Does Schedule Tags have any unpatched vulnerabilities?

No. All known vulnerabilities in Schedule Tags have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Schedule Tags compatible with WordPress 5.4.19?

According to WordPress.org data, Schedule Tags 1.1 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is Schedule Tags compatible with PHP 5.4+?

Schedule Tags requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Schedule Tags updated?

Schedule Tags was last updated on Jun 4, 2020. Frequent updates are generally a positive security signal.

What is Schedule Tags's security score?

Schedule Tags has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Schedule Tags Security & Risk Analysis

wordpress.org/plugins/schedule-tags

Schedule tags allows site admin to set post tags for the given time frame. So that when a schedule set time frame comes the plugin automatically sets …

10 active installs v1.1 PHP 5.4+ WP 4.0+ Updated Jun 4, 2020

custom-tagsdynamic-tagsexpired-tagsfuture-tagsschedule-tags

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Schedule Tags Safe to Use in 2026?

Generally Safe

Score 85/100

Schedule Tags has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The Schedule-Tags plugin v1.1 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries, utilizing prepared statements exclusively, and has no known historical vulnerabilities. This suggests a mature development process and a commitment to secure coding. However, the static analysis reveals several areas for concern that impact its overall security. The presence of the `unserialize` function is a significant risk, as it can lead to Remote Code Execution if used with untrusted input. Furthermore, a concerningly low percentage (15%) of output escaping suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities, especially given the lack of specific checks for this in the provided data. The absence of nonce checks on its single cron event and lack of capability checks on all identified entry points (though limited) are also potential weaknesses that could be exploited. Despite the lack of historical CVEs, the identified code signals warrant attention to mitigate potential risks.

Key Concerns

Use of unserialize function
Low percentage of properly escaped output
No nonce checks on cron events
Limited capability checks on entry points

Vulnerabilities

None known

Schedule Tags Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Schedule Tags Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$m_value = unserialize($scheduledTag->meta_value);inc\wp-tags-schedule.php:255

SQL Query Safety

100% prepared1 total queries

Output Escaping

15% escaped26 total outputs

Attack Surface

Schedule Tags Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadd_meta_boxesinc\wp-tags-schedule.php:25

actionadmin_enqueue_scriptsinc\wp-tags-schedule.php:26

actionsave_postinc\wp-tags-schedule.php:27

actionadmin_menuinc\wp-tags-schedule.php:29

actionadmin_initinc\wp-tags-schedule.php:30

actioninitinc\wp-tags-schedule.php:32

actionwpts_tags_croninc\wp-tags-schedule.php:33

actionplugins_loadedschedule-tags.php:21

Scheduled Events 1

wpts_tags_cron

Maintenance & Trust

Schedule Tags Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedJun 4, 2020

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Schedule Tags Alternatives

Connect Polylang for Elementor

connect-polylang-elementor

100

Connect Polylang with Elementor: translated templates, language switcher widget, language visibility conditions and more

100K No CVEs

DynamicTags

dynamictags

Adds some useful dynamic-tags for elementor. Requires Elementor > 3.1

2K 1 CVE

MB Elementor Integration

mb-elementor-integrator

100

Integrates Meta Box's custom fields with Elementor page builder via dynamic tags.

2K No CVEs

Dynamic Elementor ACF Repeater

dynamic-elementor-acf-repeater

100

Allows ACF repeater field values to be rendered in Elementor loop items and loop grids via Dynamic Tags.

800 No CVEs

Repeaterly

repeaterly

100

Unlock ACF Repeater Fields, Relationship Fields, Dynamic Tags & ACF Repeater Loop Builder for Elementor

300 No CVEs

Developer Profile

Schedule Tags Developer Profile

ZetaMatic

5 plugins · 7K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Schedule Tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/schedule-tags/assets/js/tag-scheduler.js

Version Parameters

wpst-main?ver=1.0.0

HTML / DOM Fingerprints

CSS Classes

tags-scheduler-datastartDateendDatetags-scheduler-remove-row

Data Attributes

data-name

FAQ