Does Link View have any unpatched vulnerabilities?

Yes — Link View currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Link View compatible with WordPress 5.6.17?

According to WordPress.org data, Link View 0.8.0 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Link View compatible with PHP 5.6+?

Link View requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Link View updated?

Link View was last updated on Nov 29, 2020. Frequent updates are generally a positive security signal.

What is Link View's security score?

Link View has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Link View Security & Risk Analysis

wordpress.org/plugins/link-view

Display a link-list or link-slider in a post or page by using a shortcode.

800 active installs v0.8.0 PHP 5.6+ WP 4.9+ Updated Nov 29, 2020

Is Link View Safe to Use in 2026?

High Risk

Score 42/100

Link View carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Aug 25, 2025Updated 5yr ago

Risk Assessment

The 'link-view' plugin v0.8.0 exhibits a mixed security posture. On the positive side, static analysis reveals excellent practices with 100% of SQL queries using prepared statements and a very high percentage (98%) of output escaping. The attack surface is minimal, with only one shortcode and no unprotected entry points from AJAX, REST API, or cron events. There are also capability checks present in the code.

However, significant concerns arise from the plugin's vulnerability history. With two known CVEs, both currently unpatched and classified as medium severity, this indicates a recurring pattern of potential vulnerabilities. The common vulnerability type being Cross-site Scripting (XSS) suggests that user-supplied data might not always be handled securely, despite the generally good output escaping observed in static analysis. The presence of these unpatched vulnerabilities is the most critical risk factor.

In conclusion, while the code itself appears to follow many good security practices, the existence of two unpatched medium severity vulnerabilities, specifically XSS, is a substantial risk. The plugin's developers need to address these known issues promptly. Users should be aware that despite the static analysis results showing good code hygiene, the historical data points to a past need for more robust input validation and output sanitization that may not have been fully addressed.

Key Concerns

Unpatched CVE (Medium severity)
Unpatched CVE (Medium severity)
0 Nonce checks present

Vulnerabilities

Link View Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-48110medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link View <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 25, 2025Unpatched

CVE-2025-49039medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Link View <= 0.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 19, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Link View Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

79 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped81 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<about> (admin\about.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Link View Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[linkview] link-view.php:80

WordPress Hooks 10

actionadmin_menuadmin\admin.php:52

actionplugins_loadedadmin\admin.php:53

actionadmin_initincludes\config.php:48

filterpre_update_option_lvw_req_manages_link_roleincludes\config.php:49

actionplugins_loadedlink-view.php:79

actionwidgets_initlink-view.php:81

filterpre_option_link_manager_enabledlink-view.php:84

actionwp_enqueue_scriptslink-view.php:93

actionprint_late_stylesshortcode\factory.php:51

actionwp_footershortcode\factory.php:52

Maintenance & Trust

Link View Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedNov 29, 2020

PHP min version5.6

Downloads55K

Community Trust

Rating94/100

Number of ratings11

Active installs800

Alternatives

Link View Alternatives

Link Manager

link-manager

Enables the Link Manager that existed in WordPress until version 3.5.

20K No CVEs

Display All Image Sizes

display-all-image-sizes

Displays all sizes of each image, including name, dimensions, and permalink for each size.

1K No CVEs

Eazy Enable Blogroll

eazy-enable-blogroll

Eazy Enable Blogroll brings back the one and only WordPress Blogroll Feature, with nearly one click!

1K No CVEs

Detection Fingerprints

How We Detect Link View

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/link-view/admin/css/about.css/wp-content/plugins/link-view/admin/css/settings.css/wp-content/plugins/link-view/includes/js/easySlider.min.js/wp-content/plugins/link-view/includes/js/masonry.pkgd.min.js

Script Paths

/wp-content/plugins/link-view/includes/js/easySlider.min.js/wp-content/plugins/link-view/includes/js/masonry.pkgd.min.js

Version Parameters

link-view/admin/css/about.css?ver=link-view/admin/css/settings.css?ver=link-view/includes/js/easySlider.min.js?ver=link-view/includes/js/masonry.pkgd.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-lvw-sliderdata-lvw-slider-options

Shortcode Output

[linkview

FAQ