WP-Safety

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Security & Risk Analysis

wordpress.org/plugins/tag-groups

Tag Groups allows you to organize your WordPress taxonomy terms and show them in clouds, tabs, accordions, tables, lists and much more.

3K active installs v2.1.1 PHP 7.2+ WP 4.9+ Updated Dec 5, 2025
accordiontabstag-cloudtagstaxonomy
99
A · Safe
CVEs total2
Unpatched0
Last CVEJan 14, 2025
Plugin page Download
Safety Verdict

Is Tag Groups is the Advanced Way to Display Your Taxonomy Terms Safe to Use in 2026?

Generally Safe

Score 99/100

Tag Groups is the Advanced Way to Display Your Taxonomy Terms has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jan 14, 2025Updated 5mo ago
Risk Assessment

The "tag-groups" plugin version 2.1.1 exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and a substantial number of nonce and capability checks, significant concerns arise from its attack surface and output escaping. The presence of 7 unprotected entry points across AJAX handlers and REST API routes, coupled with 3 flows with unsanitized paths and a high-severity taint flow, presents a considerable risk of unauthorized access and potential data manipulation or execution. The plugin's vulnerability history, with 2 known medium-severity CVEs related to Cross-Site Scripting and Missing Authorization, further underscores the need for caution. While the absence of unpatched vulnerabilities is positive, the recurring nature of these vulnerability types suggests underlying architectural weaknesses that require ongoing vigilance. Overall, the plugin has strengths in its core security implementations but is weakened by critical gaps in input sanitization and authorization for its exposed functionalities.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • Flows with unsanitized paths
  • High severity taint flow
  • Low output escaping percentage
  • Medium severity CVEs in history
Vulnerabilities
2 published

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-22735medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Tag Groups is the Advanced Way to Display Your Taxonomy Terms <= 2.0.4 - Reflected Cross-Site Scripting

Jan 14, 2025 Patched in 2.0.5 (32d)
CVE-2024-43237medium · 5.3Missing Authorization

WordPress Tag Cloud Plugin – Tag Groups <= 2.0.3 - Missing Authorization to Information Exposure

Sep 12, 2024 Patched in 2.0.4 (7d)
Version History

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Release Timeline

v2.1.1Current
v2.1.0
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.41 CVE
CVE-2025-22735
v2.0.32 CVEs
CVE-2024-43237 CVE-2025-22735
v2.0.22 CVEs
CVE-2024-43237 CVE-2025-22735
v2.0.12 CVEs
CVE-2024-43237 CVE-2025-22735
v2.0.02 CVEs
CVE-2024-43237 CVE-2025-22735
v1.44.3.12 CVEs
CVE-2024-43237 CVE-2025-22735
v1.44.32 CVEs
CVE-2024-43237 CVE-2025-22735
v1.44.12 CVEs
CVE-2024-43237 CVE-2025-22735
v1.44.02 CVEs
CVE-2024-43237 CVE-2025-22735
v1.43.10.12 CVEs
CVE-2024-43237 CVE-2025-22735
v1.43.102 CVEs
CVE-2024-43237 CVE-2025-22735
v1.43.92 CVEs
CVE-2024-43237 CVE-2025-22735
v1.43.72 CVEs
CVE-2024-43237 CVE-2025-22735
Code Analysis
Analyzed Mar 16, 2026

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
176
119 escaped
Nonce Checks
18
Capability Checks
38
File Operations
15
External Requests
0
Bundled Libraries
0

SQL Query Safety

86% prepared7 total queries

Output Escaping

40% escaped295 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

15 flows3 with unsanitized paths
do_bulk_action (include\admin\class.admin.php:309)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Attack Surface

Entry Points15
Unprotected7

AJAX Handlers 4

authwp_ajax_tg_free_ajax_processinclude\helpers\class.hooks.php:99
authwp_ajax_tg_ajax_get_feedinclude\helpers\class.hooks.php:239
authwp_ajax_tg_ajax_manage_groupsinclude\helpers\class.hooks.php:323
authwp_ajax_tg_ajax_benchmarkinclude\helpers\class.hooks.php:324

REST API Routes 5

GET/wp-json/tag-groups/v1/groups/(?P<id>\d+)include\helpers\class.rest_api.php:48
GET/wp-json/tag-groups/v1/groups/include\helpers\class.rest_api.php:92
GET/wp-json/tag-groups/v1/terms/(?P<id>\d+)include\helpers\class.rest_api.php:101
GET/wp-json/tag-groups/v1/terms/include\helpers\class.rest_api.php:133
GET/wp-json/tag-groups/v1/taxonomies/include\helpers\class.rest_api.php:142

Shortcodes 6

[tag_groups_cloud] include\helpers\class.shortcode_statics.php:27
[tag_groups_accordion] include\helpers\class.shortcode_statics.php:43
[tag_groups_alphabet_tabs] include\helpers\class.shortcode_statics.php:59
[tag_groups_info] include\helpers\class.shortcode_statics.php:75
[tag_groups_tag_list] include\helpers\class.shortcode_statics.php:82
[tag_groups_alphabetical_index] include\helpers\class.shortcode_statics.php:98
WordPress Hooks 58
actionterms_clausesinclude\admin\class.admin.php:346
actionterms_clausesinclude\admin\class.admin.php:367
actionterms_clausesinclude\admin\class.admin.php:533
actionterms_clausesinclude\admin\class.admin.php:564
filterget_terms_orderbyinclude\entities\class.group.php:351
actiontag_groups_run_term_migrationinclude\helpers\class.cron.php:46
actiontag_groups_check_tag_migrationinclude\helpers\class.cron.php:51
actiontag_groups_check_migrations_doneinclude\helpers\class.cron.php:56
actiontag_groups_clear_tag_groups_group_termsinclude\helpers\class.cron.php:61
actiontag_groups_purge_expired_transientsinclude\helpers\class.cron.php:66
actioninitinclude\helpers\class.hooks.php:59
filtertag_groups_modify_term_query_argsinclude\helpers\class.hooks.php:69
actionadmin_initinclude\helpers\class.hooks.php:84
actionadmin_menuinclude\helpers\class.hooks.php:85
actionadmin_menuinclude\helpers\class.hooks.php:86
actionadmin_enqueue_scriptsinclude\helpers\class.hooks.php:87
actionadmin_noticesinclude\helpers\class.hooks.php:91
filterblock_categories_allinclude\helpers\class.hooks.php:95
actiontag_groups_groups_of_term_savedinclude\helpers\class.hooks.php:106
actiondelete_terminclude\helpers\class.hooks.php:110
actionedited_terminclude\helpers\class.hooks.php:114
actionedited_terminclude\helpers\class.hooks.php:119
actionscp_update_menu_order_tagsinclude\helpers\class.hooks.php:132
actioncustomtaxorder_update_orderinclude\helpers\class.hooks.php:139
actionterm_group_savedinclude\helpers\class.hooks.php:146
actiontag_groups_term_group_deletedinclude\helpers\class.hooks.php:150
actiontag_groups_taxonomies_savedinclude\helpers\class.hooks.php:157
actionwp_enqueue_scriptsinclude\helpers\class.hooks.php:172
actioninitinclude\helpers\class.hooks.php:173
actionadmin_headinclude\helpers\class.hooks.php:201
filterterms_clausesinclude\helpers\class.hooks.php:205
actionload-edit-tags.phpinclude\helpers\class.hooks.php:214
actionadmin_footer-edit-tags.phpinclude\helpers\class.hooks.php:215
actionin_admin_headerinclude\helpers\class.hooks.php:219
actionin_admin_headerinclude\helpers\class.hooks.php:223
actionrestrict_manage_postsinclude\helpers\class.hooks.php:234
filterparse_queryinclude\helpers\class.hooks.php:235
actionadmin_noticesinclude\helpers\class.hooks.php:243
filteradmin_footer_textinclude\helpers\class.hooks.php:247
filteradmin_footer_textinclude\helpers\class.hooks.php:252
filteradmin_footer_textinclude\helpers\class.hooks.php:257
actionquick_edit_custom_boxinclude\helpers\class.hooks.php:281
actionadmin_footer-edit-tags.phpinclude\helpers\class.hooks.php:290
actionadmin_footer-edit-tags.phpinclude\helpers\class.hooks.php:294
actionload-edit-tags.phpinclude\helpers\class.hooks.php:298
actioncreate_terminclude\helpers\class.hooks.php:302
actioncreate_terminclude\helpers\class.hooks.php:306
actionedit_terminclude\helpers\class.hooks.php:310
filtersafe_style_cssinclude\helpers\class.options.php:841
filterwp_is_application_passwords_availableinclude\helpers\class.rest_api.php:34
actionrest_api_initinclude\helpers\class.rest_api.php:36
filterget_terms_orderbyinclude\helpers\class.shortcode_common.php:772
filterterms_clausesinclude\helpers\class.shortcode_common.php:839
filterwidget_textinclude\helpers\class.shortcode_statics.php:123
actiontag_groups_settings_right_sidebarincludes-core\TagGroupsCoreAdmin.php:52
actionenqueue_block_editor_assetssrc\init.php:119
actionadmin_noticestag-groups.php:115
actionplugins_loadedtag-groups.php:146
Maintenance & Trust

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 5, 2025
PHP min version7.2
Downloads296K

Community Trust

Rating94/100
Number of ratings49
Active installs3K
Alternatives

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Alternatives

Tags Page

Tags Page

tags-page

A
85

Adds a table listing all tags registered on your website.

100 No CVEs
Circle Tag Cloud

Circle Tag Cloud

circle-tag-cloud

A
100

Displays taxonomy terms in a beautiful, highly packed circle (or rectangle) layout with customizable color palettes and motion effects.

20 No CVEs
Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

Tag, Category, and Taxonomy Manager – Autotagger Automatically Add Terms

simple-tags

A
95

Tags, Categories and WordPress terms are easy with TaxoPress. Add a Tag or Category to Pages, manage your WooCommerce Categories and Tags and more.

50K 14 CVEs
Accordions

Accordions

accordions

A
94

Create sleek accordions, tabs, FAQs, and image accordions with a React builder featuring advanced styling, animations, OpenAI support, and customizati &hellip;

20K 8 CVEs
Meks Flexible Shortcodes

Meks Flexible Shortcodes

meks-flexible-shortcodes

A
97

Add some cool elements to your post/page content with flexible shortcodes.

10K 3 CVEs
Developer Profile

Tag Groups is the Advanced Way to Display Your Taxonomy Terms Developer Profile

Steve Burge

2 plugins · 53K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
170 days
View full developer profile
Detection Fingerprints

How We Detect Tag Groups is the Advanced Way to Display Your Taxonomy Terms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tag-groups/assets/js/frontend.js/wp-content/plugins/tag-groups/assets/js/frontend.min.js/wp-content/plugins/tag-groups/assets/css/style.css/wp-content/plugins/tag-groups/assets/css/frontend.css
Script Paths
/wp-content/plugins/tag-groups/assets/js/frontend.js/wp-content/plugins/tag-groups/assets/js/frontend.min.js
Version Parameters
tag-groups/assets/js/frontend.js?ver=tag-groups/assets/css/style.css?ver=tag-groups/assets/css/frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
tag-groups-cloudtag-groups-accordiontag-groups-tabstag-groups-alphabet-tabstag-groups-listtag-groups-table
HTML Comments
<!-- wp:chatty-mango/tag-groups-cloud-tabs<!-- wp:chatty-mango/tag-groups-cloud-accordion<!-- wp:chatty-mango/tag-groups-alphabet-tabs
Data Attributes
data-tag-groups-iddata-tag-groups-shortcodedata-tag-groups-options
JS Globals
tag_groups_frontend_params
REST Endpoints
/wp-json/tag-groups/v1/data
Shortcode Output
[tag_groups_cloud[tag_groups_accordion[tag_groups_alphabet_tabs[tag_groups_tabs
FAQ

Frequently Asked Questions about Tag Groups is the Advanced Way to Display Your Taxonomy Terms