Does Open Graph and Twitter Card Tags have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Open Graph and Twitter Card Tags compatible with WordPress 6.9.4?

According to WordPress.org data, Open Graph and Twitter Card Tags 3.3.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Open Graph and Twitter Card Tags compatible with PHP 7.0+?

Open Graph and Twitter Card Tags requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Open Graph and Twitter Card Tags updated?

Open Graph and Twitter Card Tags was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is Open Graph and Twitter Card Tags's security score?

Open Graph and Twitter Card Tags has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Open Graph and Twitter Card Tags Security & Risk Analysis

wordpress.org/plugins/wonderm00ns-simple-facebook-open-graph-tags

Improve social media sharing by inserting Facebook Open Graph, Twitter Card, and SEO Meta Tags on your WordPress website pages, posts, WooCommerce pro …

60K active installs v3.3.9 PHP 7.0+ WP 5.0+ Updated Jan 28, 2026

facebookopen-graphopen-graph-protocolsocial-mediatwitter-card

A · Safe

CVEs total2

Unpatched0

Last CVEJun 27, 2018

Download

Safety Verdict

Is Open Graph and Twitter Card Tags Safe to Use in 2026?

Generally Safe

Score 99/100

Open Graph and Twitter Card Tags has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jun 27, 2018Updated 3mo ago

Risk Assessment

The "wonderm00ns-simple-facebook-open-graph-tags" plugin v3.3.9 demonstrates generally good security practices, with a low attack surface and a high percentage of properly escaped outputs and prepared SQL statements. The plugin also incorporates a good number of nonce and capability checks. However, the presence of two past medium-severity Cross-Site Scripting (XSS) vulnerabilities, both last patched in 2018, suggests a history of input sanitization issues. While there are no currently unpatched CVEs, this historical pattern warrants caution. The taint analysis did reveal three flows with unsanitized paths, which, although not classified as critical or high severity in this analysis, could potentially lead to security issues if not handled with extreme care in future versions or if combined with other factors. The plugin's limited file operations and external HTTP requests are positive indicators. The overall security posture is moderately strong, with a good foundation of secure coding practices, but the historical XSS vulnerabilities and the identified unsanitized taint flows present an area for continued vigilance and potential improvement.

Key Concerns

Past medium severity XSS vulnerabilities
Flows with unsanitized paths identified

Vulnerabilities

2 published

Open Graph and Twitter Card Tags Security Vulnerabilities

CVEs by Year

2 CVEs in 2018

2018

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

WF-9242cebe-3394-4df9-9c60-8d8d6297d791-wonderm00ns-simple-facebook-open-graph-tagsmedium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Open Graph and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting

Jun 27, 2018 Patched in 2.2.4.2 (2036d)

CVE-2018-0579medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Open Graph and Twitter Card Tags < 2.2.4.1 - Reflected Cross-Site Scripting

Apr 27, 2018 Patched in 2.2.4.1 (2097d)

Version History

Open Graph and Twitter Card Tags Release Timeline

v3.3.9Current

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2-beta.1

v3.3.2

v3.3.1

v3.3.0

v3.2.0

v3.1.2

v3.1.1

v3.1.0

v3.0.0

v2.3.3

v2.3.2

v2.3.1

v2.3.0

Code Analysis

Analyzed Mar 16, 2026

Open Graph and Twitter Card Tags Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

384 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared6 total queries

Output Escaping

98% escaped391 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

admin_notices (admin\class-webdados-fb-open-graph-admin.php:524)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Open Graph and Twitter Card Tags Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_post_smtp_requestincludes\post-smtp-notice\recommend-post-smtp-base.php:39

noprivwp_ajax_post_smtp_requestincludes\post-smtp-notice\recommend-post-smtp-base.php:40

REST API Routes 1

POST/wp-json/recommend-post-smtp/requestincludes\post-smtp-notice\recommend-post-smtp-admin-notice.php:161

WordPress Hooks 32

filterpre_update_option_wonderm00n_open_graph_settingsadmin\class-webdados-fb-open-graph-admin.php:98

actionadmin_noticesadmin\class-webdados-fb-open-graph-admin.php:99

filterredirect_post_locationadmin\class-webdados-fb-open-graph-admin.php:493

actionbefore_woocommerce_initincludes\class-webdados-fb-open-graph.php:88

actionplugins_loadedincludes\class-webdados-fb-open-graph.php:377

actionplugins_loadedincludes\class-webdados-fb-open-graph.php:379

actioninitincludes\class-webdados-fb-open-graph.php:381

actionadmin_menuincludes\class-webdados-fb-open-graph.php:395

actionadmin_initincludes\class-webdados-fb-open-graph.php:397

actionupdate_option_wonderm00n_open_graph_settingsincludes\class-webdados-fb-open-graph.php:399

filterplugin_action_links_wonderm00ns-simple-facebook-open-graph-tags/wonderm00n-open-graph.phpincludes\class-webdados-fb-open-graph.php:401

actionuser_contactmethodsincludes\class-webdados-fb-open-graph.php:403

actionadd_meta_boxesincludes\class-webdados-fb-open-graph.php:405

actionsave_postincludes\class-webdados-fb-open-graph.php:406

actionadmin_noticesincludes\class-webdados-fb-open-graph.php:408

actionpost_updated_messagesincludes\class-webdados-fb-open-graph.php:410

actionthe_postincludes\class-webdados-fb-open-graph.php:428

actionwp_headincludes\class-webdados-fb-open-graph.php:430

filterlanguage_attributesincludes\class-webdados-fb-open-graph.php:432

filterlanguage_attributesincludes\class-webdados-fb-open-graph.php:434

actionrss2_nsincludes\class-webdados-fb-open-graph.php:436

actionrss_itemincludes\class-webdados-fb-open-graph.php:437

actionrss2_itemincludes\class-webdados-fb-open-graph.php:438

actionadmin_enqueue_scriptsincludes\post-smtp-notice\recommend-post-smtp-admin-notice.php:52

actionadmin_headincludes\post-smtp-notice\recommend-post-smtp-admin-notice.php:53

actionadmin_post_hide-post-smtp-recommendation-noticeincludes\post-smtp-notice\recommend-post-smtp-admin-notice.php:54

actionrest_api_initincludes\post-smtp-notice\recommend-post-smtp-admin-notice.php:55

actionrest_api_initincludes\post-smtp-notice\recommend-post-smtp-base.php:36

actionadmin_enqueue_scriptsincludes\post-smtp-notice\recommend-post-smtp-base.php:43

actionadmin_headincludes\post-smtp-notice\recommend-post-smtp-base.php:44

actionadmin_menuincludes\post-smtp-notice\recommend-post-smtp-base.php:57

actionadmin_menuincludes\post-smtp-notice\recommend-post-smtp-base.php:61

Maintenance & Trust

Open Graph and Twitter Card Tags Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 28, 2026

PHP min version7.0

Downloads2.3M

Community Trust

Rating92/100

Number of ratings122

Active installs60K

Alternatives

Open Graph and Twitter Card Tags Alternatives

Social Media Card Generator

social-media-card-generator

100

Short Description: A WordPress plugin to easily generate custom social media cards for posts.

10 No CVEs

OG — Better Share on Social Media

100

The simple method to add Open Graph metadata to your entries so that they look great when shared on sites.

30K No CVEs

Optimize Social Share

heateor-open-graph-meta-tags

100

Optimizes social share by inserting Facebook Open Graph Meta Tags, General Meta Tags, Schema.org Meta Tags, Twitter Cards and Other Meta Tags in HTML …

3K No CVEs

Open Graph Protocol Framework

open-graph-protocol-framework

100

The Open Graph Protocol enables any web page to become a rich object in a social graph. This plugin renders meta tags within an extension framework.

3K No CVEs

Open Graph Pro

ogp

Adds Open Graph tags to your blog. Control how your posts and pages are presented on Facebook and other social media sites. No configuration needed.

1K No CVEs

Developer Profile

Open Graph and Twitter Card Tags Developer Profile

Saad Iqbal

89 plugins · 1.4M total installs

trust score

Avg Security Score

93/100

Avg Patch Time

267 days

View full developer profile

Detection Fingerprints

How We Detect Open Graph and Twitter Card Tags

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/admin/css/style.css/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/admin/js/script.js

Script Paths

/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/admin/js/script.js

Version Parameters

wonderm00ns-simple-facebook-open-graph-tags/admin/css/style.css?ver=wonderm00ns-simple-facebook-open-graph-tags/admin/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

ogatc-settings

FAQ