Does Logos Reftagger have any unpatched vulnerabilities?

No. All known vulnerabilities in Logos Reftagger have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Logos Reftagger compatible with WordPress 6.9.4?

According to WordPress.org data, Logos Reftagger 2.4.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Logos Reftagger compatible with PHP 7.0+?

Logos Reftagger requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Logos Reftagger updated?

Logos Reftagger was last updated on Dec 22, 2025. Frequent updates are generally a positive security signal.

What is Logos Reftagger's security score?

Logos Reftagger has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Logos Reftagger Security & Risk Analysis

wordpress.org/plugins/reftagger

Logos Reftagger turns Bible references into links to the verse on Biblia.com and adds tooltips with the text of the verse.

10K active installs v2.4.7 PHP 7.0+ WP 2.3+ Updated Dec 22, 2025

biblelogosreftaggerscriptureverse

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Logos Reftagger Safe to Use in 2026?

Generally Safe

Score 100/100

Logos Reftagger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The reftagger plugin v2.4.7 exhibits a generally strong security posture based on the provided static analysis. There is a notable lack of attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. The code also demonstrates good practices by using prepared statements for all SQL queries and including nonce and capability checks. Furthermore, the absence of known CVEs and a history of vulnerabilities suggests a well-maintained and secure codebase.

However, a significant concern arises from the low percentage of properly escaped output. With only 14% of outputs being correctly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This indicates that user-supplied data or dynamically generated content might be rendered directly into the browser without adequate sanitization, potentially allowing attackers to inject malicious scripts.

Despite the strengths in attack surface reduction and data handling, the high number of unescaped outputs presents a tangible risk. While the plugin has no recorded vulnerabilities to date, this doesn't negate the inherent risk posed by unescaped output, which is a common vector for XSS attacks. Therefore, while the overall security is promising, immediate attention should be paid to improving output sanitization to mitigate potential XSS exploits.

Key Concerns

Low output escaping rate

Vulnerabilities

None known

Logos Reftagger Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Logos Reftagger Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped7 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

reftagger_update_options (RefTagger.php:139)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Logos Reftagger Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionadmin_menuRefTagger.php:525

actionwp_footerRefTagger.php:531

Maintenance & Trust

Logos Reftagger Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 22, 2025

PHP min version7.0

Downloads132K

Community Trust

Rating96/100

Number of ratings15

Active installs10K

Alternatives

Logos Reftagger Alternatives

RefTagger Toggle

reftagger-toggle

Allows disabling Reftagger on a per-page/post basis.

10 No CVEs

BibleLink Multilingual

bible-link-multilingual

This lightweight plugin makes Bible references on your website interactive and supports multiple languages.

300 No CVEs

Truth

truth

Automatically links to Bible verses throughout your site.

90 No CVEs

Bible Reader

bible-reader

100

A beautiful Bible reader with a 'Verse of the Day' and a 'Hebrew date converter'.

10 No CVEs

Bible Verses References

bible-verses-references

This plugin fetches all the biblical references present in your posts and pages and adds the text of the verse in a floating window when the user hove …

10 No CVEs

Developer Profile

Logos Reftagger Developer Profile

logos

4 plugins · 10K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Logos Reftagger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

https://api.reftagger.com/v2/reftagger.jshttps://api.reftagger.com/v2/reftagger.es.js

HTML / DOM Fingerprints

JS Globals

refTagger

FAQ

Logos Reftagger Security & Risk Analysis

Is Logos Reftagger Safe to Use in 2026?

Generally Safe

Key Concerns

Logos Reftagger Security Vulnerabilities

Logos Reftagger Code Analysis

Output Escaping

Data Flow Analysis

Logos Reftagger Attack Surface

Logos Reftagger Maintenance & Trust

Maintenance Signals

Community Trust

Logos Reftagger Alternatives

RefTagger Toggle

BibleLink Multilingual

Truth

Bible Reader

Bible Verses References

Logos Reftagger Developer Profile

How We Detect Logos Reftagger

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Logos Reftagger