Taxonomy Converter Security & Risk Analysis
wordpress.org/plugins/taxonomy-converterCopy or convert terms between taxonomies.
Is Taxonomy Converter Safe to Use in 2026?
Generally Safe
Score 85/100Taxonomy Converter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The taxonomy-converter v1.3 plugin exhibits a generally good security posture, with no known vulnerabilities in its history and a clean bill of health regarding dangerous functions, SQL queries (all prepared), file operations, and external HTTP requests. The static analysis reveals a minimal attack surface, with no direct entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication. This significantly reduces the immediate risk of common web attacks.
However, the analysis does highlight a notable concern: 37% of output escaping is not properly handled. While the taint analysis found no critical or high-severity unsanitized paths, the presence of two flows with unsanitized paths, even if not categorized as severe, coupled with the low percentage of proper output escaping, indicates a potential for cross-site scripting (XSS) vulnerabilities. Attacks could occur if malicious data were to be injected and subsequently rendered without adequate sanitization in the affected output areas. The plugin's capability checks are present, but the lack of nonce checks on any entry points (though there are no direct entry points to check) is a missed opportunity for defense-in-depth if any were to be introduced in the future.
In conclusion, taxonomy-converter v1.3 is strong in its absence of critical vulnerabilities and attack surface. The primary weakness lies in its output sanitization practices, which could be improved to mitigate potential XSS risks. The lack of historical vulnerabilities is a positive sign, suggesting developer attention to security, but the code analysis reveals areas for enhancement.
Key Concerns
- Unsanitized paths detected
- Low percentage of properly escaped output
Taxonomy Converter Security Vulnerabilities
Taxonomy Converter Code Analysis
Output Escaping
Data Flow Analysis
Taxonomy Converter Attack Surface
WordPress Hooks 1
Maintenance & Trust
Taxonomy Converter Maintenance & Trust
Maintenance Signals
Community Trust
Taxonomy Converter Alternatives
Term Taxonomy Converter
term-taxonomy-converter
Copy or convert terms between taxonomies.
Categories to Tags Converter
wpcat2tag-importer
Convert existing categories to tags or tags to categories, selectively.
Yoast Duplicate Post
duplicate-post
The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.
Duplicate Post
copy-delete-posts
Duplicate post
Duplicate Menu
duplicate-menu
Easily duplicate your WordPress menus with one click.
Taxonomy Converter Developer Profile
1 plugin · 600 total installs
How We Detect Taxonomy Converter
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/taxonomy-converter/taxonomy-converter.csstaxonomy-converter/taxonomy-converter.css?ver=taxonomy-converter/taxonomy-converter.js?ver=HTML / DOM Fingerprints
nav-tabnav-tab-activewrapnarrow<![CDATA[]]>* This term is already in another taxonomy, converting will add the new taxonomy term to existing posts in that taxonomy.name="term_list"id="term_list"name="convert"value="0"checked="checked"value="1"+3 morecheckflagcheck_all_rows