WP-Safety

SEO Ultimate Security & Risk Analysis

wordpress.org/plugins/seo-ultimate

This all-in-one SEO plugin gives you control over meta titles & descriptions, open graph, auto-linking, rich-snippets, 404 monitoring, siloing &am …

20K active installs v7.6.5.9 PHP + WP 3.9+ Updated Nov 28, 2017
googleseoseo-ultimatesuiteyahoo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SEO Ultimate Safe to Use in 2026?

Generally Safe

Score 85/100

SEO Ultimate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "seo-ultimate" v7.6.5.9 plugin exhibits a mixed security posture. On the positive side, the attack surface is minimal with only one AJAX handler, and importantly, no unprotected entry points were identified. The plugin also demonstrates good use of nonce and capability checks, with a substantial number of capability checks indicating an effort to enforce permissions. However, several significant concerns are present in the static analysis. The use of dangerous functions like `create_function` and `unserialize` is a notable risk, as these can lead to code injection or data manipulation vulnerabilities if not handled with extreme care. The complete absence of prepared statements for SQL queries is a critical security flaw, making the plugin highly susceptible to SQL injection attacks. Furthermore, a significant portion of output is not properly escaped, opening the door for cross-site scripting (XSS) vulnerabilities. The taint analysis revealed two high-severity flows with unsanitized paths, suggesting potential pathways for attackers to exploit the application's logic or data. Despite the absence of documented CVEs, the internal code analysis reveals several areas that require urgent attention and remediation to improve the plugin's security.

Key Concerns

  • High severity taint flows with unsanitized paths
  • SQL queries without prepared statements
  • Low percentage of properly escaped output
  • Use of dangerous function: unserialize
  • Use of dangerous function: create_function
Vulnerabilities
None known

SEO Ultimate Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SEO Ultimate Code Analysis

Dangerous Functions
5
Raw SQL Queries
2
0 prepared
Unescaped Output
136
72 escaped
Nonce Checks
2
Capability Checks
12
File Operations
5
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionuasort($arr, create_function('$a,$b', 'return strcasecmp($a["'.$valuekey.'"], $b["'.$valuekey.'"]);'includes\jlfunctions\arr.php:64
create_functionuasort($arr, create_function('$a,$b', 'return strlen($b["'.$valuekey.'"]) - strlen($a["'.$valuekey.'includes\jlfunctions\arr.php:76
create_function$uafunc = create_function('', "return '$ua';");includes\jlwp\functions.php:77
unserialize$import = unserialize($import);modules\settings\settings-data.php:71
create_functionadd_meta_box('su_postmeta', __('SEO Settings', 'seo-ultimate'), create_function('', 'global $seo_ultplugin\class.seo-ultimate.php:1656

SQL Query Safety

0% prepared2 total queries

Output Escaping

35% escaped208 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
admin_page_contents (modules\autolinks\content-autolinks.php:261)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SEO Ultimate Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_su-jlsuggest-autocompleteplugin\class.seo-ultimate.php:245
WordPress Hooks 100
filterhttp_headers_useragentincludes\jlwp\functions.php:78
filtersu_settings_export_arraymodules\404s\fofs-log.php:14
actionadmin_enqueue_scriptsmodules\404s\fofs-log.php:40
actionsu_save_hitmodules\404s\fofs-log.php:41
filtersu_get_setting-404s-max_log_sizemodules\404s\fofs-settings.php:32
filteruser_contactmethodsmodules\author-links\author-links.php:22
actionsu_headmodules\author-links\author-links.php:23
filterthe_contentmodules\autolinks\content-autolinks.php:22
filtersu_postmeta_helpmodules\autolinks\content-autolinks.php:24
filtersu_get_postmeta-autolinksmodules\autolinks\content-autolinks.php:25
filtersu_custom_update_postmeta-autolinksmodules\autolinks\content-autolinks.php:26
filtersu_get_setting-autolinks-linkfree_tagsmodules\autolinks\content-autolinks.php:28
filtersu_get_setting-autolinks-dampen_sitewide_lpa_valuemodules\autolinks\content-autolinks.php:29
actionwp_footermodules\autolinks\footer-autolinks.php:22
filtersu_get_setting-canonical-canonical_url_schememodules\canonical\canonical.php:18
actionsu_headmodules\canonical\canonical.php:27
actiontemplate_redirectmodules\canonical\canonical.php:31
actiontemplate_redirectmodules\canonical\canonical.php:35
filteradmin_body_classmodules\class.su-module.php:383
actionin_admin_footermodules\class.su-module.php:891
actionadmin_enqueue_scriptsmodules\class.su-module.php:956
actionadmin_xml_nsmodules\class.su-module.php:2706
actiondo_robotsmodules\files\files.php:24
actionadmin_noticesmodules\files\files.php:27
filtersu_get_setting-files-htaccessmodules\files\files.php:31
filtersu_custom_update_setting-files-htaccessmodules\files\files.php:32
filtersu_custom_update_postmeta-aliasesmodules\internal-link-aliases\internal-link-aliases.php:12
filtersu_get_setting-internal-link-aliases-alias_dirmodules\internal-link-aliases\internal-link-aliases.php:13
filterthe_contentmodules\internal-link-aliases\internal-link-aliases.php:16
actiontemplate_redirectmodules\internal-link-aliases\internal-link-aliases.php:17
actiondo_robotstxtmodules\internal-link-aliases\internal-link-aliases.php:18
actionsu_do_robotstxtmodules\internal-link-aliases\internal-link-aliases.php:19
filterwp_list_pagesmodules\link-nofollow\link-nofollow.php:51
actiontemplate_redirectmodules\linkbox\linkbox.php:31
filterthe_contentmodules\linkbox\linkbox.php:39
actionsu_linkboxmodules\linkbox\linkbox.php:43
filtersu_settings_export_arraymodules\meta\meta-descriptions.php:14
actionsu_headmodules\meta\meta-descriptions.php:23
filtersu_postmeta_helpmodules\meta\meta-descriptions.php:24
filtersu_settings_export_arraymodules\meta\meta-keywords.php:14
actionsu_headmodules\meta\meta-keywords.php:24
filtersu_meta_robotsmodules\meta\meta-robots.php:17
actionsu_headmodules\meta\webmaster-verify.php:19
filterthe_content_more_linkmodules\more-links\more-links.php:24
filtersu_get_postmeta-morelinktextmodules\more-links\more-links.php:25
filtersu_settings_export_arraymodules\noindex\noindex.php:15
actionsu_meta_robotsmodules\noindex\noindex.php:29
actioncommentsrss2_headmodules\noindex\noindex.php:35
actionadmin_headmodules\noindex\noindex.php:39
actionlogin_headmodules\noindex\noindex.php:43
filterlanguage_attributesmodules\opengraph\opengraph.php:30
actionsu_headmodules\opengraph\opengraph.php:31
filtersu_get_setting-opengraph-twitter_site_handlemodules\opengraph\opengraph.php:32
filteruser_contactmethodsmodules\opengraph\opengraph.php:33
filtersu_get_setting-opengraph-twitter_creator_handlemodules\opengraph\opengraph.php:34
actionwp_insert_postmodules\permalinks\permalinks.php:39
filterterm_linkmodules\permalinks\permalinks.php:40
filterquery_varsmodules\permalinks\permalinks.php:41
filterrequestmodules\permalinks\permalinks.php:42
filterthe_contentmodules\rich-snippets\rich-snippets.php:20
filtersu_settings_export_arraymodules\sds-blog\sds-blog.php:19
filterhttp_headers_useragentmodules\sds-blog\sds-blog.php:60
filteresc_htmlmodules\sds-blog\sds-blog.php:61
filtersu_custom_admin_page-settingsmodules\settings\install.php:75
filtersu_custom_admin_page-settingsmodules\settings\uninstall.php:55
filterthe_contentmodules\sharing-buttons\sharing-buttons.php:18
filtername_save_premodules\slugs\slugs.php:26
filtersanitize_titlemodules\slugs\slugs.php:31
filtersu_settings_export_arraymodules\titles\titles.php:14
filterwp_titlemodules\titles\titles.php:25
actiontemplate_redirectmodules\titles\titles.php:29
actionwp_headmodules\titles\titles.php:30
filtersu_postmeta_helpmodules\titles\titles.php:34
filtersu_settings_import_arraymodules\user-code\user-code.php:17
actionwidgets_initmodules\widgets\widgets.php:27
actionshutdownplugin\class.seo-ultimate.php:129
actioninitplugin\class.seo-ultimate.php:183
actioninitplugin\class.seo-ultimate.php:184
actionwp_headplugin\class.seo-ultimate.php:187
filterredirect_canonicalplugin\class.seo-ultimate.php:191
filterwp_redirectplugin\class.seo-ultimate.php:192
filterstatus_headerplugin\class.seo-ultimate.php:193
actionadmin_enqueue_scriptsplugin\class.seo-ultimate.php:204
actionadmin_headplugin\class.seo-ultimate.php:207
actionadmin_headplugin\class.seo-ultimate.php:210
actionadmin_noticesplugin\class.seo-ultimate.php:214
actionadmin_initplugin\class.seo-ultimate.php:217
actionadmin_menuplugin\class.seo-ultimate.php:223
actionnetwork_admin_menuplugin\class.seo-ultimate.php:224
actionadmin_headplugin\class.seo-ultimate.php:227
actiondo_meta_boxesplugin\class.seo-ultimate.php:230
actionsave_postplugin\class.seo-ultimate.php:231
filtertransient_update_pluginsplugin\class.seo-ultimate.php:235
filterplugin_row_metaplugin\class.seo-ultimate.php:242
actionwp_dashboard_setupplugin\class.seo-ultimate.php:248
actionadmin_enqueue_scriptsplugin\class.seo-ultimate.php:633
filterupgrader_pre_installplugin\class.su-installer.php:49
filterupgrader_clear_destinationplugin\class.su-installer.php:50
actionadmin_bar_menuplugin\su-functions.php:597
actionadmin_noticesseo-ultimate.php:79
Maintenance & Trust

SEO Ultimate Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30
Last updatedNov 28, 2017
PHP min version
Downloads2.3M

Community Trust

Rating76/100
Number of ratings97
Active installs20K
Alternatives

SEO Ultimate Alternatives

SEOLAT Tool Plus

SEOLAT Tool Plus

seolat-tool-plus

A
85

This SEOLAT Tool Plus plugin gives you control over title tags, noindex/nofollow, meta tags, opengraph+, slugs, canonical tags, autolinks, 404 errors, rich snippets, and more.

100 No CVEs
Easy Verification

Easy Verification

easy-verification

A
85

This plugin will allow you to easily verify your WordPress website with Google Webmaster Tools, Bing Webmaster Tools and Yahoo! SiteExplorer.

100 No CVEs
Karailiev's sitemap

Karailiev's sitemap

karailievs-sitemap

A
85

This plugin adds a XML sitemap and news sitemap to your blog. It's used to show all your pages and posts to the search engines like Google, Yahoo …

70 No CVEs
WPMU Fast Verification for Google Webmaster Tools and Yahoo! Site Explorer

WPMU Fast Verification for Google Webmaster Tools and Yahoo! Site Explorer

wpmu-fast-verification-for-google-webmaster-tools-and-yahoo-site-explorer

A
85

Allow you to do fast verification for WPMU websites with Google Webmaster Tools, Yahoo! SiteExplorer, Bing Webmaster Center & Alexa Siteowners.

10 No CVEs
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Developer Profile

SEO Ultimate Developer Profile

Jeffrey L. Smith

1 plugin · 20K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SEO Ultimate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seo-ultimate/modules/404s/css/fofs-admin.css/wp-content/plugins/seo-ultimate/modules/404s/js/fofs-admin.js
Script Paths
/wp-content/plugins/seo-ultimate/modules/404s/js/fofs-admin.js
Version Parameters
seo-ultimate/modules/404s/css/fofs-admin.css?ver=seo-ultimate/modules/404s/js/fofs-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
su-fofs-admin-pagesu-fofs-log-tablesu-fofs-error-message
HTML Comments
<!-- 404 Monitor Log Module --><!-- Begin SEO Ultimate 404s Log -->
Data Attributes
data-module-id="404s"data-action="delete"data-action="clear"
JS Globals
su_fofs_adminSEO_Ultimate
FAQ

Frequently Asked Questions about SEO Ultimate