Does Enhanced Linking have any unpatched vulnerabilities?

No. All known vulnerabilities in Enhanced Linking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Enhanced Linking compatible with WordPress 4.0.38?

According to WordPress.org data, Enhanced Linking 1.0.5 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Enhanced Linking updated?

Enhanced Linking was last updated on Aug 18, 2016. Frequent updates are generally a positive security signal.

What is Enhanced Linking's security score?

Enhanced Linking has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Enhanced Linking Security & Risk Analysis

wordpress.org/plugins/enhanced-linking

This plugin enhances the Insert/Edit Link dialogue by letting users select and find additional content from their blog and external web.

100 active installs v1.0.5 PHP + WP 3.6+ Updated Aug 18, 2016

articlesimageskeywordslinkstags

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Enhanced Linking Safe to Use in 2026?

Generally Safe

Score 85/100

Enhanced Linking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'enhanced-linking' plugin v1.0.5 exhibits a concerning security posture primarily due to its unprotected AJAX handler. While the plugin demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerability history, the presence of an unprotected AJAX endpoint creates a significant attack surface. This allows any user, regardless of their privileges, to trigger the plugin's AJAX functionality, potentially leading to unintended consequences or exploitation if the handler's logic is flawed.

The static analysis also revealed that 100% of the plugin's output is not properly escaped. This means that any data displayed to users through the plugin could be manipulated by an attacker to inject malicious code, such as cross-site scripting (XSS) payloads. Although no critical or high-severity taint flows were detected, the combination of an unprotected entry point and unescaped output presents a tangible risk.

The absence of any known vulnerabilities is a positive sign, suggesting a potentially well-maintained codebase. However, this does not negate the immediate risks identified through static analysis. The plugin's strengths lie in its SQL handling and clean vulnerability history, but these are overshadowed by the critical need for authentication on its AJAX endpoint and proper output escaping.

Key Concerns

AJAX handler without auth checks
Output escaping not properly implemented

Vulnerabilities

None known

Enhanced Linking Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Enhanced Linking Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

on_ajax_bingsearch (enhanced-linking.php:45)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Enhanced Linking Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_el_bingsearchenhanced-linking.php:36

WordPress Hooks 2

actionadmin_initenhanced-linking.php:32

actionafter_wp_tiny_mceenhanced-linking.php:33

Maintenance & Trust

Enhanced Linking Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedAug 18, 2016

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Enhanced Linking Alternatives

Broken Link Checker

broken-link-checker

Broken Link Checker helps you catch broken links & images fast, before they hurt your SEO or UX. Scan and bulk-fix issues from one easy dashboard.

500K 11 CVEs

Media Library Assistant

media-library-assistant

Enhances the Media Library; powerful gallery and list shortcodes, full taxonomy support, IPTC/EXIF/XMP/PDF processing, bulk/quick edit.

70K 26 CVEs

AI WP Writer – SEO content generator, chatGPT, Gemini

ai-wp-writer

Create high-quality SEO articles and AI images. Auto-fill website. Generate, rewrite and translate with AI. Powered by Gemini, GPT-5, NanoBanana, FLUX

3K 2 CVEs

Automatic Post Tagger

automatic-post-tagger

Adds relevant taxonomy terms to posts using a keyword list provided by the user.

2K No CVEs

Simple Keyword to Link

simple-keyword-to-link

Really Simple "Keyword to Link" Converter. Automatically create links for specific words in your content

2K 2 unpatched

Developer Profile

Enhanced Linking Developer Profile

Zemanta

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Enhanced Linking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/enhanced-linking/links.js/wp-content/plugins/enhanced-linking/links.css

Script Paths

/wp-content/plugins/enhanced-linking/links.js

Version Parameters

enhanced-linking/links.js?ver=enhanced-linking/links.css?ver=

HTML / DOM Fingerprints

JS Globals

window.enhanced_linking

REST Endpoints

/wp-json/enhanced-linking/v1

FAQ