WP-Safety

User Taxonomy & Directory Security & Risk Analysis

wordpress.org/plugins/user-tags

User Taxonomy & Directory helps you effortlessly manage user taxonomies on your WordPress website. With a user-friendly interface, it simplifies t …

50 active installs v2.0 PHP 7.2+ WP 6.0+ Updated Sep 26, 2023
tagstaxonomiesuser-directoryuser-tagsuser-taxonomy
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is User Taxonomy & Directory Safe to Use in 2026?

Generally Safe

Score 85/100

User Taxonomy & Directory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "user-tags" v2.0 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin has a minimal attack surface, with only one AJAX handler and no exposed REST API routes, shortcodes, or cron events. Crucially, this single entry point has a nonce check, indicating good practice in preventing CSRF attacks. The code analysis also reveals responsible use of SQL queries, with 100% utilizing prepared statements and a high percentage of output escaping, mitigating common injection and XSS risks. The absence of any known CVEs, historical vulnerabilities, or critical taint flows further reinforces its secure design.

While the plugin's current state appears secure, the analysis points to potential areas for continued vigilance. Although the single AJAX handler has a nonce check, the fact that it's the only entry point means any potential future vulnerabilities introduced here would be directly accessible. The 91% output escaping rate, while high, still leaves a small margin for potential XSS if the unescaped outputs are exploitable. Overall, "user-tags" v2.0 demonstrates a commitment to secure coding practices. The lack of historical issues and a robust static analysis suggests a well-maintained plugin, making it a relatively low-risk option for WordPress users. However, as with any software, ongoing monitoring and updates are always recommended to maintain this strong security standing.

Vulnerabilities
None known

User Taxonomy & Directory Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

User Taxonomy & Directory Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
8
79 escaped
Nonce Checks
4
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

91% escaped87 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
render_taxonomies_page (admin\taxonomies\class-user-tags-taxonomies.php:105)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

User Taxonomy & Directory Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_ut_delete_taxonomyadmin\taxonomies\class-user-tags-taxonomies.php:28
WordPress Hooks 20
actionadmin_menuadmin\taxonomies\class-user-tags-taxonomies.php:23
filterparent_fileadmin\taxonomies\class-user-tags-taxonomies.php:25
actionwp_loadedadmin\taxonomies\class-user-tags-taxonomies.php:31
actioninitadmin\taxonomies\class-user-tags-taxonomies.php:33
actionregistered_taxonomyadmin\taxonomies\class-user-tags-taxonomies.php:36
actionadmin_noticesadmin\taxonomies\class-user-tags-taxonomies.php:327
actionadmin_noticesadmin\taxonomies\class-user-tags-taxonomies.php:336
actionadmin_noticesadmin\taxonomies\class-user-tags-taxonomies.php:339
actionshow_user_profileadmin\user-profile\class-user-tags-profile.php:17
actionedit_user_profileadmin\user-profile\class-user-tags-profile.php:18
actionpersonal_options_updateadmin\user-profile\class-user-tags-profile.php:20
actionedit_user_profile_updateadmin\user-profile\class-user-tags-profile.php:21
actiondeleted_useradmin\user-profile\class-user-tags-profile.php:27
actionadmin_enqueue_scriptsinc\class-usertags.php:17
actionwp_enqueue_scriptsinc\class-usertags.php:18
filtertaxonomy_templateinc\class-usertags.php:20
actionwp_headinc\class-usertags.php:21
actioninituser-directory\class-user-tags-user-directory.php:19
actionadmin_enqueue_scriptsuser-directory\class-user-tags-user-directory.php:44
actionwp_enqueue_scriptsuser-directory\class-user-tags-user-directory.php:45
Maintenance & Trust

User Taxonomy & Directory Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedSep 26, 2023
PHP min version7.2
Downloads57K

Community Trust

Rating92/100
Number of ratings13
Active installs50
Alternatives

User Taxonomy & Directory Alternatives

Attachment Taxonomies

Attachment Taxonomies

attachment-taxonomies

A
100

This plugin adds categories and tags to the WordPress media library - lightweight and developer-friendly.

1K No CVEs
WP Required Taxonomies – Categories and Tags Mandatory

WP Required Taxonomies – Categories and Tags Mandatory

required-taxonomies

A
92

Force users to select a taxonomy term when publishing posts. For example, make category or tags required

1K No CVEs
TagPages

TagPages

tagpages

A
85

Adds post-tags functionality for pages.

1K No CVEs
Simple Taxonomy Refreshed

Simple Taxonomy Refreshed

simple-taxonomy-refreshed

A
100

This plugin provides a no-code facility to manage your taxonomies - either by defining your own or by adding additional function to existing ones.

500 No CVEs
Term Taxonomy Converter

Term Taxonomy Converter

term-taxonomy-converter

A
99

Copy or convert terms between taxonomies.

500 1 CVE
Developer Profile

User Taxonomy & Directory Developer Profile

Umesh Kumar

2 plugins · 60 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect User Taxonomy & Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/user-tags/assets/css/block.min.css/wp-content/plugins/user-tags/assets/css/main.min.css/wp-content/plugins/user-tags/assets/js/user_taxonomy.js
Script Paths
/wp-content/plugins/user-tags/assets/js/user_taxonomy.js
Version Parameters
user-tags/assets/css/block.min.css?ver=user-tags/assets/css/main.min.css?ver=user-tags/assets/js/user_taxonomy.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-block-user-tags-user-directory
Data Attributes
data-block="user-tags/user-directory"
JS Globals
wp_ut
FAQ

Frequently Asked Questions about User Taxonomy & Directory