Tagged Sitemap Security & Risk Analysis

wordpress.org/plugins/tagged-sitemap

Creates a shortcode [tagged-sitemap] that renders a nested list with all the pages and tags for page. When a tag is clicked, related pages are then h …

10 active installs v1.0 PHP + WP 2.8+ Updated Mar 7, 2012
sitemaptags
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Tagged Sitemap Safe to Use in 2026?

Generally Safe

Score 85/100

Tagged Sitemap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 14yr ago
Risk Assessment

The tagged-sitemap plugin v1.0 exhibits a generally good security posture in several areas. The absence of any known vulnerabilities in its history is a significant positive indicator. Static analysis reveals no dangerous functions, no raw SQL queries, and no external HTTP requests, all of which are excellent security practices. The plugin also avoids using bundled libraries, reducing the risk of introducing outdated and vulnerable third-party code. Furthermore, the reported attack surface is minimal, with no unprotected entry points identified in the static analysis. However, a notable concern arises from the output escaping. With only 25% of the identified outputs being properly escaped, there is a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-provided data that is displayed without proper sanitization or encoding could be exploited by attackers to inject malicious scripts, potentially leading to session hijacking or other damaging actions. The lack of nonce checks and capability checks, while not directly linked to an immediate exploit in this analysis, represents a missed opportunity to further harden the plugin against unauthorized actions, particularly if the shortcode has any administrative or sensitive functionality.

Key Concerns

  • Low output escaping rate
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

Tagged Sitemap Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Tagged Sitemap Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Tagged Sitemap Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
1 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

25% escaped4 total outputs
Attack Surface

Tagged Sitemap Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[tagged-sitemap] tagged-sitemap.php:65
Maintenance & Trust

Tagged Sitemap Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedMar 7, 2012
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Tagged Sitemap Developer Profile

michaelha

2 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tagged Sitemap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tagged-sitemap/tagged-sitemap.css/wp-content/plugins/tagged-sitemap/tagged-sitemap.js
Script Paths
/wp-content/plugins/tagged-sitemap/tagged-sitemap.js
Version Parameters
tagged-sitemap/tagged-sitemap.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes
tag-item-
Shortcode Output
<ul id="sitemap-pages"><div id="sitemap-tags">Tags:
FAQ

Frequently Asked Questions about Tagged Sitemap