Does Product Tagger have any unpatched vulnerabilities?

No. All known vulnerabilities in Product Tagger have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Product Tagger compatible with WordPress 4.9.29?

According to WordPress.org data, Product Tagger 1.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Product Tagger updated?

Product Tagger was last updated on May 15, 2019. Frequent updates are generally a positive security signal.

What is Product Tagger's security score?

Product Tagger has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Product Tagger Security & Risk Analysis

wordpress.org/plugins/product-tagger

With this Plugin you can show all your wanted Products in the Sidebar with a Widget. To define the right Product use the Product-Tag like [woo_product …

10 active installs v1.2 PHP + WP 3.0.1+ Updated May 15, 2019

listproductsupsellwidgetwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Product Tagger Safe to Use in 2026?

Generally Safe

Score 85/100

Product Tagger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "product-tagger" v1.2 plugin exhibits a generally good security posture, with no critical or high-severity vulnerabilities identified in its static analysis or vulnerability history. The absence of dangerous functions, external HTTP requests, and file operations is a positive indicator. Furthermore, all SQL queries are properly prepared, and there are no recorded CVEs, suggesting diligent security practices during development and maintenance.

However, there are areas for improvement. The plugin has an unprotected shortcode, which represents a potential entry point for attackers if not handled carefully within the shortcode's logic. The static analysis also revealed that only 25% of output is properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly to the browser without sufficient sanitization. The lack of nonce and capability checks on the identified entry points, while not explicitly flagged as a critical issue due to the low overall attack surface, means that these entry points are not robustly protected against unauthorized access or abuse.

In conclusion, "product-tagger" v1.2 is a relatively secure plugin due to its lack of known severe vulnerabilities and good practices in SQL handling. The primary concerns lie in the unprotected shortcode and the unescaped output, which present potential XSS risks. Addressing these would significantly enhance the plugin's security.

Key Concerns

Unprotected shortcode entry point
Low output escaping (25% proper)
Missing nonce check on entry points
Missing capability check on entry points

Vulnerabilities

None known

Product Tagger Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Product Tagger Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped4 total outputs

Attack Surface

Product Tagger Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[woo_products_by_tags] product-tagger.php:105

Maintenance & Trust

Product Tagger Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedMay 15, 2019

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Product Tagger Alternatives

WCBoost – Wishlist

wcboost-wishlist

100

WCBoost - Wishlist lets shoppers create wishlists for later purchases, reminding them of desired items, driving repeat visits and boost sales.

30K No CVEs

Iks Menu – WordPress Category Accordion Menu & FAQs

iks-menu

100

Super customizable WordPress plugin for displaying custom menus, taxonomy/category terms and FAQs as accordion menu (with images support).

10K No CVEs

WooCommerce Grid / List toggle

woocommerce-grid-list-toggle

Adds a grid/list view toggle to product archives

10K No CVEs

UpsellWP – WooCommerce Upsell and Related Products Offers

checkout-upsell-and-order-bumps

Best WooCommerce Upsell plugin to create checkout upsells, cross-sells, order bumps and frequently bought together bundles to increase AOV.

5K 1 unpatched

Widgets for WooCommerce Products on Elementor

woo-products-widgets-for-elementor

Woo Products widget is a plugin that allows adding WooCommerce Products and Categories into stylish grid and listing layouts to the pages built with E …

3K 1 unpatched

Developer Profile

Product Tagger Developer Profile

Eric-Oliver Mächler

11 plugins · 5K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Product Tagger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

products2vorschaubild

HTML Comments

List WooCommerce Products by tagsex: [woo_products_by_tags tags="shoes,socks"]Get attribuetsDefine Query Arguments+4 more

Data Attributes

data-id

Shortcode Output

[woo_products_by_tags tags=

FAQ