Does Link Diagnostics – Broken Links, Redirects, and Link Insights have any unpatched vulnerabilities?

No. All known vulnerabilities in Link Diagnostics – Broken Links, Redirects, and Link Insights have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Link Diagnostics – Broken Links, Redirects, and Link Insights compatible with WordPress 6.9.4?

According to WordPress.org data, Link Diagnostics – Broken Links, Redirects, and Link Insights 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Link Diagnostics – Broken Links, Redirects, and Link Insights compatible with PHP 7.4+?

Link Diagnostics – Broken Links, Redirects, and Link Insights requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Link Diagnostics – Broken Links, Redirects, and Link Insights Security & Risk Analysis

wordpress.org/plugins/link-diagnostic-and-insights

Complete link health monitoring for WordPress. Find broken links, fix redirect chains, optimize internal linking, and improve SEO performance.

30 active installs v1.0.2 PHP 7.4+ WP 5.6+ Updated Feb 5, 2026

broken-linksinternal-linkslink-checkerredirectsseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Link Diagnostics – Broken Links, Redirects, and Link Insights Safe to Use in 2026?

Generally Safe

Score 100/100

Link Diagnostics – Broken Links, Redirects, and Link Insights has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'link-diagnostic-and-insights' plugin v1.0.2 presents a significant security risk due to its unprotected AJAX handlers. While the plugin demonstrates good practices in output escaping and utilizes prepared statements for most SQL queries, the complete lack of authentication and capability checks on all 25 AJAX entry points creates a wide attack surface. This means any unauthenticated user could potentially trigger these AJAX actions, leading to unintended consequences if the handler logic is flawed or interacts with sensitive data.

The static analysis identified the use of `unserialize`, which is a known dangerous function if used with untrusted input. While no taint flows were detected in this analysis, the presence of `unserialize` combined with unprotected AJAX handlers is a major concern. If user-controlled data can reach the `unserialize` function through these AJAX handlers, it could lead to remote code execution vulnerabilities. The plugin's history of zero known CVEs is a positive sign, suggesting a history of relatively secure development. However, this does not negate the immediate and evident risks present in the current codebase, particularly the unprotected AJAX endpoints and the dangerous function call.

Key Concerns

AJAX handlers without authentication
Use of unserialize function
AJAX handlers without capability checks

Vulnerabilities

None known

Link Diagnostics – Broken Links, Redirects, and Link Insights Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Link Diagnostics – Broken Links, Redirects, and Link Insights Code Analysis

Dangerous Functions

Raw SQL Queries

78 prepared

Unescaped Output

37 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$unserialized = @unserialize($scan['scan_config']);includes\class-li-database.php:395

SQL Query Safety

80% prepared98 total queries

Output Escaping

100% escaped37 total outputs

Attack Surface

25 unprotected

Link Diagnostics – Broken Links, Redirects, and Link Insights Attack Surface

Entry Points25

Unprotected25

AJAX Handlers 25

authwp_ajax_lhcfwp_scan_continuelink-diagnostics-and-insights.php:68

authwp_ajax_lhcfwp_scan_startlink-diagnostics-and-insights.php:69

authwp_ajax_lhcfwp_scan_cancellink-diagnostics-and-insights.php:70

authwp_ajax_lhcfwp_check_scan_statuslink-diagnostics-and-insights.php:71

authwp_ajax_lhcfwp_fix_linklink-diagnostics-and-insights.php:72

authwp_ajax_lhcfwp_bulk_fix_startlink-diagnostics-and-insights.php:73

authwp_ajax_lhcfwp_bulk_fix_continuelink-diagnostics-and-insights.php:74

authwp_ajax_lhcfwp_bulk_fix_cancellink-diagnostics-and-insights.php:75

authwp_ajax_lhcfwp_ignore_issuelink-diagnostics-and-insights.php:76

authwp_ajax_lhcfwp_get_issueslink-diagnostics-and-insights.php:77

authwp_ajax_lhcfwp_get_intelligencelink-diagnostics-and-insights.php:78

authwp_ajax_lhcfwp_get_post_titleslink-diagnostics-and-insights.php:79

authwp_ajax_lhcfwp_save_settingslink-diagnostics-and-insights.php:80

authwp_ajax_lhcfwp_get_settingslink-diagnostics-and-insights.php:81

authwp_ajax_lhcfwp_get_ignoredlink-diagnostics-and-insights.php:82

authwp_ajax_lhcfwp_unignore_issuelink-diagnostics-and-insights.php:83

authwp_ajax_lhcfwp_get_scan_historylink-diagnostics-and-insights.php:84

authwp_ajax_lhcfwp_delete_scan_historylink-diagnostics-and-insights.php:85

authwp_ajax_lhcfwp_delete_all_scanslink-diagnostics-and-insights.php:86

authwp_ajax_lhcfwp_add_redirectlink-diagnostics-and-insights.php:87

authwp_ajax_lhcfwp_update_redirectlink-diagnostics-and-insights.php:88

authwp_ajax_lhcfwp_delete_redirectlink-diagnostics-and-insights.php:89

authwp_ajax_lhcfwp_get_redirectslink-diagnostics-and-insights.php:90

authwp_ajax_lhcfwp_delete_redirectslink-diagnostics-and-insights.php:91

authwp_ajax_lhcfwp_clear_all_redirectslink-diagnostics-and-insights.php:92

WordPress Hooks 4

actionadmin_menuadmin\class-li-admin.php:18

actionadmin_enqueue_scriptsadmin\class-li-admin.php:19

actiontemplate_redirectincludes\class-li-redirect-handler.php:9

actionplugins_loadedlink-diagnostics-and-insights.php:65

Maintenance & Trust

Link Diagnostics – Broken Links, Redirects, and Link Insights Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.4

Downloads216

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Link Diagnostics – Broken Links, Redirects, and Link Insights Alternatives

External Links Overview

external-links-overview

100

Analyze, manage, and monitor all external links on your WordPress site. ---

700 No CVEs

Check for Broken Links

check-for-broken-links

Check for Broken Links is a WordPress plugin that helps you find and fix broken links on your website.

400 No CVEs

LinkMaster – Link Management, SEO, Broken Links & Redirects

linkmaster

100

LinkMaster: Manage links with custom permalinks, SEO redirects, link cloaking, auto link injection and a broken link checker for WordPress.

200 No CVEs

Cute Broken Link Highlighter – Smart Broken Link Checker and Content Scanner

cute-broken-link-highlighter

100

Instantly detect and highlight broken links in your WordPress post editor. Works with both Classic Editor and Gutenberg Block Editor.

0 No CVEs

LinkGuard NT

linkguard-nt

100

A fast, lightweight, and secure broken link scanner for WordPress. Detect, monitor, and fix broken links with a modern AJAX dashboard and multilingual …

0 No CVEs

Developer Profile

Link Diagnostics – Broken Links, Redirects, and Link Insights Developer Profile

swiftspeed

2 plugins · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Link Diagnostics – Broken Links, Redirects, and Link Insights

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/link-diagnostic-and-insights/admin/css/admin.css/wp-content/plugins/link-diagnostic-and-insights/admin/js/admin-core.js/wp-content/plugins/link-diagnostic-and-insights/admin/js/admin-scans.js

Script Paths

/wp-content/plugins/link-diagnostic-and-insights/admin/js/admin-core.js/wp-content/plugins/link-diagnostic-and-insights/admin/js/admin-scans.js

Version Parameters

link-diagnostic-and-insights/admin/css/admin.css?ver=link-diagnostic-and-insights/admin/js/admin-core.js?ver=link-diagnostic-and-insights/admin/js/admin-scans.js?ver=

HTML / DOM Fingerprints

JS Globals

lhcfwp_admin_ajax_urllhcfwp_scan_datalhcfwp_settings_data

REST Endpoints

/wp-json/lhcfwp/v1/scan/continue/wp-json/lhcfwp/v1/scan/start/wp-json/lhcfwp/v1/scan/cancel/wp-json/lhcfwp/v1/scan/status/wp-json/lhcfwp/v1/fix/link/wp-json/lhcfwp/v1/fix/bulk/start/wp-json/lhcfwp/v1/fix/bulk/continue/wp-json/lhcfwp/v1/fix/bulk/cancel/wp-json/lhcfwp/v1/issue/ignore/wp-json/lhcfwp/v1/issues/wp-json/lhcfwp/v1/intelligence/wp-json/lhcfwp/v1/posts/wp-json/lhcfwp/v1/settings/save/wp-json/lhcfwp/v1/settings/wp-json/lhcfwp/v1/ignored/wp-json/lhcfwp/v1/issue/unignore/wp-json/lhcfwp/v1/scan/history/wp-json/lhcfwp/v1/scan/history/delete/wp-json/lhcfwp/v1/scans/delete/all/wp-json/lhcfwp/v1/redirect/wp-json/lhcfwp/v1/redirect/update/wp-json/lhcfwp/v1/redirect/delete/wp-json/lhcfwp/v1/redirects/wp-json/lhcfwp/v1/redirects/delete/wp-json/lhcfwp/v1/redirects/clear/all

FAQ