Does Custom Page Links have any unpatched vulnerabilities?

No. All known vulnerabilities in Custom Page Links have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Custom Page Links compatible with WordPress 4.5.33?

According to WordPress.org data, Custom Page Links 1.1 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Custom Page Links updated?

Custom Page Links was last updated on Nov 25, 2015. Frequent updates are generally a positive security signal.

What is Custom Page Links's security score?

Custom Page Links has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Custom Page Links Security & Risk Analysis

wordpress.org/plugins/custom-page-links

A WordPress plugin to set a custom list of links on a page. The links are listed using a ShortCode.

10 active installs v1.1 PHP + WP 4.1.1+ Updated Nov 25, 2015

linkspageshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Custom Page Links Safe to Use in 2026?

Generally Safe

Score 85/100

Custom Page Links has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "custom-page-links" v1.1 plugin presents a mixed security posture. On the positive side, it demonstrates good practices by not utilizing dangerous functions, all SQL queries are prepared, and there are no known historical vulnerabilities. However, significant concerns arise from its attack surface and output escaping. A substantial portion of its AJAX handlers (4 out of 4) lack proper authentication checks, making them prime targets for unauthorized actions. Furthermore, only 18% of output is properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unsanitized path flow identified in the taint analysis. The vulnerability history being clean is a positive indicator, suggesting the developers may be responsive to security, but it does not negate the immediate risks identified in the static analysis. The lack of capability checks on most entry points and the presence of an unsanitized path flow are critical weaknesses that need immediate attention. While the plugin avoids common pitfalls like raw SQL or bundled libraries, the exposed AJAX endpoints and inadequate output escaping create a considerable risk profile.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
Flow with unsanitized path
Lack of nonce checks on AJAX
Limited capability checks on entry points

Vulnerabilities

None known

Custom Page Links Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Custom Page Links Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

18% escaped28 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

getLinkActions (admin\Metabox.php:99)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Custom Page Links Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_cpl_remove_linkadmin\Metabox.php:47

authwp_ajax_cpl_edit_linkadmin\Metabox.php:48

authwp_ajax_cpl_edit_confirmadmin\Metabox.php:49

authwp_ajax_cpl_link_actionsadmin\Metabox.php:50

Shortcodes 1

[cpl] Shortcode.php:15

WordPress Hooks 5

actionadd_meta_boxesadmin\Metabox.php:41

actionload-page.phpadmin\Metabox.php:43

actionload-page-new.phpadmin\Metabox.php:44

actionadmin_enqueue_scriptsadmin\Metabox.php:51

actionplugins_loadedCustomPageLinks.php:61

Maintenance & Trust

Custom Page Links Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedNov 25, 2015

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Custom Page Links Alternatives

Yada Wiki

yada-wiki

Yada Wiki is a simple wiki for your WordPress site.

2K 2 CVEs

Shortcode Reference

shortcode-reference

This plugin will provide a list and details about available shortcodes in your current installment. All when you need it most - when editing content.

100 No CVEs

Browse Topic

browse-topic

It creates browse topic or tags with ( ASC/DESC ) control filter at the top. It makes your blog readers easy to choose what topic they want to read.

10 No CVEs

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs

Developer Profile

Custom Page Links Developer Profile

Morten Holt

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Custom Page Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/custom-page-links/js/metabox.js/wp-content/plugins/custom-page-links/js/link.js/wp-content/plugins/custom-page-links/stylesheets/screen.css/wp-content/plugins/custom-page-links/stylesheets/print.css

Script Paths

../js/metabox.js../js/link.js

HTML / DOM Fingerprints

Data Attributes

data-post-iddata-link-id

JS Globals

cplMetaboxLang

REST Endpoints

/wp-json/custom-page-links/v1/remove-link/wp-json/custom-page-links/v1/edit-link/wp-json/custom-page-links/v1/update-link/wp-json/custom-page-links/v1/get-link-actions

FAQ