Append Link on Copy Security & Risk Analysis
wordpress.org/plugins/append-link-on-copyThis plugin allows the user to automatically append a link to the current page, when users copy & paste a title or any line.
Is Append Link on Copy Safe to Use in 2026?
Use With Caution
Score 63/100Append Link on Copy has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The "append-link-on-copy" plugin version 0.2 presents a mixed security posture. While the static analysis reveals a commendable lack of dangerous functions, raw SQL queries, and external HTTP requests, and importantly, a complete absence of identified attack surface points like AJAX handlers, REST API routes, and shortcodes, there are significant concerns. The most alarming finding is that 100% of output is not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the context of a user's browser. Furthermore, the plugin has a history of known vulnerabilities, specifically a medium-severity Cross-Site Scripting issue that remains unpatched. This indicates a pattern of insecure coding practices that have led to exploitable flaws. Despite the clean static analysis of entry points, the lack of output escaping and the presence of an unpatched XSS vulnerability are critical weaknesses that outweigh the apparent strengths.
Key Concerns
- Unpatched medium severity CVE exists
- 100% of outputs are not properly escaped
- No nonce checks present
- No capability checks present
Append Link on Copy Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Append Link on Copy <= 0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Append Link on Copy Code Analysis
Output Escaping
Append Link on Copy Attack Surface
WordPress Hooks 4
Maintenance & Trust
Append Link on Copy Maintenance & Trust
Maintenance Signals
Community Trust
Append Link on Copy Alternatives
Add Backlink or Copy Protection
add-backlink-or-copy-protection
Automatically adds a backlink to your site when you copy text from it.
Simple Custom CSS and JS
custom-css-js
Easily add Custom CSS or JS to your website with an awesome editor.
Disable REST API
disable-json-api
Disable the use of the REST API on your website to site users. Now with User Role support!
JWT Authentication for WP REST API
jwt-authentication-for-wp-rest-api
Extends the WP REST API using JSON Web Tokens Authentication as an authentication method.
Clear Cache for Me
clear-cache-for-widgets
Purges cache on WPEngine, W3TC, WP Super Cache, WP Fastest Cache when widgets, menus, settings update. Forces browsers to reload CSS and JS files.
Append Link on Copy Developer Profile
2 plugins · 1K total installs
How We Detect Append Link on Copy
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/append-link-on-copy/js/append_link.js/wp-content/plugins/append-link-on-copy/js/append_link.jsHTML / DOM Fingerprints
Notice: Even though the text preview may not show the link, many web systems automatically link everything starting with http://, also everything copied from the front page, will not append the site titlename="append_link_on_copy_options[readmore]"name="append_link_on_copy_options[prepend_break]"name="append_link_on_copy_options[add_site_name]"name="append_link_on_copy_options[use_title]"name="append_link_on_copy_options[always_link_site]"append_link