Does Taxonomy Tree Toggler have any unpatched vulnerabilities?

No. All known vulnerabilities in Taxonomy Tree Toggler have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Taxonomy Tree Toggler compatible with WordPress 5.7.15?

According to WordPress.org data, Taxonomy Tree Toggler 1.0.0 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Taxonomy Tree Toggler updated?

Taxonomy Tree Toggler was last updated on Mar 20, 2021. Frequent updates are generally a positive security signal.

What is Taxonomy Tree Toggler's security score?

Taxonomy Tree Toggler has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Taxonomy Tree Toggler Security & Risk Analysis

wordpress.org/plugins/taxonomy-tree-toggler

Check all parent taxonomies on check, uncheck all sub-taxnomies on uncheck. Compatible with WordPress Gutenberg. Working with WordPress hierarchical …

90 active installs v1.0.0 PHP + WP 5.7+ Updated Mar 20, 2021

categorycustom-post-typesparenttaxonomytoggle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Taxonomy Tree Toggler Safe to Use in 2026?

Generally Safe

Score 85/100

Taxonomy Tree Toggler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The taxonomy-tree-toggler plugin v1.0.0 exhibits a seemingly strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, the code signals indicate no dangerous functions, all SQL queries use prepared statements, and there are no file operations or external HTTP requests. The absence of known vulnerabilities and CVEs in its history is also a positive indicator.

However, a significant concern arises from the "Output escaping" metric, which shows 1 total output with 0% properly escaped. This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if any user-supplied data is reflected directly into the output without proper sanitization. While the taint analysis shows no flows with unsanitized paths, this could be due to the limited number of flows analyzed or the absence of specific entry points that would trigger such analysis. The plugin also lacks nonce and capability checks, which, while not immediately exploitable given the zero attack surface, represent a gap in robust security practices should new entry points be introduced in future versions.

In conclusion, while the plugin has avoided known vulnerabilities and boasts a clean code signal in most areas, the unescaped output is a critical weakness that must be addressed. The lack of authentication checks, though currently mitigated by the absence of entry points, also presents a future risk. The plugin is likely safe for now due to its limited scope, but the output escaping issue makes it susceptible to XSS if it interacts with user-controlled data in its output.

Key Concerns

100% of outputs unescaped
No nonce checks
No capability checks

Vulnerabilities

None known

Taxonomy Tree Toggler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Taxonomy Tree Toggler Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped1 total outputs

Attack Surface

Taxonomy Tree Toggler Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_footer-edit.phptaxonomy-tree-toggler.php:103

actionadmin_footer-post.phptaxonomy-tree-toggler.php:104

actionadmin_footer-post-new.phptaxonomy-tree-toggler.php:105

Maintenance & Trust

Taxonomy Tree Toggler Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedMar 20, 2021

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs90

Alternatives

Taxonomy Tree Toggler Alternatives

Parent Category Toggler

parent-category-toggler

Automatically toggle the parent categories when a sub category is selected.

10K No CVEs

WP Category Order

wp-category-order

100

Display WordPress post categories in parent–child hierarchy while editing posts in the admin panel

400 No CVEs

Simple Category List

categorylist

Major features in Simple category list include:

30 No CVEs

Custom Post Type UI

custom-post-type-ui

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

Developer Profile

Taxonomy Tree Toggler Developer Profile

sskaje

1 plugin · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Taxonomy Tree Toggler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

components-checkbox-control__inputeditor-post-taxonomies__hierarchical-terms-subchoices

Shortcode Output

<script>

(function () {
    jQuery(document).on('change', '.selectit input[type="checkbox"]', function(){
        if (jQuery(this).prop('checked')) {
            checkParentNodes(jQuery(this));
        } else {
            uncheckChildNodes(jQuery(this));
        }
    }).on('change', 'input.components-checkbox-control__input[type="checkbox"]', function() {
        if (jQuery(this).prop('checked')) {
            gtCheckParent(jQuery(this));
        } else {
            gtUncheckChildren(jQuery(this));
        }
    });

    function checkParentNodes(_el)
    {
        var _parent = findParentObj(_el);
        if (_parent.length != 0)
        {
            _parent[0].checked = 1;
            checkParentNodes(_parent);
        }
    }

    function findParentWithDepth(_el, _depth) {
        var parent = _el;
        var c = 0;
        do {
            parent = parent.parent();
        } while (++c < _depth);
        return parent;
    }

    function findParentObj(_el)
    {
        return findParentWithDepth(_el, 3).prev().children("input");
    }

    function uncheckChildNodes(_el)
    {
        _el.parent().siblings().find('input[type="checkbox"]').each(function() {
            jQuery(this).prop('checked', false);
        });
    }

    // Gutenberg, find labels and click
    function gtCheckParent(_el)
    {
        var _parent = gtFindParentCheckbox(_el);
        if (_parent.length != 0)
        {
            if (!_parent.prop('checked')) {
                _parent.parent().next().trigger('click');
            }
            gtCheckParent(_parent.parent());
        }
    }

    function gtFindParentCheckbox(_el)
    {
        var p = findParentWithDepth(_el, 5);
        if (p.hasClass('editor-post-taxonomies__hierarchical-terms-subchoices')) {
            return p.prev().find('input[type="checkbox"]');
        } else {
            return [];
        }
    }

    function gtUncheckChildren(_el)
    {
        var selector = '.editor-post-taxonomies__hierarchical-terms-subchoices';
        findParentWithDepth(_el, 3).next(selector).find('input[type="checkbox"]').each(function() {
            if (jQuery(this).prop('checked')) {
                jQuery(this).parent().next().trigger('click');
            }
        });
    }

})();
</script>

FAQ