WP-Safety

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Security & Risk Analysis

wordpress.org/plugins/surerank

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K active installs v1.6.5 PHP 7.4+ WP 6.7+ Updated Feb 27, 2026
google-search-consoleschemaseowordpress-seoxml-sitemap
97
A · Safe
CVEs total1
Unpatched0
Last CVEOct 16, 2025
Plugin page Download
Safety Verdict

Is SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Safe to Use in 2026?

Generally Safe

Score 97/100

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 16, 2025Updated 1mo ago
Risk Assessment

The "surerank" v1.6.5 plugin demonstrates a generally strong security posture with several good practices observed. The vast majority of SQL queries utilize prepared statements, and a high percentage of output is properly escaped, significantly mitigating risks of SQL injection and Cross-Site Scripting (XSS) respectively. The plugin also implements a robust set of nonce and capability checks across its entry points, which are all protected from direct unauthenticated access. This indicates a developer mindful of common WordPress security vulnerabilities.

However, there are a couple of areas that warrant attention. The taint analysis revealed two flows with unsanitized paths, although they did not reach a critical or high severity level. This suggests a potential for input validation issues that could be exploited under specific circumstances, even if no immediate high-impact vulnerabilities were found. Furthermore, the vulnerability history shows a past high severity XSS vulnerability. While currently patched, this pattern indicates a previous weakness in handling user-generated content or external input, which could re-emerge if coding practices regress.

Overall, "surerank" v1.6.5 is a reasonably secure plugin due to its adherence to best practices like prepared statements and output escaping. The protected attack surface is a positive sign. The presence of past vulnerabilities and the taint analysis findings, however, suggest that continued vigilance and thorough code review are advisable to ensure new vulnerabilities do not arise.

Key Concerns

  • Taint flow with unsanitized path
  • Taint flow with unsanitized path
  • Past high severity vulnerability (XSS)
Vulnerabilities
1

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-62059high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SureRank <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting

Oct 16, 2025 Patched in 1.4.0 (14d)
Code Analysis
Analyzed Mar 16, 2026

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
43 prepared
Unescaped Output
18
315 escaped
Nonce Checks
8
Capability Checks
18
File Operations
2
External Requests
4
Bundled Libraries
0

SQL Query Safety

98% prepared44 total queries

Output Escaping

95% escaped333 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
authenticate (inc\google-search-console\auth.php:92)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 2

authwp_ajax_surerank_activate_plugininc\ajax\ajax.php:28
authwp_ajax_surerank_activate_themeinc\ajax\ajax.php:29

REST API Routes 6

GET/wp-json/surerank/v1/angie/toggle-sitemapinc\third-party-integrations\angie.php:79
GET/wp-json/surerank/v1/angie/bulk-robots-settingsinc\third-party-integrations\angie.php:96
GET/wp-json/surerank/v1/angie/indexable-statusinc\third-party-integrations\angie.php:130
GET/wp-json/surerank/v1/angie/title-and-meta-descriptioninc\third-party-integrations\angie.php:151
GET/wp-json/surerank/v1/angie/toggle-settingsinc\third-party-integrations\angie.php:180
GET/wp-json/surerank/v1/angie/get-available-typesinc\third-party-integrations\angie.php:196
WordPress Hooks 150
actionadmin_noticesinc\admin\admin-notice.php:44
actionpre_post_updateinc\admin\admin-notice.php:169
actionpost_updatedinc\admin\admin-notice.php:170
actionedit_terminc\admin\admin-notice.php:179
actionedited_terminc\admin\admin-notice.php:180
actionwpinc\admin\attachment.php:37
actionadd_attachmentinc\admin\attachment.php:38
actionadmin_initinc\admin\bulk-actions.php:29
actionadmin_noticesinc\admin\bulk-actions.php:30
actionadmin_footerinc\admin\bulk-actions.php:31
actionbulk_edit_custom_boxinc\admin\bulk-edit.php:39
actionadmin_menuinc\admin\dashboard.php:46
actionadmin_initinc\admin\dashboard.php:47
actionadmin_headinc\admin\dashboard.php:48
actionadmin_headinc\admin\dashboard.php:49
actionadmin_enqueue_scriptsinc\admin\dashboard.php:50
actionadmin_menuinc\admin\onboarding.php:27
actionwp_dashboard_setupinc\admin\search-console-widget.php:44
actionadmin_initinc\admin\seo-bar.php:39
actionadmin_initinc\admin\seo-bar.php:40
actioncategory_term_edit_form_topinc\admin\seo-popup.php:45
actioncreated_categoryinc\admin\seo-popup.php:46
actionedited_categoryinc\admin\seo-popup.php:47
actionadmin_bar_menuinc\admin\seo-popup.php:82
actionsurerank_start_building_cacheinc\admin\sync.php:53
actionsurerank_batch_process_completeinc\admin\sync.php:54
filtersurerank_dashboard_localization_varsinc\admin\sync.php:55
filterwp_redirectinc\ajax\ajax.php:75
filterbsf_core_statsinc\analytics\analytics.php:66
actionwp_after_insert_postinc\analyzer\post-analyzer.php:89
filtersurerank_run_post_seo_checksinc\analyzer\post-analyzer.php:90
actionedited_terminc\analyzer\term-analyzer.php:76
actionsave_terminc\analyzer\term-analyzer.php:77
filtersurerank_run_term_seo_checksinc\analyzer\term-analyzer.php:78
actionrest_api_initinc\api\api-init.php:32
filterposts_searchinc\api\post.php:222
actiontemplate_redirectinc\frontend\archives.php:37
actionsurerank_print_metainc\frontend\archives.php:38
filtersurerank_robots_meta_arrayinc\frontend\archives.php:39
filtersurerank_is_singular_archiveinc\frontend\archives.php:40
actionsurerank_print_metainc\frontend\canonical.php:38
actionsurerank_print_metainc\frontend\common.php:36
filterpre_get_document_titleinc\frontend\common.php:37
filterquery_varsinc\frontend\crawl-optimization.php:46
filterrequestinc\frontend\crawl-optimization.php:47
filtercategory_rewrite_rulesinc\frontend\crawl-optimization.php:48
filterterm_linkinc\frontend\crawl-optimization.php:49
actioncreated_product_catinc\frontend\crawl-optimization.php:64
actiondelete_product_catinc\frontend\crawl-optimization.php:65
actionedited_product_catinc\frontend\crawl-optimization.php:66
filterproduct_cat_rewrite_rulesinc\frontend\crawl-optimization.php:67
filterterm_linkinc\frontend\crawl-optimization.php:68
actiontemplate_redirectinc\frontend\crawl-optimization.php:69
actionsurerank_print_metainc\frontend\facebook.php:198
actionsurerank_print_metainc\frontend\facebook.php:199
filterthe_excerpt_rssinc\frontend\feed.php:35
filterthe_content_feedinc\frontend\feed.php:36
actiontemplate_redirectinc\frontend\feed.php:37
actioninitinc\frontend\feed.php:38
actiondo_feed_atominc\frontend\feed.php:114
actiondo_feed_rdfinc\frontend\feed.php:115
actionwp_headinc\frontend\meta-data.php:57
actionwpinc\frontend\meta-data.php:58
actionsurerank_print_metainc\frontend\meta-tag-injection.php:37
filtersurerank_set_metainc\frontend\product.php:50
actionsurerank_print_metainc\frontend\robots.php:38
filterrobots_txtinc\frontend\robots.php:40
filtersurerank_set_metainc\frontend\single.php:46
filtersurerank_set_metainc\frontend\special-page.php:40
filtersurerank_set_metainc\frontend\taxonomy.php:46
filtersurerank_set_metainc\frontend\title.php:66
filterpre_get_document_titleinc\frontend\title.php:67
filterwp_titleinc\frontend\title.php:68
actionsurerank_print_metainc\frontend\twitter.php:38
actionwp_loadedinc\functions\cron.php:42
filtercron_schedulesinc\functions\cron.php:43
actionadmin_initinc\google-search-console\auth.php:48
filtersurerank_dashboard_localization_varsinc\google-search-console\auth.php:49
filtersurerank_api_controllersinc\google-search-console\auth.php:50
filtersurerank_api_controllersinc\modules\ai-auth\init.php:41
filtersurerank_common_localization_varsinc\modules\ai-auth\init.php:42
filtersurerank_api_controllersinc\modules\content-generation\init.php:34
filtersurerank_content_generation_inputsinc\modules\content-generation\init.php:35
filtersurerank_content_generation_inputsinc\modules\content-generation\init.php:36
actioninitinc\modules\email-reports\controller.php:61
filtersurerank_api_controllersinc\modules\email-reports\init.php:37
filtersurerank_api_controllersinc\modules\fix-seo-checks\init.php:35
filtersurerank_api_controllersinc\modules\nudges\init.php:34
filtersurerank_globals_localization_varsinc\modules\nudges\init.php:35
actionadmin_footerinc\nps-notice.php:46
actioninitinc\routes.php:40
filtersurerank_default_schema_variablesinc\schema\custom-fields.php:37
filtersurerank_schema_datainc\schema\custom-fields.php:38
filtersurerank_schema_typesinc\schema\products.php:45
filtersurerank_default_schemasinc\schema\products.php:46
filtersurerank_schema_datainc\schema\products.php:47
actionwp_footerinc\schema\products.php:48
filtersurerank_default_schema_variablesinc\schema\products.php:49
filtersurerank_schema_type_datainc\schema\products.php:50
filtersc_display_product_json_ld_schemainc\schema\products.php:112
filterposts_searchinc\schema\schemas-api.php:115
filtersurerank_api_controllersinc\schema\schemas.php:53
filtersurerank_common_localization_varsinc\schema\schemas.php:54
actionsurerank_print_metainc\schema\schemas.php:55
actionwpinc\schema\schemas.php:56
actionwp_after_insert_postinc\sitemap\checksum.php:40
actionbefore_delete_postinc\sitemap\checksum.php:41
actioncreated_terminc\sitemap\checksum.php:42
actionedited_terminc\sitemap\checksum.php:43
actiondelete_terminc\sitemap\checksum.php:44
filtersurerank_flush_rewrite_settingsinc\sitemap\xml-sitemap.php:47
filterwp_sitemaps_enabledinc\sitemap\xml-sitemap.php:58
actiontemplate_redirectinc\sitemap\xml-sitemap.php:59
actionparse_queryinc\sitemap\xml-sitemap.php:60
actionwp_enqueue_scriptsinc\third-party-integrations\angie.php:46
actionadmin_enqueue_scriptsinc\third-party-integrations\angie.php:47
actionrest_api_initinc\third-party-integrations\angie.php:48
filtersurerank_post_analyzer_contentinc\third-party-integrations\avada-fusion-builder.php:32
actionwp_enqueue_scriptsinc\third-party-integrations\bricks.php:40
actionwp_enqueue_scriptsinc\third-party-integrations\bricks.php:41
filtersurerank_globals_localization_varsinc\third-party-integrations\bricks.php:42
filtercartflows_admin_flow_settingsinc\third-party-integrations\cart-flows.php:38
filtercartflows_step_add_noindex_metainc\third-party-integrations\cart-flows.php:39
filtercartflows_admin_global_settings_datainc\third-party-integrations\cart-flows.php:40
actionelementor/editor/after_enqueue_scriptsinc\third-party-integrations\elementor.php:34
actionelementor/editor/after_enqueue_scriptsinc\third-party-integrations\elementor.php:35
actionelementor/editor/before_enqueue_scriptsinc\third-party-integrations\elementor.php:37
actionelementor/editor/after_enqueue_scriptsinc\third-party-integrations\elementor.php:39
filtersurerank_sitemap_url_elementinc\third-party-integrations\multilingual\hreflang-generator.php:34
actionactivated_plugininc\third-party-integrations\multilingual\init.php:36
actiondeactivated_plugininc\third-party-integrations\multilingual\init.php:37
filtersurerank_sitemap_sync_posts_post_datainc\third-party-integrations\multilingual\translation-manager.php:248
filtersurerank_sitemap_sync_terms_term_datainc\third-party-integrations\multilingual\translation-manager.php:249
actionwpml_after_save_postinc\third-party-integrations\multilingual\translation-manager.php:261
actionpll_save_postinc\third-party-integrations\multilingual\translation-manager.php:262
actiontrp_update_translationinc\third-party-integrations\multilingual\translation-manager.php:263
actionwpml_after_save_terminc\third-party-integrations\multilingual\translation-manager.php:265
actionpll_save_terminc\third-party-integrations\multilingual\translation-manager.php:266
filtersurerank_prep_post_metainc\third-party-integrations\woocommerce.php:84
actionwp_enqueue_scriptsinc\traits\enqueue.php:60
actionadmin_enqueue_scriptsinc\traits\enqueue.php:73
actionshutdownloader.php:93
actionplugins_loadedloader.php:95
actioninitloader.php:97
actioninitloader.php:98
actioninitloader.php:99
actioninitloader.php:100
filterplugin_row_metaloader.php:105
filterplugin_action_linksloader.php:107
filterbody_classloader.php:110
Maintenance & Trust

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads1.6M

Community Trust

Rating92/100
Number of ratings22
Active installs300K
Alternatives

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Alternatives

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A
86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M 20 CVEs
SEOPress – On-site SEO & Analytics

SEOPress – On-site SEO & Analytics

wp-seopress

A
94

SEOPress, a simple, fast and powerful all in one SEO plugin for WordPress. Rank higher in search engines, fully white label. Now with AI.

300K 14 CVEs
SEO Plugin by Squirrly SEO

SEO Plugin by Squirrly SEO

squirrly-seo

A
88

Rank without begging Google. AI-powered SEO that actually helps you win. Trusted by rebels, creators, and pros in 150+ countries.

40K 14 CVEs
Xagio SEO – AI Powered SEO

Xagio SEO – AI Powered SEO

xagio-seo

C
64

Xagio is the only WordPress SEO plugin built with AI to help you rank fast, rank higher, and optimize for SEO using advanced AI for insane SEO results &hellip;

10K 1 unpatched
Developer Profile

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
196 days
View full developer profile
Detection Fingerprints

How We Detect SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/surerank/build/admin-notice.js/wp-content/plugins/surerank/build/admin-notice.css
Script Paths
/wp-content/plugins/surerank/build/admin-notice.js
Version Parameters
surerank/build/admin-notice.js?ver=surerank/build/admin-notice.css?ver=

HTML / DOM Fingerprints

CSS Classes
surerank-admin-notice
Data Attributes
data-nonce
JS Globals
SureRankAdmin
FAQ

Frequently Asked Questions about SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema