WP-Safety

SEO Forge Security & Risk Analysis

wordpress.org/plugins/seo-forge

A powerful SEO plugin with support for all content types, automatic XML sitemap generation, Schema.org markup, and comprehensive analytics.

0 active installs v4.3.7 PHP 7.4+ WP 5.0+ Updated Dec 19, 2025
meta-tagsopen-graphschemaseositemap
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is SEO Forge Safe to Use in 2026?

Generally Safe

Score 100/100

SEO Forge has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "seo-forge" plugin v4.3.7 demonstrates a generally strong security posture with several positive indicators. The absence of known CVEs and a history of unpatched vulnerabilities is a significant strength. Furthermore, the plugin exhibits good practices in its use of prepared statements for SQL queries (89%) and proper output escaping (88%), minimizing common attack vectors. The presence of nonce and capability checks on all identified entry points (AJAX, REST API) is also commendable, indicating a deliberate effort to prevent unauthorized access.

However, the taint analysis reveals potential areas of concern. The presence of 5 high-severity taint flows with unsanitized paths, despite the absence of critical severity issues, warrants careful examination. While the static analysis doesn't explicitly label these as exploitable vulnerabilities without further context, unsanitized paths can often lead to path traversal or directory listing vulnerabilities if user-supplied input is not correctly handled. The relatively high number of file operations (16) also increases the potential attack surface for issues related to file manipulation if not meticulously secured.

In conclusion, "seo-forge" v4.3.7 is built on a solid foundation of security best practices, particularly regarding database interactions and output rendering. The lack of known vulnerabilities is a strong positive. The primary risk lies within the 5 high-severity taint flows involving unsanitized paths. While not confirmed vulnerabilities, they represent the most significant potential weaknesses and should be prioritized for developer review and remediation to ensure the plugin's continued security.

Key Concerns

  • High severity taint flows with unsanitized paths
Vulnerabilities
None known

SEO Forge Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SEO Forge Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
170 prepared
Unescaped Output
78
570 escaped
Nonce Checks
27
Capability Checks
19
File Operations
16
External Requests
1
Bundled Libraries
0

SQL Query Safety

89% prepared192 total queries

Output Escaping

88% escaped648 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

12 flows5 with unsanitized paths
<sitemap-page> (admin\views\sitemap-page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SEO Forge Attack Surface

Entry Points16
Unprotected0

AJAX Handlers 7

authwp_ajax_onex_seo_import_batchincludes\class-admin.php:30
authwp_ajax_seofo_get_views_chart_dataincludes\class-post-views-counter.php:106
authwp_ajax_onex_seo_create_sitemap_pageincludes\class-sitemap-xml-generator.php:60
authwp_ajax_seofo_transliterate_textincludes\class-transliteration.php:49
noprivwp_ajax_seofo_transliterate_textincludes\class-transliteration.php:50
authwp_ajax_seofo_create_transliteration_pageincludes\class-transliteration.php:51
authwp_ajax_onex_seo_export_batchincludes\class-views-export-import.php:24

REST API Routes 2

GET/wp-json/onex-seo/v1/post-views/(?P<id>\d+)includes\class-post-views-counter.php:2467
GET/wp-json/onex-seo/v1/post-views/topincludes\class-post-views-counter.php:2485

Shortcodes 7

[ONEX-TOTAL-VIEWS] includes\class-post-views-counter.php:68
[ONEX-TODAY-VIEWS] includes\class-post-views-counter.php:69
[ONEX-WEEK-VIEWS] includes\class-post-views-counter.php:70
[ONEX-MONTH-VIEWS] includes\class-post-views-counter.php:71
[ONEX-AUTHOR-TOTAL-VIEWS] includes\class-post-views-counter.php:72
[ONEX-AUTHOR-WEEK-VIEWS] includes\class-post-views-counter.php:73
[seofo_transliteration_tool] includes\class-transliteration.php:56
WordPress Hooks 110
actioninitblocks\faq\class-op-faq-block.php:8
actionadmin_enqueue_scriptsblocks\faq\class-op-faq-block.php:9
actioninitblocks\pros-cons\class-op-pros-cons-block.php:8
actionadmin_enqueue_scriptsblocks\pros-cons\class-op-pros-cons-block.php:9
actionshow_user_profileincludes\author-profile.php:8
actionedit_user_profileincludes\author-profile.php:9
actionpersonal_options_updateincludes\author-profile.php:10
actionedit_user_profile_updateincludes\author-profile.php:11
actioninitincludes\class-admin.php:29
actionadmin_menuincludes\class-admin.php:104
actionadmin_initincludes\class-admin.php:105
actionadmin_enqueue_scriptsincludes\class-admin.php:106
actioncreated_categoryincludes\class-category-base-remover.php:28
actiondelete_categoryincludes\class-category-base-remover.php:29
actionedited_categoryincludes\class-category-base-remover.php:30
actioninitincludes\class-category-base-remover.php:31
filtercategory_rewrite_rulesincludes\class-category-base-remover.php:34
filterquery_varsincludes\class-category-base-remover.php:35
filterrequestincludes\class-category-base-remover.php:36
filterterms_clausesincludes\class-category-base-remover.php:73
actioninitincludes\class-core.php:60
actionwp_headincludes\class-frontend.php:54
actionwp_headincludes\class-frontend.php:57
actionwp_headincludes\class-frontend.php:58
actionwp_headincludes\class-frontend.php:61
actionwp_headincludes\class-frontend.php:64
actionwpincludes\class-frontend.php:67
filterwp_robotsincludes\class-frontend.php:70
filterpll_rel_hreflang_attributesincludes\class-frontend.php:73
actiontemplate_redirectincludes\class-frontend.php:76
filterredirect_canonicalincludes\class-frontend.php:202
actionadd_meta_boxesincludes\class-meta-boxes.php:25
actionsave_postincludes\class-meta-boxes.php:26
actionshow_user_profileincludes\class-meta-boxes.php:29
actionedit_user_profileincludes\class-meta-boxes.php:30
actionpersonal_options_updateincludes\class-meta-boxes.php:31
actionedit_user_profile_updateincludes\class-meta-boxes.php:32
actionadmin_enqueue_scriptsincludes\class-meta-boxes.php:34
actionadmin_enqueue_scriptsincludes\class-meta-boxes.php:36
actionwp_headincludes\class-meta-tags-manager.php:21
actionadmin_initincludes\class-meta-tags-manager.php:24
actionwp_footerincludes\class-meta-tags-manager.php:28
filterpost_linkincludes\class-post-permalink-handler.php:44
filterthe_permalinkincludes\class-post-permalink-handler.php:47
filterpost_type_linkincludes\class-post-permalink-handler.php:50
actionplugins_loadedincludes\class-post-views-counter.php:42
actionadmin_initincludes\class-post-views-counter.php:87
actionsave_postincludes\class-post-views-counter.php:90
actionwpincludes\class-post-views-counter.php:93
actiononex_cleanup_views_dataincludes\class-post-views-counter.php:94
actionadmin_menuincludes\class-post-views-counter.php:97
actionrest_api_initincludes\class-post-views-counter.php:100
actionadmin_enqueue_scriptsincludes\class-post-views-counter.php:103
filtermanage_posts_columnsincludes\class-post-views-counter.php:140
filtermanage_pages_columnsincludes\class-post-views-counter.php:141
actionmanage_posts_custom_columnincludes\class-post-views-counter.php:142
actionmanage_pages_custom_columnincludes\class-post-views-counter.php:143
filtermanage_edit-post_sortable_columnsincludes\class-post-views-counter.php:146
filtermanage_edit-page_sortable_columnsincludes\class-post-views-counter.php:147
actionpre_get_postsincludes\class-post-views-counter.php:148
actionadd_meta_boxesincludes\class-proofreader-manager.php:29
actionsave_postincludes\class-proofreader-manager.php:30
actionadmin_initincludes\class-proofreader-manager.php:33
actionadmin_menuincludes\class-robots-manager.php:26
actionadmin_post_save_robots_txtincludes\class-robots-manager.php:27
actionadmin_post_set_default_robots_txtincludes\class-robots-manager.php:28
filterrobots_txtincludes\class-robots-manager.php:29
actionwp_enqueue_scriptsincludes\class-schema-manager.php:28
actionadmin_enqueue_scriptsincludes\class-schema-manager.php:29
actionadmin_menuincludes\class-schema-manager.php:32
actionadmin_initincludes\class-schema-manager.php:35
filterwpseo_json_ld_outputincludes\class-schema-manager.php:150
filterwpseo_enable_schema_outputincludes\class-schema-manager.php:151
filterwpseo_json_ld_output_web_app_manifestincludes\class-schema-manager.php:152
actionsave_postincludes\class-sitemap-xml-generator.php:36
actionedited_termincludes\class-sitemap-xml-generator.php:39
actioncreate_termincludes\class-sitemap-xml-generator.php:40
actionprofile_updateincludes\class-sitemap-xml-generator.php:43
actionuser_registerincludes\class-sitemap-xml-generator.php:44
actionpublish_postincludes\class-sitemap-xml-generator.php:47
actionadmin_menuincludes\class-sitemap-xml-generator.php:50
filtertheme_page_templatesincludes\class-sitemap-xml-generator.php:53
filtertemplate_includeincludes\class-sitemap-xml-generator.php:54
actionadmin_print_footer_scriptsincludes\class-sitemap-xml-generator.php:57
actionadmin_enqueue_scriptsincludes\class-sitemap-xml-generator.php:63
actionwp_enqueue_scriptsincludes\class-sitemap-xml-generator.php:66
actionadd_meta_boxesincludes\class-sitemap-xml-generator.php:69
actionsave_postincludes\class-sitemap-xml-generator.php:70
actioncategory_edit_form_fieldsincludes\class-term-meta.php:27
actionpost_tag_edit_form_fieldsincludes\class-term-meta.php:28
actionedited_termincludes\class-term-meta.php:37
actioncreated_termincludes\class-term-meta.php:38
actionadmin_enqueue_scriptsincludes\class-term-meta.php:40
actioninitincludes\class-transliteration.php:31
actionadmin_menuincludes\class-transliteration.php:32
actionadmin_initincludes\class-transliteration.php:33
filterwp_insert_post_dataincludes\class-transliteration.php:42
actioncreated_termincludes\class-transliteration.php:44
actionedited_termincludes\class-transliteration.php:45
actionadmin_enqueue_scriptsincludes\class-transliteration.php:53
actionedited_termincludes\class-transliteration.php:434
actionadmin_menuincludes\class-views-export-import.php:19
actionadmin_post_export_viewsincludes\class-views-export-import.php:20
actionadmin_post_import_viewsincludes\class-views-export-import.php:21
actionadmin_post_export_to_yoastincludes\class-views-export-import.php:23
filtertheme_page_templatesseo-forge.php:143
filtertemplate_includeseo-forge.php:155
actionplugins_loadedseo-forge.php:230
actionwp_footersitemap-template.php:203
actionwp_enqueue_scriptssitemap-template.php:211

Scheduled Events 1

onex_cleanup_views_data
Maintenance & Trust

SEO Forge Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedDec 19, 2025
PHP min version7.4
Downloads113

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SEO Forge Alternatives

CSPG Basic SEO Helper

CSPG Basic SEO Helper

cspg-basic-seo-helper

A
100

Lightweight SEO helper adding Open Graph, Twitter Cards, Schema.org markup, meta templates, and XML sitemaps.

0 No CVEs
SEO Pyramid

SEO Pyramid

seo-pyramid

B
78

SEO Pyramid is a free, lightweight Search Engine Optimization plugin designed to simplify website SEO process.

50 1 unpatched
Clarity SEO

Clarity SEO

clarity-seo

A
100

Lightweight, fast SEO plugin for WordPress — meta tags, Schema.org markup, XML sitemap, 301 redirects, 404 monitor, image SEO, breadcrumbs, and more.

40 No CVEs
Rocketship SEO

Rocketship SEO

rocketship-seo

A
100

AI-powered WordPress SEO plugin with smart meta titles, descriptions, schema markup, sitemaps, and OpenAI & Google Gemini integration.

20 No CVEs
Advanced SEO Toolkit

Advanced SEO Toolkit

advanced-seo-toolkit

A
100

Advanced SEO Toolkit is a comprehensive solution for optimizing your WordPress site for search engines.

0 No CVEs
Developer Profile

SEO Forge Developer Profile

Serphot

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SEO Forge

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seo-forge/assets/css/admin.css/wp-content/plugins/seo-forge/assets/css/frontend.css/wp-content/plugins/seo-forge/assets/js/admin.js/wp-content/plugins/seo-forge/assets/js/frontend.js/wp-content/plugins/seo-forge/blocks/faq/build/index.js/wp-content/plugins/seo-forge/blocks/faq/build/index.css/wp-content/plugins/seo-forge/blocks/pros-cons/build/index.js/wp-content/plugins/seo-forge/blocks/pros-cons/build/index.css
Generator Patterns
SEO Forge v4.3.7
Script Paths
/wp-content/plugins/seo-forge/assets/js/admin.js/wp-content/plugins/seo-forge/assets/js/frontend.js/wp-content/plugins/seo-forge/blocks/faq/build/index.js/wp-content/plugins/seo-forge/blocks/pros-cons/build/index.js
Version Parameters
seo-forge/assets/css/admin.css?ver=seo-forge/assets/css/frontend.css?ver=seo-forge/assets/js/admin.js?ver=seo-forge/assets/js/frontend.js?ver=seo-forge/blocks/faq/build/index.js?ver=seo-forge/blocks/faq/build/index.css?ver=seo-forge/blocks/pros-cons/build/index.js?ver=seo-forge/blocks/pros-cons/build/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
seofo-admin-menuseofo-admin-pageseofo-frontend-wrapperseofo-schema-editorseofo-faq-blockseofo-pros-cons-blockseofo-meta-box
HTML Comments
<!-- SEO Forge -- Sitemap Template --><!-- SEO Forge -- FAQ Block --><!-- SEO Forge -- Pros/Cons Block --><!-- SEO Forge -- Meta Box -->
Data Attributes
data-seofo-iddata-seofo-typedata-seofo-faqdata-seofo-pros-consdata-seofo-schema
JS Globals
seofo_admin_paramsseofo_frontend_paramsonex_seo_optionsSEOFO_FAQ_BLOCK_OPTIONSSEOFO_PROS_CONS_BLOCK_OPTIONS
REST Endpoints
/wp-json/seofo/v1/faq/wp-json/seofo/v1/pros-cons/wp-json/seofo/v1/schema
Shortcode Output
[seofo_faq][seofo_pros_cons][seofo_schema]
FAQ

Frequently Asked Questions about SEO Forge