Does Link Hopper have any unpatched vulnerabilities?

Yes — Link Hopper currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Link Hopper compatible with WordPress 6.9.4?

According to WordPress.org data, Link Hopper 3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Link Hopper compatible with PHP 8.3+?

Link Hopper requires PHP 8.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Link Hopper updated?

Link Hopper was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is Link Hopper's security score?

Link Hopper has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Link Hopper Security & Risk Analysis

wordpress.org/plugins/link-hopper

Link Hopper lets you set up tidy link redirection to other websites.

100 active installs v3.0 PHP 8.3+ WP 6.0+ Updated Mar 8, 2026

affiliatelinksmaskingredirect

B · Generally Safe

CVEs total1

Unpatched1

Last CVEFeb 13, 2026

Plugin page Download

Safety Verdict

Is Link Hopper Safe to Use in 2026?

Mostly Safe

Score 78/100

Link Hopper is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 13, 2026Updated 28d ago

Risk Assessment

The "link-hopper" plugin version 3.0 demonstrates several strong security practices. Static analysis shows a clean code base with no dangerous functions, no file operations, no external HTTP requests, and all SQL queries utilizing prepared statements. Crucially, all identified output points are properly escaped, indicating a good defense against cross-site scripting (XSS) vulnerabilities within the analyzed code. The presence of capability checks further strengthens its security posture. However, the plugin has a history of vulnerabilities, with one known medium severity CVE that is currently unpatched. This suggests a recurring pattern of security flaws, and the fact that it's unpatched is a significant concern that overrides the positive aspects of the static analysis. While the current version's code appears to be well-written from a static perspective, the historical vulnerability data and the unpatched medium CVE highlight a notable risk that cannot be ignored. Users should be extremely cautious until this vulnerability is addressed.

Key Concerns

Unpatched medium severity CVE

Vulnerabilities

Link Hopper Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-15483medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Hopper <= 2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'hop_name' Parameter

Feb 13, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

Link Hopper Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

31 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped31 total outputs

Attack Surface

Link Hopper Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuincludes\class-link-hopper-admin.php:28

actionadmin_initincludes\class-link-hopper-admin.php:29

actionadmin_enqueue_scriptsincludes\class-link-hopper-admin.php:30

actioninitincludes\class-link-hopper-redirector.php:28

filterquery_varsincludes\class-link-hopper-redirector.php:29

actiontemplate_redirectincludes\class-link-hopper-redirector.php:30

Maintenance & Trust

Link Hopper Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version8.3

Downloads16K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Link Hopper Alternatives

Affiliate Links – Link Cloaking and Management

affiliate-links

Create any redirect links to any website from your WordPress Admin. Perfect for the affiliate links masking.

3K 3 CVEs

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs

Cloak Affiliate Links for WooCommerce

woocommerce-cloak-affiliate-links

Cloak your WooCommerce external & affiliate links.

2K 2 CVEs

Sponsor Redirect

sponsor-redirect

100

Sponsor Redirect plugin helps you to manage url/links of your affiliate partners. You can also show some of your sponsor info including image anywhere …

10 No CVEs

Developer Profile

Link Hopper Developer Profile

Anthony

5 plugins · 270 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Link Hopper

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/link-hopper/link-hopper.css/wp-content/plugins/link-hopper/link-hopper.js

Script Paths

/wp-content/plugins/link-hopper/link-hopper.js

Version Parameters

link-hopper.css?ver=link-hopper.js?ver=

HTML / DOM Fingerprints

CSS Classes

link-hopper-base-urllink-hopper-base-url inputlink-hopper-hops-tablelink-hopper-hops-table .col-namelink-hopper-hops-table .col-testlink-hopper-hops-table .col-remove

Data Attributes

data-link-hopper-base-urldata-link-hopper-row-templatedata-link-hopper-hop-namedata-link-hopper-hop-url

JS Globals

linkHopperData

FAQ