Does Linkkit have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Linkkit compatible with WordPress 6.9.4?

According to WordPress.org data, Linkkit 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Linkkit compatible with PHP 7.4+?

Linkkit requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Linkkit updated?

Linkkit was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is Linkkit's security score?

Linkkit has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Linkkit Security & Risk Analysis

wordpress.org/plugins/linkkit

Automatically create and manage Linkkit short links when you publish WordPress posts and pages.

0 active installs v1.0.2 PHP 7.4+ WP 5.8+ Updated Apr 2, 2026

analyticslink-managementshort-linksurl-shortener

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Linkkit Safe to Use in 2026?

Generally Safe

Score 100/100

Linkkit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "linkkit" v1.0.2 plugin exhibits a generally strong security posture, with excellent adherence to secure coding practices. The static analysis reveals a complete absence of dangerous functions and SQL queries that do not utilize prepared statements. Furthermore, all output is properly escaped, and there are no file operations that could pose a risk. The presence of nonce and capability checks on all identified entry points (AJAX handlers) is a significant strength, indicating a conscious effort to protect against unauthorized actions.

However, the analysis does flag four flows with unsanitized paths in the taint analysis. While these are not classified as critical or high severity, unsanitized paths, even if not immediately exploitable due to other checks, represent a potential weakness that could be leveraged if other security controls were bypassed or misconfigured. The plugin also makes four external HTTP requests, which, while not inherently insecure, introduce a dependency on external services and could be a vector for certain types of attacks if not handled with extreme care or if the external service is compromised.

The vulnerability history is a notable strength, showing zero known CVEs and no previously recorded vulnerabilities of any severity. This suggests a history of secure development or diligent patching by the developers. In conclusion, "linkkit" v1.0.2 is a well-developed plugin with robust security measures in place, particularly concerning SQL, output escaping, and authentication on its entry points. The primary area of concern lies in the identified unsanitized paths within the taint analysis, which, although not currently leading to critical vulnerabilities, warrants attention to prevent future issues.

Key Concerns

Flows with unsanitized paths
External HTTP requests without explicit security context

Vulnerabilities

None known

Linkkit Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Linkkit Release Timeline

v1.0.2Current

Code Analysis

Analyzed Apr 16, 2026

Linkkit Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

84 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped84 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths

handle_oauth_callback (includes/class-linkkit-admin.php:98)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Linkkit Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_linkkit_update_slugincludes/class-linkkit-metabox.php:17

authwp_ajax_linkkit_get_short_urlincludes/class-linkkit-metabox.php:18

authwp_ajax_linkkit_update_slugtrunk/includes/class-linkkit-metabox.php:17

authwp_ajax_linkkit_get_short_urltrunk/includes/class-linkkit-metabox.php:18

WordPress Hooks 20

actionadmin_menuincludes/class-linkkit-admin.php:18

actionadmin_initincludes/class-linkkit-admin.php:19

actionadmin_initincludes/class-linkkit-admin.php:20

actionadmin_enqueue_scriptsincludes/class-linkkit-admin.php:21

filterallowed_redirect_hostsincludes/class-linkkit-admin.php:23

actionadd_meta_boxesincludes/class-linkkit-metabox.php:16

actionadmin_enqueue_scriptsincludes/class-linkkit-metabox.php:19

actiontransition_post_statusincludes/class-linkkit-post.php:16

actionpost_updatedincludes/class-linkkit-post.php:17

actionplugins_loadedlinkkit.php:43

actionadmin_menutrunk/includes/class-linkkit-admin.php:18

actionadmin_inittrunk/includes/class-linkkit-admin.php:19

actionadmin_inittrunk/includes/class-linkkit-admin.php:20

actionadmin_enqueue_scriptstrunk/includes/class-linkkit-admin.php:21

filterallowed_redirect_hoststrunk/includes/class-linkkit-admin.php:23

actionadd_meta_boxestrunk/includes/class-linkkit-metabox.php:16

actionadmin_enqueue_scriptstrunk/includes/class-linkkit-metabox.php:19

actiontransition_post_statustrunk/includes/class-linkkit-post.php:16

actionpost_updatedtrunk/includes/class-linkkit-post.php:17

actionplugins_loadedtrunk/linkkit.php:43

Maintenance & Trust

Linkkit Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version7.4

Downloads64

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Linkkit Alternatives

Hi.Fan URL Shortener

hifan

100

Automatically create short, branded URLs for your WordPress posts and pages with Hi.Fan URL Shortener.

0 No CVEs

URL Shortify – Simple and Easy URL Shortener

url-shortify

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs

Linkit expiration links

linkit-expiration-links

100

Linkit is a smart link shortener and expiration plugin for WordPress. Create custom short URLs, track clicks, and control access with time- or click-b …

10 No CVEs

LinkAlert

codirun-linkalert

100

Link management and click tracking plugin for WordPress. Monitor clicks in real time, manage short links, and receive instant notifications.

0 No CVEs

Dashdig Analytics

dashdig-analytics

100

AI-powered URL shortener with human-readable links. Track clicks, analyze performance, and create memorable short URLs - the smart Bitly alternative.

0 No CVEs

Developer Profile

Linkkit Developer Profile

linkkit

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Linkkit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/linkkit/assets/css/admin.css

Version Parameters

linkkit-admin

HTML / DOM Fingerprints

CSS Classes

linkkit-settings-page

HTML Comments

Linkkit admin settings page and OAuth handling.

Data Attributes

data-linkkit-connected

FAQ

Linkkit Security & Risk Analysis

Is Linkkit Safe to Use in 2026?

Generally Safe

Key Concerns

Linkkit Security Vulnerabilities

Linkkit Release Timeline

Linkkit Code Analysis

Output Escaping

Data Flow Analysis

Linkkit Attack Surface

AJAX Handlers 4

Linkkit Maintenance & Trust

Maintenance Signals

Community Trust

Linkkit Alternatives

Hi.Fan URL Shortener

URL Shortify – Simple and Easy URL Shortener

Linkit expiration links

LinkAlert

Dashdig Analytics

Linkkit Developer Profile

How We Detect Linkkit

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Linkkit