WP-Safety

Dynamic Open Graph Images – OpenGraph.xyz Security & Risk Analysis

wordpress.org/plugins/opengraph-xyz

Enhance your WordPress site with dynamic Open Graph images.

100 active installs v1.5.1 PHP 5.6+ WP 5.0+ Updated Mar 3, 2026
dynamic-og-imageimagesmeta-tagsog-imageopen-graph
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Dynamic Open Graph Images – OpenGraph.xyz Safe to Use in 2026?

Generally Safe

Score 100/100

Dynamic Open Graph Images – OpenGraph.xyz has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "opengraph-xyz" v1.5.1 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by properly escaping the vast majority of its outputs and avoiding dangerous functions or file operations. Its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase or a lack of past exploitable issues.

However, significant concerns arise from the static analysis. The plugin has a total of three AJAX entry points, all of which lack authentication checks. This creates a direct pathway for unauthenticated users to interact with sensitive plugin functionalities, potentially leading to unintended actions or information disclosure. Furthermore, while the taint analysis only found one flow with an unsanitized path, its presence, combined with the unprotected AJAX handlers, warrants careful investigation to ensure this path cannot be leveraged by an unauthenticated attacker. The presence of capability checks on these handlers is a positive sign, but their effectiveness is undermined by the complete absence of nonce checks on the AJAX actions themselves.

In conclusion, the plugin's lack of critical or high-severity vulnerabilities in its history is a strength. Nevertheless, the presence of unprotected AJAX handlers is a critical weakness that significantly elevates the risk profile. While the taint analysis did not flag critical issues, the opportunity for exploitation due to the unprotected entry points is substantial. The plugin needs immediate attention to address the authentication and nonce checks on its AJAX endpoints.

Key Concerns

  • Unprotected AJAX handlers
  • Flow with unsanitized path
  • SQL queries without prepared statements
  • Missing nonce checks on AJAX
Vulnerabilities
None known

Dynamic Open Graph Images – OpenGraph.xyz Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Dynamic Open Graph Images – OpenGraph.xyz Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
1 prepared
Unescaped Output
5
151 escaped
Nonce Checks
1
Capability Checks
3
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

33% prepared3 total queries

Output Escaping

97% escaped156 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
fetch_template_variables (src\Admin.php:449)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Dynamic Open Graph Images – OpenGraph.xyz Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_fetch_template_variablessrc\Admin.php:33
authwp_ajax_get_create_template_urlsrc\Admin.php:34
authwp_ajax_opengraph_fetch_termssrc\Admin.php:35
WordPress Hooks 32
actionadmin_menusrc\Admin.php:15
actionadmin_menusrc\Admin.php:16
actionadmin_headsrc\Admin.php:17
actionadmin_headsrc\Admin.php:18
actionadmin_initsrc\Admin.php:19
actionadd_meta_boxes_opengraph_templatesrc\Admin.php:22
actionsave_postsrc\Admin.php:23
filtermanage_opengraph_template_posts_columnssrc\Admin.php:26
actionmanage_opengraph_template_posts_custom_columnsrc\Admin.php:27
actionadmin_post_create_opengraph_templatesrc\Admin.php:30
actionadmin_headsrc\Admin.php:38
actionadmin_noticessrc\Admin.php:41
actionadmin_enqueue_scriptssrc\Admin.php:44
filteropengraph-xyz_dynamic_tags_textsrc\Dynamic_Tags.php:30
filteropengraph-xyz_dynamic_tags_urlsrc\Dynamic_Tags.php:31
actioninitsrc\Dynamic_Tags.php:32
actionplugins_loadedsrc\Plugin.php:51
actioninitsrc\Plugin.php:54
actionplugins_loadedsrc\Plugin.php:57
filterwpseo_opengraph_imagesrc\Renderer.php:25
filterwpseo_opengraph_image_widthsrc\Renderer.php:26
filterwpseo_opengraph_image_heightsrc\Renderer.php:27
filterwpseo_opengraph_image_typesrc\Renderer.php:28
filterrank_math/opengraph/facebook/imagesrc\Renderer.php:34
filterrank_math/opengraph/facebook/image_widthsrc\Renderer.php:35
filterrank_math/opengraph/facebook/image_heightsrc\Renderer.php:36
filterrank_math/opengraph/facebook/image_typesrc\Renderer.php:37
filterrank_math/opengraph/twitter/imagesrc\Renderer.php:38
filterrank_math/opengraph/twitter/image_widthsrc\Renderer.php:39
filterrank_math/opengraph/twitter/image_heightsrc\Renderer.php:40
filterrank_math/opengraph/twitter/image_typesrc\Renderer.php:41
actionwp_headsrc\Renderer.php:47
Maintenance & Trust

Dynamic Open Graph Images – OpenGraph.xyz Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 3, 2026
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Dynamic Open Graph Images – OpenGraph.xyz Alternatives

MyOG Social

MyOG Social

myog-social

A
100

Automatic Open Graph image generation for your WordPress posts and pages via MyOG.social.

0 No CVEs
Meta Tag Manager

Meta Tag Manager

meta-tag-manager

A
96

Easily add and manage custom meta tags to various parts of your site or on individual posts, such as Yahoo and Google verification tags.

70K 3 CVEs
Optimize Social Share

Optimize Social Share

heateor-open-graph-meta-tags

A
100

Optimizes social share by inserting Facebook Open Graph Meta Tags, General Meta Tags, Schema.org Meta Tags, Twitter Cards and Other Meta Tags in HTML …

3K No CVEs
Branded Social Images – Open Graph Images with logo and extra text layer

Branded Social Images – Open Graph Images with logo and extra text layer

branded-social-images

A
100

The simplest way to brand your social images. Provide all your social images (Open Graph images) with your brand en text. In just a few clicks.

1K 1 CVE
MightyShare – Auto-Generated Social Media Images

MightyShare – Auto-Generated Social Media Images

mightyshare

A
100

Automatically generate social share preview images with MightyShare!

200 No CVEs
Developer Profile

Dynamic Open Graph Images – OpenGraph.xyz Developer Profile

OpenGraph.xyz

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dynamic Open Graph Images – OpenGraph.xyz

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/opengraph-xyz/build/index.css/wp-content/plugins/opengraph-xyz/build/index.js
Script Paths
/wp-content/plugins/opengraph-xyz/build/index.js
Version Parameters
opengraph-xyz/build/index.css?ver=opengraph-xyz/build/index.js?ver=

HTML / DOM Fingerprints

CSS Classes
opengraph-xyz-template-editor-wrapperopengraph-xyz-template-editor-sidebaropengraph-xyz-template-editor-main-contentopengraph-xyz-template-editor-tools-panelopengraph-xyz-template-editor-canvasopengraph-xyz-template-editor-toolbaropengraph-xyz-template-editor-layers-panelopengraph-xyz-template-editor-properties-panel+2 more
HTML Comments
<!-- Element Properties --><!-- Tool Panel --><!-- Layers Panel --><!-- Variable List -->+3 more
Data Attributes
data-opengraph-xyz-editordata-template-iddata-element-typedata-property-name
JS Globals
opengraphXYZopengraphXYZEditoropengraphXYZAdmin
REST Endpoints
/wp-json/opengraph-xyz/v1/templates/wp-json/opengraph-xyz/v1/template/wp-json/opengraph-xyz/v1/settings/wp-json/opengraph-xyz/v1/terms
FAQ

Frequently Asked Questions about Dynamic Open Graph Images – OpenGraph.xyz