Does Secondary Title have any unpatched vulnerabilities?

No. All known vulnerabilities in Secondary Title have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Secondary Title compatible with WordPress 6.7.5?

According to WordPress.org data, Secondary Title 2.2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Secondary Title compatible with PHP 7.4+?

Secondary Title requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Secondary Title updated?

Secondary Title was last updated on Jan 9, 2025. Frequent updates are generally a positive security signal.

What is Secondary Title's security score?

Secondary Title has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Secondary Title Security & Risk Analysis

wordpress.org/plugins/secondary-title

Secondary Title is a simple, lightweight plugin that allows you to easily add an alternative title to posts, pages, and/or custom post types.

8K active installs v2.2.0 PHP 7.4+ WP 4.0+ Updated Jan 9, 2025

headingsecondary-titlesubheadingtitle

A · Safe

CVEs total1

Unpatched0

Last CVEJul 5, 2023

Plugin page Download

Safety Verdict

Is Secondary Title Safe to Use in 2026?

Generally Safe

Score 92/100

Secondary Title has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 5, 2023Updated 1yr ago

Risk Assessment

The "secondary-title" plugin version 2.2.0 exhibits a mixed security posture. While it demonstrates good practices in areas like avoiding dangerous functions, raw SQL queries, and file operations, and has a history of resolved vulnerabilities, there are significant concerns regarding output escaping and the presence of unsanitized taint flows. The low percentage of properly escaped output (21%) is a major red flag, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The two identified unsanitized paths in the taint analysis, even without critical or high severity, suggest potential avenues for malicious input to be processed without adequate cleaning. The plugin's past vulnerability history, including a medium severity XSS, reinforces the concern about output handling. Although no unpatched vulnerabilities currently exist and critical/high severity taint flows are absent, the potential for XSS due to poor output escaping and the identified taint flows necessitate careful consideration.

Key Concerns

Low output escaping rate
Taint flows with unsanitized paths
Past medium severity vulnerability (XSS)

Vulnerabilities

Secondary Title Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-28773medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Secondary Title <= 2.0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jul 5, 2023 Patched in 2.1.0 (202d)

Code Analysis

Analyzed Mar 16, 2026

Secondary Title Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped43 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

secondary_title_settings_page (includes\settings.php:35)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Secondary Title Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[secondary_title] includes\hooks.php:549

WordPress Hooks 21

actionadmin_footerincludes\admin.php:61

actionadmin_initincludes\admin.php:144

actionadd_meta_boxesincludes\hooks.php:73

actioninitincludes\hooks.php:90

actionsave_postincludes\hooks.php:131

filterthe_titleincludes\hooks.php:273

actionadmin_enqueue_scriptsincludes\hooks.php:315

actionadmin_menuincludes\hooks.php:333

actioninitincludes\hooks.php:345

filterpost_linkincludes\hooks.php:370

filterthe_title_rssincludes\hooks.php:412

filterposts_joinincludes\hooks.php:508

filterposts_whereincludes\hooks.php:509

filterposts_distinctincludes\hooks.php:510

actioninitincludes\hooks.php:552

actionadmin_noticesincludes\hooks.php:618

actionadmin_head-settings_page_secondary-titleincludes\hooks.php:622

actionadmin_initincludes\hooks.php:663

actionaioseop_title_formatincludes\hooks.php:729

filteraioseop_titleincludes\hooks.php:767

actioninitincludes\hooks.php:771

Maintenance & Trust

Secondary Title Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 9, 2025

PHP min version7.4

Downloads178K

Community Trust

Rating98/100

Number of ratings72

Active installs8K

Alternatives

Secondary Title Alternatives

WP Subtitle

wp-subtitle

Add subtitles (subheadings) to your pages, posts or custom post types.

10K 1 unpatched

Correct My Headings

correct-my-headings

If your subheadings appear on archive pages, they need to start from H3 (because H2 tags are used by the post titles on archive pages).

10 No CVEs

Custom Archive Titles

custom-archive-titles

A small and simple plugin to adjust the default texts of archive titles in WordPress

2K No CVEs

SubHeading

subheading

Adds the ability to easily add and display a sub title/heading on any public post type.

1K No CVEs

Advanced Heading

advanced-heading

Create Advanced Heading with Title, Subtitle and Separator Controls

300 No CVEs

Developer Profile

Secondary Title Developer Profile

thaikolja

1 plugin · 8K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect Secondary Title

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/secondary-title/assets/css/secondary-title.css/wp-content/plugins/secondary-title/assets/js/secondary-title.js

Script Paths

/wp-content/plugins/secondary-title/assets/js/secondary-title.js

Version Parameters

secondary-title/assets/css/secondary-title.css?ver=secondary-title/assets/js/secondary-title.js?ver=

HTML / DOM Fingerprints

CSS Classes

components-text-control__input

Data Attributes

id="secondary-title"name="secondary_post_title"title="Enter secondary title here"

JS Globals

secondary_title_settings

REST Endpoints

/wp-json/wp/v2/posts?_fields=id,_links.self,title,meta&meta=_secondary_title/wp-json/wp/v2/pages?_fields=id,_links.self,title,meta&meta=_secondary_title

FAQ