Does New Tab Always have any unpatched vulnerabilities?

No. All known vulnerabilities in New Tab Always have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is New Tab Always compatible with WordPress 4.6.30?

According to WordPress.org data, New Tab Always 0.5 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is New Tab Always updated?

New Tab Always was last updated on Oct 28, 2016. Frequent updates are generally a positive security signal.

What is New Tab Always's security score?

New Tab Always has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

New Tab Always Security & Risk Analysis

wordpress.org/plugins/new-tab-always

Always open links in a new tab.

10 active installs v0.5 PHP + WP 1.5+ Updated Oct 28, 2016

adminlink

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is New Tab Always Safe to Use in 2026?

Generally Safe

Score 85/100

New Tab Always has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "new-tab-always" plugin v0.5 exhibits a strong security posture based on the provided static analysis. There are no identified entry points such as AJAX handlers, REST API routes, or shortcodes that are exposed without authentication or permission checks. The code also demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and ensuring 100% of outputs are properly escaped. Furthermore, the absence of file operations and external HTTP requests reduces potential attack vectors.

Concerns arise from the complete lack of any security checks observed in the code signals. Specifically, there are zero nonce checks and zero capability checks. While the attack surface is currently zero, this indicates that if any new functionality were to be added that introduces an entry point, it would likely be implemented without essential security measures. The taint analysis showing zero unsanitized paths is positive, but this is in conjunction with zero flows analyzed, suggesting a lack of comprehensive testing for potential vulnerabilities.

The vulnerability history is entirely clean, with no recorded CVEs. This suggests either a lack of past vulnerabilities or a history of prompt patching, both of which are positive indicators. However, combined with the lack of robust security implementations in the code, it's difficult to definitively conclude the plugin's long-term security resilience. In conclusion, while the current version of "new-tab-always" appears secure due to its minimal attack surface and lack of known vulnerabilities, the absence of fundamental security checks like nonces and capability checks presents a significant risk for future development and introduces a latent weakness.

Key Concerns

No nonce checks implemented
No capability checks implemented
Zero taint flows analyzed

Vulnerabilities

None known

New Tab Always Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

New Tab Always Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

New Tab Always Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_headnew-tab-always.php:30

Maintenance & Trust

New Tab Always Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedOct 28, 2016

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

New Tab Always Alternatives

Automatic Domain Changer

automatic-domain-changer

100

Automatically detects a domain name change, and updates all the WordPress tables in the database to reflect this change.

10K 1 CVE

Custom Meta Widget

custom-meta-widget

Clone of the standard Meta widget plus options to hide log in/out, admin, feed and WordPress.org/custom links.

8K No CVEs

Root Relative URLs

root-relative-urls

Converts all URLs to root-relative URLs for hosting the same site on multiple IPs, easier production migration and better mobile device testing.

6K No CVEs

Admin Slug Column

admin-slug-column

100

Adds a URL path column to all admin post type edit screens. Works with posts, pages, and any custom post type including WooCommerce products.

5K No CVEs

Admin Collapse Subpages

admin-collapse-subpages

Using this plugin one can easily collapse/expand pages with children and grand children.

4K No CVEs

Developer Profile

New Tab Always Developer Profile

Jake Spurlock

8 plugins · 180 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect New Tab Always

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/new-tab-always/new-tab-always.php

HTML / DOM Fingerprints

HTML Comments

This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License, version 2, as
    published by the Free Software Foundation.

This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

JS Globals

jQuery

FAQ