: Elvis Presley, Britney Spears.</p><p><input type="text" id="mct_people" name="mct_people" size="30" /> <input type="hidden" value="