WP-Safety

WP to LinkedIn Auto Publish Security & Risk Analysis

wordpress.org/plugins/linkedin-auto-publish

Publish posts automatically to LinkedIn.

1K active installs v1.9.10 PHP + WP 2.8+ Updated Feb 18, 2026
linkedinlinkedin-auto-publishlinkedin-publishingpost-to-linkedinwp-to-linkedin-auto-publish
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 12, 2025
Plugin page Download
Safety Verdict

Is WP to LinkedIn Auto Publish Safe to Use in 2026?

Generally Safe

Score 99/100

WP to LinkedIn Auto Publish has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 12, 2025Updated 1mo ago
Risk Assessment

The linkedin-auto-publish plugin version 1.9.10 presents a mixed security posture. While it boasts no unprotected entry points across its AJAX handlers, REST API routes, shortcodes, and cron events, and generally implements nonce and capability checks for its AJAX operations, several code signals raise concerns. The presence of the `unserialize` function is a significant risk, as it can lead to Remote Code Execution (RCE) if an attacker can control the serialized data being processed. Furthermore, a concerning 79% of the plugin's output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data can be injected into the page.

The vulnerability history, although showing no currently unpatched CVEs, does reveal one historical medium-severity vulnerability related to Cross-Site Scripting. This pattern suggests that while the developers have addressed past issues, the potential for XSS remains a concern given the extensive unescaped output identified in the static analysis. The two identified unsanitized taint flows also warrant attention, even if they are not classified as critical or high severity, as they represent potential pathways for malicious data to be processed.

In conclusion, the plugin demonstrates good practices in securing its entry points and handling AJAX requests. However, the inherent danger of `unserialize` combined with a significant lack of output escaping and the presence of unsanitized taint flows creates a substantial risk profile. While there are no immediate unpatched critical vulnerabilities, the potential for XSS and the risk associated with unserialization require careful consideration and remediation.

Key Concerns

  • Presence of unserialize function
  • High percentage of unescaped output
  • Unsanitized taint flows found
  • One historical medium severity CVE
Vulnerabilities
1

WP to LinkedIn Auto Publish Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12077medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage

Dec 12, 2025 Patched in 1.9.9 (1d)
Code Analysis
Analyzed Mar 16, 2026

WP to LinkedIn Auto Publish Code Analysis

Dangerous Functions
2
Raw SQL Queries
3
6 prepared
Unescaped Output
283
77 escaped
Nonce Checks
13
Capability Checks
8
File Operations
1
External Requests
10
Bundled Libraries
0

Dangerous Functions Found

unserialize$arrval=unserialize($status);admin\logs.php:68
unserialize$xyz_lnap_ln_company_names=unserialize(base64_decode($xyz_lnap_ln_company_names));admin\settings.php:517

SQL Query Safety

67% prepared9 total queries

Output Escaping

21% escaped360 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

10 flows2 with unsanitized paths
xyz_lnap_addpostmetatags (admin\metabox.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP to LinkedIn Auto Publish Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_xyz_lnap_ajax_backlinkadmin\ajax-actions.php:3
authwp_ajax_xyz_lnap_selected_pages_auto_updateadmin\ajax-actions.php:34
authwp_ajax_xyz_lnap_xyzscripts_accinfo_auto_updateadmin\ajax-actions.php:80
authwp_ajax_xyz_lnap_del_entriesadmin\ajax-actions.php:99
authwp_ajax_xyz_lnap_del_lnuser_entriesadmin\ajax-actions.php:140
WordPress Hooks 13
actionadmin_noticesadmin\admin-notices.php:70
actionadmin_noticesadmin\admin-notices.php:150
actionadmin_initadmin\admin-notices.php:152
actionadmin_menuadmin\menu.php:3
actionadmin_enqueue_scriptsadmin\menu.php:29
actionwp_headadmin\menu.php:88
actionadd_meta_boxesadmin\metabox.php:3
actionsave_postadmin\publish.php:3
actiontransition_post_statusadmin\publish.php:19
actioninitlinkedin-auto-publish.php:42
actionwp_footerlinkedin-auto-publish.php:71
actionadmin_initlinkedin-auto-publish.php:87
filterplugin_row_metaxyz-functions.php:158
Maintenance & Trust

WP to LinkedIn Auto Publish Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version
Downloads98K

Community Trust

Rating94/100
Number of ratings59
Active installs1K
Alternatives

WP to LinkedIn Auto Publish Alternatives

Social Media Auto Publish

Social Media Auto Publish

social-media-auto-publish

A
99

Publish posts automatically to social media networks like Facebook, Twitter, Instagram, Tumblr, LinkedIn, Threads and Telegram.

7K 1 CVE
OG — Better Share on Social Media

OG — Better Share on Social Media

og

A
100

The simple method to add Open Graph metadata to your entries so that they look great when shared on sites.

30K No CVEs
Social Media Widget

Social Media Widget

social-media-widget

A
87

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs
Meks Smart Social Widget

Meks Smart Social Widget

meks-smart-social-widget

A
89

Easily display more than 100 social icons inside your WordPress widget.

10K 4 CVEs
miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

C
56

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo &hellip;

10K 1 unpatched
Developer Profile

WP to LinkedIn Auto Publish Developer Profile

f1logic

15 plugins · 142K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
352 days
View full developer profile
Detection Fingerprints

How We Detect WP to LinkedIn Auto Publish

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/linkedin-auto-publish/js/notice.js/wp-content/plugins/linkedin-auto-publish/css/style.css/wp-content/plugins/linkedin-auto-publish/css/font-awesome.min.css
Version Parameters
linkedin-auto-publish/css/style.css?ver=linkedin-auto-publish/css/font-awesome.min.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-default_content
JS Globals
xyz_script_lnap_var
FAQ

Frequently Asked Questions about WP to LinkedIn Auto Publish