Does Tags All In One have any unpatched vulnerabilities?

No. All known vulnerabilities in Tags All In One have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tags All In One compatible with WordPress 6.7.5?

According to WordPress.org data, Tags All In One 1.2.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Tags All In One updated?

Tags All In One was last updated on Feb 11, 2025. Frequent updates are generally a positive security signal.

What is Tags All In One's security score?

Tags All In One has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tags All In One Security & Risk Analysis

wordpress.org/plugins/tags-all-in-one

Display a customizable tag cloud from selected taxonomies with various sorting and styling options.

100 active installs v1.2.1 PHP + WP 5.0.0+ Updated Feb 11, 2025

cloudshortcodetagstaxonomywidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tags All In One Safe to Use in 2026?

Generally Safe

Score 92/100

Tags All In One has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "tags-all-in-one" v1.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerability history (CVEs). The lack of dangerous functions, file operations, and external HTTP requests is also encouraging.

However, there are significant concerns. The plugin has a notable lack of input validation and authorization checks, particularly for its AJAX handler, which is exposed without any authentication. This represents a direct and substantial attack vector. Furthermore, a substantial portion of its output is not properly escaped, leaving it vulnerable to Cross-Site Scripting (XSS) attacks if malicious input is processed. The absence of nonce checks on its AJAX handler is a critical oversight that amplifies the risk of CSRF attacks.

While the plugin has no known historical vulnerabilities, the presence of an unprotected AJAX handler and significant unescaped output in the current version indicates a developer who may not fully prioritize security best practices in these areas. The overall risk is moderate due to the high potential for exploitation of the unprotected AJAX endpoint and XSS vulnerabilities, despite the absence of known historical issues.

Key Concerns

AJAX handler without auth checks
Output escaping is only 54% proper
Missing nonce checks on AJAX handler

Vulnerabilities

None known

Tags All In One Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tags All In One Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

53 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

54% escaped98 total outputs

Attack Surface

1 unprotected

Tags All In One Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 1

authwp_ajax_tags_all_in_one_shortcode_generatortags-all-in-one.php:77

REST API Routes 1

POST/wp-json/tags-all-in-one/v1/tags-preview/tags-all-in-one.php:226

Shortcodes 1

[tags_all_in_one] shortcode-decode.class.php:18

WordPress Hooks 9

actioninittags-all-in-one.php:32

actionrest_api_inittags-all-in-one.php:61

actioninittags-all-in-one.php:67

actionadmin_enqueue_scriptstags-all-in-one.php:72

actionenqueue_block_editor_assetstags-all-in-one.php:79

filtermce_external_pluginstags-all-in-one.php:169

filtermce_buttonstags-all-in-one.php:170

filterwp_generate_tag_cloud_datatags-generator.class.php:103

actionwidgets_inittags-widget.class.php:168

Maintenance & Trust

Tags All In One Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 11, 2025

PHP min version

Downloads6K

Community Trust

Rating90/100

Number of ratings2

Active installs100

Alternatives

Tags All In One Alternatives

Tags Page

tags-page

Adds a table listing all tags registered on your website.

100 No CVEs

Ultimate Tag Cloud Widget

ultimate-tag-cloud-widget

This plugin aims to be the most configurable tag cloud widget out there, able to suit all your weird tag cloud needs.

4K No CVEs

Tag Groups is the Advanced Way to Display Your Taxonomy Terms

tag-groups

Tag Groups allows you to organize your WordPress taxonomy terms and show them in clouds, tabs, accordions, tables, lists and much more.

3K 2 CVEs

Configurable Tag Cloud (CTC)

configurable-tag-cloud-widget

Display a tag cloud customized with your preferences in the sidebar.

2K 1 CVE

Taxonomy Dropdown Widget

tag-dropdown-widget

100

Creates a dropdown list of non-hierarchical taxonomies as an alternative to the term (tag) cloud. Formerly known as Tag Dropdown Widget.

2K No CVEs

Developer Profile

Tags All In One Developer Profile

teastudio.pl

2 plugins · 3K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

5 days

View full developer profile

Detection Fingerprints

How We Detect Tags All In One

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tags-all-in-one/css/tags-all-in-one-admin.css/wp-content/plugins/tags-all-in-one/js/block/block-tags-all-in-one.js/wp-content/plugins/tags-all-in-one/css/tags-all-in-one-editor.css

Script Paths

/wp-content/plugins/tags-all-in-one/js/plugin-4.0.js/wp-content/plugins/tags-all-in-one/js/plugin-3.9.js/wp-content/plugins/tags-all-in-one/js/plugin-3.6.js

HTML / DOM Fingerprints

JS Globals

TagsAllInOnePluginData

REST Endpoints

/wp-json/tags-all-in-one/v1/tags-preview/

Shortcode Output

[tags_all_in_one]

FAQ