Does OG Tags have any unpatched vulnerabilities?

No. All known vulnerabilities in OG Tags have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OG Tags compatible with WordPress 5.8.13?

According to WordPress.org data, OG Tags 2.0.2 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

How often is OG Tags updated?

OG Tags was last updated on Sep 6, 2025. Frequent updates are generally a positive security signal.

What is OG Tags's security score?

OG Tags has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OG Tags Security & Risk Analysis

wordpress.org/plugins/og-tags

OG Tags includes the tags necessary to integrate your website to Facebook with almost no configuration. Automatic. Simple.

2K active installs v2.0.2 PHP + WP 3.5+ Updated Sep 6, 2025

facebookopen-graphsocialsocial-pluginstags

A · Safe

CVEs total1

Unpatched0

Last CVESep 28, 2021

Plugin page Download

Safety Verdict

Is OG Tags Safe to Use in 2026?

Generally Safe

Score 99/100

OG Tags has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 28, 2021Updated 6mo ago

Risk Assessment

The "og-tags" v2.0.2 plugin demonstrates some good security practices, notably the absence of a large attack surface and the exclusive use of prepared statements for SQL queries. There are no identified critical or high severity vulnerabilities in the current version based on the static analysis. However, there are areas of concern that prevent a completely secure assessment.

The static analysis indicates that while there are no direct entry points like AJAX handlers, REST API routes, or shortcodes without authentication checks, there's a significant portion of output (48%) that is not properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is outputted without sufficient sanitization. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, still represent potential security weaknesses that could be exploited.

The plugin's vulnerability history shows one past high severity vulnerability, a Cross-Site Request Forgery (CSRF), reported in 2021. While this vulnerability is not currently unpatched, its existence suggests a history of security issues that developers should remain vigilant about. The lack of capability checks and only one nonce check across the codebase also represent potential gaps. Overall, while the plugin has a small attack surface and uses prepared statements, the significant unescaped output and the past high-severity vulnerability warrant caution, and further investigation into the unsanitized paths is recommended.

Key Concerns

Significant unescaped output (48%)
Taint analysis shows unsanitized paths
Past high severity vulnerability (CSRF)
Lack of capability checks
Limited nonce checks

Vulnerabilities

OG Tags Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2021-20831high · 8.8Cross-Site Request Forgery (CSRF)

OG Tags <= 2.0.1 - Cross-Site Request Forgery

Sep 28, 2021 Patched in 2.0.2 (847d)

Code Analysis

Analyzed Mar 16, 2026

OG Tags Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

52% escaped31 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

insert_site_tags (modules\front\class-og-tags-front.php:206)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

OG Tags Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_menumodules\dashboard\class-og-tags-dashboard.php:59

actionadmin_enqueue_scriptsmodules\dashboard\class-og-tags-dashboard.php:60

actionwp_headmodules\front\class-og-tags-front.php:68

actionplugins_loadedog-tags.php:140

Maintenance & Trust

OG Tags Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedSep 6, 2025

PHP min version

Downloads59K

Community Trust

Rating100/100

Number of ratings2

Active installs2K

Alternatives

OG Tags Alternatives

Schwarttzy's Open Graph

schwarttzys-open-graph

100

Adds Open Graph meta tags to WordPress posts, pages, and the front page to enhance social media sharing.

10 No CVEs

Open Graph and Twitter Card Tags

wonderm00ns-simple-facebook-open-graph-tags

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K 2 CVEs

OG — Better Share on Social Media

100

The simple method to add Open Graph metadata to your entries so that they look great when shared on sites.

30K No CVEs

Open Graphite

open-graphite

100

Control how your content is viewed when shared on social media.

4K 1 CVE

Optimize Social Share

heateor-open-graph-meta-tags

100

Optimizes social share by inserting Facebook Open Graph Meta Tags, General Meta Tags, Schema.org Meta Tags, Twitter Cards and Other Meta Tags in HTML …

3K No CVEs

Developer Profile

OG Tags Developer Profile

Mário Valney

7 plugins · 34K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

847 days

View full developer profile

Detection Fingerprints

How We Detect OG Tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/og-tags/assets/css/og-tags-public.css/wp-content/plugins/og-tags/assets/js/og-tags-public.js

Script Paths

/wp-content/plugins/og-tags/assets/js/og-tags-public.js

Version Parameters

og-tags/assets/css/og-tags-public.css?ver=og-tags/assets/js/og-tags-public.js?ver=

HTML / DOM Fingerprints

FAQ