Does Link Library have any unpatched vulnerabilities?

Yes — Link Library currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Link Library compatible with WordPress 6.9.4?

According to WordPress.org data, Link Library 7.8.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Link Library updated?

Link Library was last updated on Feb 15, 2026. Frequent updates are generally a positive security signal.

What is Link Library's security score?

Link Library has a WP-Safety security score of 67/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Link Library Security & Risk Analysis

wordpress.org/plugins/link-library

The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.

10K active installs v7.8.7 PHP + WP 4.4+ Updated Feb 15, 2026

directorylibrarylinklistpage

C · Use Caution

CVEs total19

Unpatched1

Last CVEDec 24, 2025

Plugin page Download

Safety Verdict

Is Link Library Safe to Use in 2026?

Use With Caution

Score 67/100

Link Library has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

19 known CVEs 1 unpatched Last CVE: Dec 24, 2025Updated 1mo ago

Risk Assessment

The 'link-library' plugin v7.8.7 presents a mixed security posture. While it demonstrates some good practices, such as the high percentage of SQL queries using prepared statements and a substantial number of nonce and capability checks, several significant concerns remain. The presence of 7 unprotected entry points across AJAX handlers and REST API routes is a considerable risk, leaving the plugin vulnerable to unauthorized access and potential exploitation. Furthermore, the taint analysis revealing a high-severity flow with unsanitized paths indicates a potential for critical vulnerabilities like Cross-Site Scripting or even Remote Code Execution if this flow involves user-controlled input. The plugin's vulnerability history is a major red flag. With 19 known CVEs, including a currently unpatched high-severity vulnerability, and a recent vulnerability in late 2025, this suggests a pattern of recurring security flaws. The common vulnerability types, such as SSRF, XSS, Missing Authorization, CSRF, and SQL Injection, further reinforce the potential for severe damage to a WordPress site. In conclusion, despite some positive coding practices, the significant number of unprotected entry points, the high-severity taint flow, and the extensive and recent history of serious vulnerabilities strongly indicate a high-risk plugin that requires immediate attention and mitigation.

Key Concerns

Unpatched high severity CVE
High severity taint flow with unsanitized paths
7 unprotected entry points (AJAX/REST API)
Low percentage of properly escaped outputs (40%)
Large attack surface without adequate auth checks
18 medium severity CVEs historically
Historically common SSRF vulnerabilities
Historically common XSS vulnerabilities
Historically common Missing Authorization vulnerabilities
Historically common CSRF vulnerabilities
Historically common SQL Injection vulnerabilities

Vulnerabilities

Link Library Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2016

2016

1 CVE in 2017

2017

3 CVEs in 2021

2021

1 CVE in 2022

2022

8 CVEs in 2024

2024

4 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

19 total CVEs

CVE-2025-68600medium · 6.4Server-Side Request Forgery (SSRF)

Link Library <= 7.8.5 - Authenticated (Contributor+) Server-Side Request Forgery

Dec 24, 2025Unpatched

CVE-2025-46237medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.8 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 22, 2025 Patched in 7.8.1 (9d)

CVE-2025-2889medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Additional Parameters

Apr 4, 2025 Patched in 7.8 (1d)

CVE-2024-13404medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.7.2 - Reflected Cross-Site Scripting

Jan 20, 2025 Patched in 7.7.3 (1d)

CVE-2024-38711medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.7.1 - Reflected Cross-Site Scripting

Jul 11, 2024 Patched in 7.7.2 (7d)

CVE-2024-35687medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.6.3 - Reflected Cross-Site Scripting

Jun 6, 2024 Patched in 7.6.4 (8d)

CVE-2024-4281medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode

May 7, 2024 Patched in 7.7 (1d)

CVE-2024-29123medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.6 - Reflected Cross-Site Scripting

Mar 16, 2024 Patched in 7.6.1 (5d)

CVE-2024-2325medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.6.6 - Reflected Cross-Site Scripting

Mar 13, 2024 Patched in 7.6.7 (80d)

CVE-2024-1559medium · 6.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.6 - Unauthenticated Stored Cross-Site Scripting

Feb 19, 2024 Patched in 7.6.1 (1d)

CVE-2024-24879medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.5.13 - Reflected Cross-Site Scripting via 'link_price' and 'link_tags'

Feb 5, 2024 Patched in 7.6 (4d)

CVE-2024-24875medium · 4.3Cross-Site Request Forgery (CSRF)

Link Library <= 7.5.13 - Cross-Site Request Forgery via action_admin_init

Feb 5, 2024 Patched in 7.6 (73d)

CVE-2022-4199medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Dec 23, 2022 Patched in 7.4.1 (396d)

CVE-2021-25093medium · 5.3Missing Authorization

Link Library <= 7.2.7 - Missing Authorization Checks

Dec 30, 2021 Patched in 7.2.8 (754d)

CVE-2021-25091medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 7.2.8 - Reflected Cross-Site Scripting

Dec 30, 2021 Patched in 7.2.9 (754d)

CVE-2021-25092medium · 4.3Cross-Site Request Forgery (CSRF)

Link Library <= 7.2.7 - Cross-Site Request Forgery to Library Settings Reset

Dec 30, 2021 Patched in 7.2.8 (754d)

WF-6755c415-427e-4572-908c-061ab8f7490a-link-libraryhigh · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Link Library <= 5.9.13.26 – SQL Injection

Aug 14, 2017 Patched in 5.9.13.27 (2353d)

WF-4e30c4fd-91fd-4f05-85fa-73e445de3c6e-link-librarymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 5.9.12.29 - Reflected Cross-Site Scripting

Aug 15, 2016 Patched in 5.9.12.30 (2717d)

WF-db5e26cf-e6c7-4b79-807a-643a1effd2a0-link-librarymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link Library <= 5.8.10.6 - Reflected Cross-Site Scripting

Nov 8, 2014 Patched in 5.8.11 (3363d)

Code Analysis

Analyzed Mar 16, 2026

Link Library Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

678

459 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

82% prepared28 total queries

Output Escaping

40% escaped1137 total outputs

Data Flows

10 unsanitized

Data Flow Analysis

21 flows10 with unsanitized paths

display_menu (link-library-admin.php:1412)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Link Library Attack Surface

Entry Points25

Unprotected7

AJAX Handlers 11

authwp_ajax_link_library_recipbrokenchecklink-library-admin.php:79

authwp_ajax_link_library_trackerlink-library.php:304

noprivwp_ajax_link_library_trackerlink-library.php:305

authwp_ajax_link_library_ajax_updatelink-library.php:306

noprivwp_ajax_link_library_ajax_updatelink-library.php:307

authwp_ajax_link_library_generate_imagelink-library.php:308

noprivwp_ajax_link_library_generate_imagelink-library.php:309

authwp_ajax_link_library_popup_contentlink-library.php:310

noprivwp_ajax_link_library_popup_contentlink-library.php:311

authwp_ajax_thumbs_rating_add_voteupvote-downvote\thumbs-rating.php:235

noprivwp_ajax_thumbs_rating_add_voteupvote-downvote\thumbs-rating.php:236

REST API Routes 1

GET/wp-json/link-library/v1/settingslistlink-library.php:362

Shortcodes 13

[link-library] link-library.php:266

[link-library-cats] link-library.php:267

[cats-link-library] link-library.php:268

[link-library-search] link-library.php:269

[search-link-library] link-library.php:270

[link-library-addlink] link-library.php:271

[addlink-link-library] link-library.php:272

[link-library-addlinkcustommsg] link-library.php:273

[addlinkcustommsg-link-library] link-library.php:274

[link-library-count] link-library.php:275

[link-library-filters] link-library.php:276

[link-library-tagcloud] link-library.php:277

[rss-library] link-library.php:278

WordPress Hooks 96

actionadmin_initlink-library-admin.php:24

filterscreen_layout_columnslink-library-admin.php:27

actionadmin_menulink-library-admin.php:29

actionnetwork_admin_menulink-library-admin.php:32

actionwp_dashboard_setuplink-library-admin.php:35

filterplugin_row_metalink-library-admin.php:37

actionwpmu_new_bloglink-library-admin.php:39

actionadmin_headlink-library-admin.php:41

actionadd_meta_boxeslink-library-admin.php:43

actionsave_postlink-library-admin.php:44

actionbefore_delete_postlink-library-admin.php:45

filtermanage_edit-link_library_links_columnslink-library-admin.php:46

actionmanage_link_library_links_posts_custom_columnlink-library-admin.php:47

filtermanage_edit-link_library_links_sortable_columnslink-library-admin.php:48

filterrequestlink-library-admin.php:49

actionpre_get_postslink-library-admin.php:50

actionquick_edit_custom_boxlink-library-admin.php:51

actionlink_library_category_edit_form_fieldslink-library-admin.php:53

actionlink_library_category_add_form_fieldslink-library-admin.php:54

actionedited_link_library_categorylink-library-admin.php:56

actioncreated_link_library_categorylink-library-admin.php:57

actionadmin_enqueue_scriptslink-library-admin.php:59

actionenqueue_block_editor_assetslink-library-admin.php:60

actionrestrict_manage_postslink-library-admin.php:64

filterparse_querylink-library-admin.php:65

filtermanage_edit-link_library_category_columnslink-library-admin.php:68

filtermanage_link_library_category_custom_columnlink-library-admin.php:69

filtermanage_edit-link_library_tags_columnslink-library-admin.php:71

filtermanage_link_library_tags_custom_columnlink-library-admin.php:72

actionmedia_buttonslink-library-admin.php:75

actionadmin_footerlink-library-admin.php:76

filterwp_dropdown_catslink-library-admin.php:81

actionadmin_noticeslink-library-admin.php:558

actionadmin_post_save_link_library_generallink-library-admin.php:600

actionadmin_post_save_link_library_settingssetslink-library-admin.php:601

actionadmin_post_save_link_library_moderatelink-library-admin.php:602

actionadmin_post_save_link_library_stylesheetlink-library-admin.php:603

actionadmin_post_save_link_library_reciprocallink-library-admin.php:604

filterposts_searchlink-library-admin.php:609

filterget_termslink-library-admin.php:1819

actioninitlink-library.php:245

actionwp_loadedlink-library.php:246

filterthe_postslink-library.php:282

actionwp_headlink-library.php:285

filterwp_titlelink-library.php:287

filterget_the_excerptlink-library.php:289

filterthe_excerptlink-library.php:290

filterpost_type_linklink-library.php:291

filterthe_titlelink-library.php:292

filterblock_categories_alllink-library.php:294

actionrest_api_initlink-library.php:295

filterrewrite_rules_arraylink-library.php:299

filterquery_varslink-library.php:300

actiontemplate_redirectlink-library.php:302

filtertemplate_includelink-library.php:303

actionwp_enqueue_scriptslink-library.php:313

filterposts_wherelink-library.php:315

filterkses_allowed_protocolslink-library.php:320

filterwp_feed_cache_transient_lifetimelink-library.php:322

filterpost_type_linklink-library.php:324

actionauth_redirectlink-library.php:326

actionadmin_menulink-library.php:327

actionrequestlink-library.php:330

filterthe_content_feedlink-library.php:331

actionlink_library_import_linkslink-library.php:334

actionlink_library_gen_thumbslink-library.php:335

filterattribute_escapelink-library.php:431

filterthe_contentlink-library.php:2315

filterhttp_responselink-library.php:2477

actionwidgets_initlink-library.php:2487

filterwp_get_object_termslink-library.php:2589

filterget_termsrender-link-library-addlink-sc.php:929

filterget_termsrender-link-library-addlink-sc.php:931

filterget_termsrender-link-library-addlink-sc.php:933

filterget_termsrender-link-library-addlink-sc.php:935

filterlink_library_generate_captcharender-link-library-addlink-sc.php:1335

filterget_termsrender-link-library-cats-sc.php:123

filterget_termsrender-link-library-cats-sc.php:125

filterget_termsrender-link-library-cats-sc.php:127

filterget_termsrender-link-library-cats-sc.php:129

filterposts_searchrender-link-library-cats-sc.php:331

filterget_termsrender-link-library-sc.php:471

filterget_termsrender-link-library-sc.php:473

filterget_termsrender-link-library-sc.php:475

filterget_termsrender-link-library-sc.php:477

filterget_termsrender-link-library-sc.php:595

filterget_termsrender-link-library-sc.php:597

filterget_termsrender-link-library-sc.php:599

filterget_termsrender-link-library-sc.php:601

filterposts_searchrender-link-library-sc.php:933

filterposts_fieldsrender-link-library-sc.php:1054

filterposts_orderbyrender-link-library-sc.php:1055

actionplugins_loadedupvote-downvote\thumbs-rating.php:21

actionwp_enqueue_scriptsupvote-downvote\thumbs-rating.php:40

actionwp_enqueue_scriptsupvote-downvote\thumbs-rating.php:54

filterlink_library_verify_captchausersubmission.php:853

Scheduled Events 2

link_library_import_links

link_library_gen_thumbs

Maintenance & Trust

Link Library Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 15, 2026

PHP min version

Downloads2.4M

Community Trust

Rating94/100

Number of ratings97

Active installs10K

Alternatives

Link Library Alternatives

WP-Partner

wp-partner

The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.

10 No CVEs

VK Link Target Controller

vk-link-target-controller

100

Redirect your visitors to another page than the post content when they click on the post title.

30K No CVEs

WP Links Page

wp-links-page

This plugin allows you to create a dynamic link gallery with screenshots of each link.

4K 5 CVEs

Simple Link Directory

simple-link-directory

Free LINK DIRECTORY Plugin for WordPress to Curate Links for Web Directory. Link management, Directory Listings, Link Archive, Vendor Directory

2K 6 CVEs

List Children

list-children

Use an HTML comment to list links of the current page's children or siblings.

100 1 CVE

Developer Profile

Link Library Developer Profile

Yannick Lefebvre

8 plugins · 11K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

529 days

View full developer profile

Detection Fingerprints

How We Detect Link Library

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/link-library/css/link-library.css/wp-content/plugins/link-library/css/link-library-style.css/wp-content/plugins/link-library/css/link-library-theme-style.css/wp-content/plugins/link-library/css/link-library-admin.css/wp-content/plugins/link-library/js/link-library.js/wp-content/plugins/link-library/js/link-library-admin.js/wp-content/plugins/link-library/js/link-library-votes.js

Script Paths

/wp-content/plugins/link-library/js/link-library.js/wp-content/plugins/link-library/js/link-library-admin.js/wp-content/plugins/link-library/js/link-library-votes.js

Version Parameters

link-library/css/link-library.css?ver=link-library/css/link-library-style.css?ver=link-library/css/link-library-theme-style.css?ver=link-library/css/link-library-admin.css?ver=link-library/js/link-library.js?ver=link-library/js/link-library-admin.js?ver=link-library/js/link-library-votes.js?ver=

HTML / DOM Fingerprints

CSS Classes

link-librarylink-library-tablelink-library-links-listlink-library-links-list-itemlink-library-detailslink-library-vote-buttonslink-library-vote-uplink-library-vote-down+4 more

Data Attributes

data-link-id

JS Globals

link_library_votes

FAQ