WP-Safety

linkle Security & Risk Analysis

wordpress.org/plugins/linkle

Easily embed links to wikipedia topics, amazon book sales, php documentation, and more with [ln linktype]topic[/ln].

10 active installs v0.7 PHP + WP 2.3.2+ Updated Mar 27, 2008
amazongravatarlinkstwitterwikipedia
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is linkle Safe to Use in 2026?

Generally Safe

Score 85/100

linkle has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 18yr ago
Risk Assessment

The 'linkle' plugin v0.7 exhibits a mixed security posture. On one hand, the absence of known CVEs and a clean vulnerability history are positive indicators. Furthermore, the plugin utilizes prepared statements for all SQL queries and demonstrates no file operations or external HTTP requests, reducing common attack vectors.

However, significant concerns arise from the static analysis. The presence of dangerous functions like 'unserialize' and 'create_function' is a major red flag. Compounding this, 100% of output is not properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals a flow with unsanitized paths, though it's not classified as critical or high. The lack of any nonce or capability checks, combined with the use of 'unserialize' without proper input validation, presents a substantial risk of arbitrary code execution or data manipulation.

In conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities and raw SQL, the identified dangerous functions and widespread unescaped output, coupled with unsanitized taint flows and a lack of authorization checks, present a considerable security risk. These weaknesses could be exploited to compromise WordPress sites.

Key Concerns

  • Dangerous functions (unserialize, create_function)
  • Unescaped output (100%)
  • Taint flow with unsanitized paths
  • Missing nonce checks
  • Missing capability checks
Vulnerabilities
None known

linkle Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

linkle Release Timeline

v0.7Current
v0.6
Code Analysis
Analyzed Apr 16, 2026

linkle Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
13
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$array = unserialize($string);LinkleOptions.php:35
create_function$this->func = create_function('$match, $term, $text, $properties', $this->code);LinkleOptions.php:46
unserialize$map = unserialize(get_option("linkle_handler_map"));LinkleOptions.php:111

Bundled Libraries

TinyMCE

Output Escaping

0% escaped13 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<LinkleLink> (tinymce/LinkleLink.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

linkle Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
filterthe_contentlinkle.php:31
filterthe_excerptlinkle.php:32
filtercomment_textlinkle.php:33
actionadmin_menulinkle.php:142
filtermce_pluginstinymce/LinkleButton.php:2
filtermce_buttonstinymce/LinkleButton.php:3
actiontinymce_before_inittinymce/LinkleButton.php:4
Maintenance & Trust

linkle Maintenance & Trust

Maintenance Signals

WordPress version tested2.3.2
Last updatedMar 27, 2008
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

linkle Alternatives

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
Bio Links

Bio Links

bio-links

A
85

With Bio Links plugin you can turn a single link into many. (for example, in your Instagram Profile Bio). A helpful tool direct your visitors where t &hellip;

400 No CVEs
Auto Tagger for Amazon Affiliate Links

Auto Tagger for Amazon Affiliate Links

auto-tagger-for-amazon

A
100

Set your Amazon Affiliate Tracking ID (example-20) for your site just once.

300 No CVEs
Remove Amazon Links from RSS Feed

Remove Amazon Links from RSS Feed

remove-amazon-links-from-rss-feed

A
85

Removes all links to Amazon.com/Amzn.to in the RSS feed.

100 No CVEs
Social Profile Linking

Social Profile Linking

socail-profile-linking

A
85

The Simple Way to Add Retina-Ready Social Media Icons to Your Site

100 No CVEs
Developer Profile

linkle Developer Profile

namidim

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect linkle

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/linkle/linkle.js
Script Paths
/wp-content/plugins/linkle/linkle.js

HTML / DOM Fingerprints

CSS Classes
linkle_link
Data Attributes
link_typelink_termlink_text
Shortcode Output
<span class="linkle_link"
FAQ

Frequently Asked Questions about linkle