WP-Safety

TagLock Security & Risk Analysis

wordpress.org/plugins/taglock

Protect WordPress content based on KlickTipp tags - no membership required, 100% cache compatible and secure.

0 active installs v1.0.0 PHP 8.2+ WP 6.8+ Updated Jan 17, 2026
content-protectionemail-marketingklicktippnewsletter
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is TagLock Safe to Use in 2026?

Generally Safe

Score 100/100

TagLock has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'taglock' plugin v1.0.0 exhibits a generally good security posture, with several strong practices in place. The complete absence of known CVEs and a history of no recorded vulnerabilities are highly positive indicators. The code analysis reveals all SQL queries are properly prepared, all output is correctly escaped, and there are a reasonable number of capability checks. A single nonce check is present, which is a positive sign for input validation, though its placement and scope are not detailed.

However, a critical concern arises from the presence of the `unserialize()` function. This function is notoriously dangerous if used with untrusted input, as it can lead to remote code execution vulnerabilities. While the static analysis doesn't explicitly show a tainted flow involving `unserialize()`, its mere presence represents a significant potential risk. The single shortcode also represents an entry point that, depending on its implementation, could be a vector for attacks, especially if it interacts with the `unserialize()` function without proper sanitization.

In conclusion, 'taglock' v1.0.0 has strengths in its vulnerability history and core security practices like prepared SQL and output escaping. The primary weakness lies in the latent risk posed by the `unserialize()` function. The low attack surface is beneficial, but the potential for a critical vulnerability exists if user-supplied data is passed to `unserialize()` without robust validation.

Key Concerns

  • Presence of unserialize() function
Vulnerabilities
None known

TagLock Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

TagLock Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
18 prepared
Unescaped Output
0
21 escaped
Nonce Checks
1
Capability Checks
8
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$result->data = ! empty( $body ) ? @unserialize( $body ) : null;src\Service\KlickTippApiService.php:228

SQL Query Safety

100% prepared18 total queries

Output Escaping

100% escaped21 total outputs
Attack Surface

TagLock Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[taglock] src\Controller\ShortcodeController.php:22
WordPress Hooks 8
actionplugins_loadedsrc\Controller\ActivationController.php:48
actionplugins_loadedsrc\Controller\ActivationController.php:52
actionrest_api_initsrc\Controller\ApiController.php:24
actionadmin_menusrc\Controller\MenuController.php:24
filterrest_post_dispatchsrc\Controller\RestResponseController.php:22
actionadmin_enqueue_scriptssrc\Controller\ScriptController.php:22
actionwp_enqueue_scriptssrc\Controller\ScriptController.php:23
actionadmin_noticestaglock.php:27
Maintenance & Trust

TagLock Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 17, 2026
PHP min version8.2
Downloads101

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

TagLock Alternatives

Hostinger Reach – AI-Powered Email Marketing for WordPress

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

A
100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs
MailPoet – Newsletters, Email Marketing, and Automation

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

A
98

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs
Newsletter – Send awesome emails from WordPress

Newsletter – Send awesome emails from WordPress

newsletter

A
89

An email marketing tool for your blog: subscription forms to create your lists with unlimited subscribers and newsletters.

200K 20 CVEs
Brevo – Email, SMS, Web Push, Chat, and more.

Brevo – Email, SMS, Web Push, Chat, and more.

mailin

A
92

Turn your WordPress site into a marketing powerhouse. Grow your audience, boost engagement, and drive more sales with Brevo.

100K 9 CVEs
Newsletters, Email Marketing, SMS and Popups by Omnisend

Newsletters, Email Marketing, SMS and Popups by Omnisend

omnisend

A
100

Newsletters, Email Marketing, Email Automation, Forms, Pop Up, SMS by Omnisend

100K No CVEs
Developer Profile

TagLock Developer Profile

GoSuccess

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect TagLock

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/taglock/assets/build/admin/index.js/wp-content/plugins/taglock/assets/build/admin/style-index.css/wp-content/plugins/taglock/assets/build/frontend/index.js/wp-content/plugins/taglock/assets/build/frontend/style-index.css
Script Paths
/wp-content/plugins/taglock/assets/build/admin/index.js/wp-content/plugins/taglock/assets/build/frontend/index.js
Version Parameters
taglock/assets/build/admin/index.js?ver=taglock/assets/build/admin/style-index.css?ver=taglock/assets/build/frontend/index.js?ver=taglock/assets/build/frontend/style-index.css?ver=

HTML / DOM Fingerprints

JS Globals
taglockAdminConfig
REST Endpoints
/wp-json/taglock/v1/settings/wp-json/taglock/v1/sync
FAQ

Frequently Asked Questions about TagLock