Does LinkedInclude have any unpatched vulnerabilities?

Yes — LinkedInclude currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is LinkedInclude compatible with WordPress 5.7.15?

According to WordPress.org data, LinkedInclude 3.0.4 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is LinkedInclude updated?

LinkedInclude was last updated on Sep 7, 2021. Frequent updates are generally a positive security signal.

What is LinkedInclude's security score?

LinkedInclude has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LinkedInclude Security & Risk Analysis

wordpress.org/plugins/linkedinclude

Import your LinkedIn articles into a WordPress widget.

80 active installs v3.0.4 PHP + WP 3.2.1+ Updated Sep 7, 2021

C · Use Caution

CVEs total1

Unpatched1

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is LinkedInclude Safe to Use in 2026?

Use With Caution

Score 63/100

LinkedInclude has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 4yr ago

Risk Assessment

The "linkedinclude" v3.0.4 plugin presents a mixed security posture. While it exhibits some good practices, like a low number of overall entry points and a low number of SQL queries using prepared statements, several significant concerns emerge from the static analysis. The most critical finding is the presence of an AJAX handler that lacks authentication checks, creating a direct, unprotected entry point into the plugin's functionality. This, combined with a concerningly low percentage of properly escaped outputs (45%), suggests potential vulnerabilities related to data handling and exposure.

The vulnerability history further amplifies these concerns. The plugin has a known CVE, which is currently unpatched and classified as medium severity. The recurring pattern of Cross-Site Request Forgery (CSRF) vulnerabilities in its history indicates a potential weakness in how user actions are validated and secured, especially when coupled with unprotected entry points. The lack of nonce checks in the static analysis directly supports this historical trend.

In conclusion, while the plugin doesn't exhibit critical severity taint flows or a large attack surface, the unprotected AJAX handler, insufficient output escaping, and a history of CSRF vulnerabilities are significant weaknesses. The unpatched CVE is a direct and immediate risk. Efforts should focus on implementing authentication and authorization for all entry points, improving output sanitization, and addressing the known CVE.

Key Concerns

Unprotected AJAX handler
Low output escaping percentage
Unpatched CVE (medium)
Missing nonce checks
Bundled Guzzle library (potential outdated)

Vulnerabilities

LinkedInclude Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-57918medium · 4.3Cross-Site Request Forgery (CSRF)

LinkedInclude <= 3.0.4 - Cross-Site Request Forgery

Sep 22, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

LinkedInclude Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

64% prepared14 total queries

Output Escaping

45% escaped31 total outputs

Attack Surface

1 unprotected

LinkedInclude Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_showhidelinkedinclude.php:56

WordPress Hooks 5

actionadmin_initlinkedinclude.php:46

actionadmin_menulinkedinclude.php:47

actionwp_enqueue_scriptslinkedinclude.php:371

actionwidgets_initlinkedinclude.php:545

actioninitlinkedinclude_setup.php:72

Maintenance & Trust

LinkedInclude Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedSep 7, 2021

PHP min version

Downloads5K

Community Trust

Rating52/100

Number of ratings5

Active installs80

Alternatives

LinkedInclude Alternatives

OG — Better Share on Social Media

100

The simple method to add Open Graph metadata to your entries so that they look great when shared on sites.

30K No CVEs

Social Media Widget

social-media-widget

Adds links to all of your social media and sharing site profiles. Tons of icons come in 3 sizes, 4 icon styles, and 4 animations.

30K 3 CVEs

Meks Smart Social Widget

meks-smart-social-widget

Easily display more than 100 social icons inside your WordPress widget.

10K 4 CVEs

miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn)

miniorange-login-openid

Social Login with Discord, Facebook, Google, Twitter, LinkedIn and 40+ apps. Social login with social share and comments. Free, fast & easy! WooCo …

10K 1 unpatched

Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds

tagembed-widget

Collect & Embed Instagram Feed, Embed Facebook Feed, Embed YouTube Videos, Embed Twitter Feed, Google Reviews & 15+ Social Media Feed on website.

10K 2 CVEs

Developer Profile

LinkedInclude Developer Profile

ERA404

5 plugins · 320 total installs

trust score

Avg Security Score

70/100

Avg Patch Time

314 days

View full developer profile

Detection Fingerprints

How We Detect LinkedInclude

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/linkedinclude/linkedinclude_admin.css/wp-content/plugins/linkedinclude/linkedinclude_admin.js

Script Paths

/wp-content/plugins/linkedinclude/linkedinclude_admin.js

HTML / DOM Fingerprints

CSS Classes

linkedincludelinkedinclude_instructionslitabslitablinkedinclude_fetch

Data Attributes

data-expanded

JS Globals

ajax_object

FAQ