WP-Safety

Meta Tag Manager Security & Risk Analysis

wordpress.org/plugins/meta-tag-manager

Easily add and manage custom meta tags to various parts of your site or on individual posts, such as Yahoo and Google verification tags.

70K active installs v3.3 PHP + WP 3.6+ Updated Dec 3, 2025
metameta-tagsopen-graphseotags
96
A · Safe
CVEs total3
Unpatched0
Last CVEOct 1, 2025
Plugin page Download
Safety Verdict

Is Meta Tag Manager Safe to Use in 2026?

Generally Safe

Score 96/100

Meta Tag Manager has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Oct 1, 2025Updated 5mo ago
Risk Assessment

The 'meta-tag-manager' plugin v3.3 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns exist regarding its attack surface and past vulnerability history. The plugin has 4 AJAX handlers, with a concerning 3 of them lacking authentication checks, creating a substantial entry point for potential attackers. Furthermore, the presence of the `unserialize` function, a known dangerous function, without explicit context on its usage within the provided data, raises flags for potential deserialization vulnerabilities. The vulnerability history reveals a pattern of past security issues, including medium severity vulnerabilities such as Open Redirect and Missing Authorization, and historically, Deserialization of Untrusted Data. Although there are currently no unpatched CVEs, the recurrence of these vulnerability types suggests potential lingering weaknesses or a tendency to introduce such flaws. The plugin shows strengths in its database query security and output handling, but the unprotected AJAX endpoints and historical vulnerability trends necessitate caution.

Key Concerns

  • 3 unprotected AJAX handlers
  • Presence of unserialize function
  • 2 medium severity CVEs in history
  • History of Open Redirect
  • History of Missing Authorization
  • History of Deserialization of Untrusted Data
Vulnerabilities
3 published

Meta Tag Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-5983medium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Meta Tag Manager <= 3.2 - Open Redirect

Oct 1, 2025 Patched in 3.3 (29d)
CVE-2025-22260medium · 4.3Missing Authorization

Meta Tag Manager <= 3.1 - Missing Authorization

Jan 31, 2025 Patched in 3.2 (26d)
CVE-2024-1770high · 8.8Deserialization of Untrusted Data

Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

Mar 27, 2024 Patched in 3.1 (1d)
Version History

Meta Tag Manager Release Timeline

v3.3Current
v3.21 CVE
CVE-2025-5983
v3.12 CVEs
CVE-2025-5983 CVE-2025-22260
v3.0.23 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v3.03 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.33 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.23 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.1.33 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.1.23 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.1.13 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.13 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.0.23 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.0.13 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v2.03 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v1.23 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v1.13 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v1.03 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v0.53 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v0.43 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
v0.33 CVEs
CVE-2025-5983 CVE-2025-22260 CVE-2024-1770
Code Analysis
Analyzed Mar 16, 2026

Meta Tag Manager Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
77
208 escaped
Nonce Checks
4
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$meta_tag_data = @unserialize( trim( $meta_tag_data ), array('allowed_classes' => array()) );meta-tag-manager.php:136

Output Escaping

73% escaped285 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
<mtm-admin-settings> (admin\mtm-admin-settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Meta Tag Manager Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_mtm-admin-popup-modaladmin\admin-modals.php:11
authwp_ajax_mtm_dismiss_admin_noticeadmin\notices\admin-notices.php:20
authwp_ajax_mtm_dismiss_network_admin_noticeadmin\notices\admin-notices.php:24
authwp_ajax_mtm_get_logo_urlmeta-tag-manager-admin.php:47
WordPress Hooks 27
filteradmin_enqueue_scriptsadmin\admin-modals.php:10
filtermtm_admin_notice_review-nudge_messageadmin\admin-modals.php:12
filtermtm_admin_notice_promo-popup_messageadmin\admin-modals.php:14
filtermtm_admin_notice_expired-reminder_messageadmin\admin-modals.php:16
filtermtm_admin_notice_expiry-reminder_messageadmin\admin-modals.php:17
filteradmin_footeradmin\admin-modals.php:41
filteradmin_footeradmin\admin-modals.php:74
actionadmin_noticesadmin\notices\admin-notices.php:19
actionadmin_noticesadmin\notices\admin-notices.php:22
actionnetwork_admin_noticesadmin\notices\admin-notices.php:23
actionadmin_footeradmin\notices\admin-notices.php:159
filterwp_redirectadmin\notices\notices.php:30
actionplugins_loadedadmin\notices\notices.php:272
filtermtm_head_meta_tagsclasses\open-graph.php:10
actionmtm_headclasses\schema.php:11
filtermtm_head_meta_tagsclasses\verify-sites.php:10
actionadmin_menumeta-tag-manager-admin.php:31
actionadd_meta_boxesmeta-tag-manager-admin.php:37
filterwp_insert_post_datameta-tag-manager-admin.php:39
actionattachment_updatedmeta-tag-manager-admin.php:41
actionadd_attachmentmeta-tag-manager-admin.php:42
actionadmin_initmeta-tag-manager-admin.php:44
actionadmin_enqueue_scriptsmeta-tag-manager-admin.php:90
actioninitmeta-tag-manager-admin.php:211
actionplugins_loadedmeta-tag-manager-admin.php:212
actionwp_headmeta-tag-manager.php:40
actionplugins_loadedmeta-tag-manager.php:205
Maintenance & Trust

Meta Tag Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version
Downloads1.1M

Community Trust

Rating96/100
Number of ratings80
Active installs70K
Alternatives

Meta Tag Manager Alternatives

Loyae

Loyae

loyae

A
100

AI-generated HTML metadata and alt text in bulk for SEO; automatically inserts into select pages.

10 No CVEs
SEO that Matters

SEO that Matters

seo-that-matters

A
85

A lightweight plugin to make your site more SEO (and Social Media) Friendly in a non-intrusive way.

10 No CVEs
Atikin SEO

Atikin SEO

atikin-seo

A
100

Atikin SEO automatically optimizes your WordPress website with meta tags, sitemaps, and more. Lightweight, fast, and privacy-friendly.

0 No CVEs
BytNexo SEO Manager

BytNexo SEO Manager

bytnexo-seo-manager

A
100

Lightweight WordPress SEO plugin with meta tags, Open Graph, Twitter Cards, and Schema markup. Optimized for performance and Classic Editor.

0 No CVEs
CSPG Basic SEO Helper

CSPG Basic SEO Helper

cspg-basic-seo-helper

A
100

Lightweight SEO helper adding Open Graph, Twitter Cards, Schema.org markup, meta templates, and XML sitemaps.

0 No CVEs
Developer Profile

Meta Tag Manager Developer Profile

Marcus (aka @msykes)

13 plugins · 176K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
1423 days
View full developer profile
Detection Fingerprints

How We Detect Meta Tag Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/meta-tag-manager/mtm-tag.php/wp-content/plugins/meta-tag-manager/classes/schema.php/wp-content/plugins/meta-tag-manager/classes/open-graph.php/wp-content/plugins/meta-tag-manager/classes/verify-sites.php/wp-content/plugins/meta-tag-manager/admin/mtm-builder.php
Version Parameters
meta-tag-manager/mtm-tag.php?ver=meta-tag-manager/classes/schema.php?ver=meta-tag-manager/classes/open-graph.php?ver=meta-tag-manager/classes/verify-sites.php?ver=meta-tag-manager/admin/mtm-builder.php?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Meta Tag Manager --><!-- / Meta Tag Manager -->
FAQ

Frequently Asked Questions about Meta Tag Manager