WP-Safety

Links synthesis Security & Risk Analysis

wordpress.org/plugins/links-synthesis

This plugin enables a synthesis of all links and the creation of thumbnail for links in an article and retrieves data from them.

10 active installs v1.3.3 PHP + WP 3.0+ Updated Apr 18, 2016
analysischeckdeadlinksvalidity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Links synthesis Safe to Use in 2026?

Generally Safe

Score 85/100

Links synthesis has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "links-synthesis" v1.3.3 plugin presents a significant security risk due to its large, unprotected attack surface. All 16 identified AJAX handlers lack authentication checks, meaning any user, authenticated or not, can potentially trigger these functions. This is exacerbated by the presence of dangerous functions like `unserialize` and `exec`, which, when combined with unsanitized input, can lead to remote code execution.

Taint analysis reveals 17 flows with unsanitized paths, and 5 of these are classified as high severity. This indicates a strong likelihood of vulnerabilities where user-supplied data can be manipulated to execute malicious code or access sensitive information. The complete absence of nonce checks on AJAX handlers is a critical oversight, making cross-site request forgery (CSRF) attacks highly probable.

The plugin's history of zero known CVEs is a positive sign, suggesting a lack of publicly disclosed vulnerabilities. However, this history, coupled with the alarming static analysis results, indicates that the plugin may be susceptible to undiscovered vulnerabilities. The low percentage of properly escaped output (6%) also raises concerns about potential cross-site scripting (XSS) vulnerabilities. Overall, while the plugin has no public vulnerability history, its internal code structure and lack of basic security checks create a very high-risk profile.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous functions: unserialize, exec
  • High severity unsanitized taint flows
  • Missing nonce checks on AJAX
  • Low percentage of proper output escaping
  • Unsanitized paths in taint flows
  • Unprotected entry points
  • Limited capability checks
Vulnerabilities
None known

Links synthesis Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Links synthesis Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Links synthesis Code Analysis

Dangerous Functions
25
Raw SQL Queries
25
23 prepared
Unescaped Output
292
17 escaped
Nonce Checks
0
Capability Checks
2
File Operations
72
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize(@file_get_contents(dirname(__FILE__)."/data/SLFramework_OtherPlugins_".date('core\otherplugins.class.php:48
unserialize$res = unserialize($request['body']);core\otherplugins.class.php:128
unserialize$res = unserialize($request['body']);core\otherplugins.class.php:176
unserialize$meta = unserialize(str_replace("##'##", "'", $tl['metatag'])) ;links-synthesis.php:329
unserialize$head = unserialize(str_replace("##'##", "'", $tl['header'])) ;links-synthesis.php:338
unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $result[0]->occurrence)) ;links-synthesis.php:429
unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $r->occurrence)) ;links-synthesis.php:521
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->metatag)))) {links-synthesis.php:1031
unserializeforeach (unserialize(str_replace("##'##", "'", $r->metatag)) as $k=>$m) {links-synthesis.php:1032
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->header)))) {links-synthesis.php:1037
unserializeforeach (unserialize(str_replace("##'##", "'", $r->header)) as $k=>$m) {links-synthesis.php:1038
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1050
unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1051
unserialize$header_array = unserialize(str_replace("##'##", "'", $r[7])) ;links-synthesis.php:1131
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->metatag)))) {links-synthesis.php:1187
unserializeforeach (unserialize(str_replace("##'##", "'", $r->metatag)) as $k=>$m) {links-synthesis.php:1188
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->header)))) {links-synthesis.php:1193
unserializeforeach (unserialize(str_replace("##'##", "'", $r->header)) as $k=>$m) {links-synthesis.php:1194
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1206
unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1207
exec$str = exec($command, $output, $return) ;links-synthesis.php:1489
unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1582
unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1583
unserialize$header_array = unserialize(str_replace("##'##", "'", $r[7])) ;links-synthesis.php:1664
unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $r->occurrence)) ;links-synthesis.php:1939

SQL Query Safety

48% prepared48 total queries

Output Escaping

6% escaped309 total outputs
Data Flows · Security
17 unsanitized

Data Flow Analysis

17 flows17 with unsanitized paths
flush (core\admin_table.class.php:170)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

Links synthesis Attack Surface

Entry Points16
Unprotected16

AJAX Handlers 16

authwp_ajax_translate_addcore.class.php:85
authwp_ajax_translate_modifycore.class.php:86
authwp_ajax_translate_createcore.class.php:87
authwp_ajax_send_translationcore.class.php:88
authwp_ajax_update_summarycore.class.php:89
authwp_ajax_del_paramcore.class.php:92
authwp_ajax_add_paramcore.class.php:93
authwp_ajax_send_feedbackcore.class.php:96
authwp_ajax_changeURLlinks-synthesis.php:55
authwp_ajax_recheckURLlinks-synthesis.php:56
authwp_ajax_ignoreURLlinks-synthesis.php:57
authwp_ajax_doNotIgnoreURLlinks-synthesis.php:58
authwp_ajax_stopAnalysisLinkslinks-synthesis.php:60
authwp_ajax_forceAnalysisLinkslinks-synthesis.php:61
noprivwp_ajax_checkLinksSynthesislinks-synthesis.php:80
authwp_ajax_checkLinksSynthesislinks-synthesis.php:81
WordPress Hooks 29
actioninitcore.class.php:50
actionparse_requestcore.class.php:51
actionadmin_menucore.class.php:53
filterplugin_row_metacore.class.php:54
filterplugin_action_linkscore.class.php:55
actioninitcore.class.php:56
actioninitcore.class.php:58
actionwp_enqueue_scriptscore.class.php:61
actionwp_enqueue_scriptscore.class.php:62
actionwp_enqueue_scriptscore.class.php:64
actionwp_enqueue_scriptscore.class.php:67
actionwp_enqueue_scriptscore.class.php:69
actionwp_enqueue_scriptscore.class.php:70
actionadmin_enqueue_scriptscore.class.php:73
actionadmin_enqueue_scriptscore.class.php:74
actionadmin_enqueue_scriptscore.class.php:76
actionadmin_enqueue_scriptscore.class.php:79
actionadmin_enqueue_scriptscore.class.php:81
actionadmin_enqueue_scriptscore.class.php:82
filterthe_contentcore.class.php:99
filterget_the_excerptcore.class.php:100
filterget_the_excerptcore.class.php:101
actionactivated_plugincore.class.php:104
filtermce_external_pluginscore.class.php:702
filtermce_buttonscore.class.php:703
filtertiny_mce_versioncore.class.php:704
actionsave_postlinks-synthesis.php:63
actiondelete_postlinks-synthesis.php:64
actionall_admin_noticeslinks-synthesis.php:65
Maintenance & Trust

Links synthesis Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedApr 18, 2016
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Links synthesis Alternatives

Check for Broken Links

Check for Broken Links

check-for-broken-links

A
92

Check for Broken Links is a WordPress plugin that helps you find and fix broken links on your website.

400 No CVEs
Archivarix Broken Links Recovery

Archivarix Broken Links Recovery

archivarix-broken-links-recovery

A
100

Finds broken external and internal links and replaces them with Web Archive copies or manages them manually.

200 No CVEs
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

A
96

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K 3 CVEs
Title and Nofollow For Links (Classic Editor)

Title and Nofollow For Links (Classic Editor)

title-and-nofollow-for-links

A
85

The plugin adds a title and a rel="nofollow" checkbox to the insert link popup box. Only for Classic Editor, NOT Block Editor.

30K No CVEs
404 Solution

404 Solution

404-solution

A
86

Automatically redirect 404 errors to the right page using a 7-engine matching pipeline and spell-checking algorithm. Zero configuration required.

10K 8 CVEs
Developer Profile

Links synthesis Developer Profile

KaizenCoders

15 plugins · 31K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
153 days
View full developer profile
Detection Fingerprints

How We Detect Links synthesis

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Links synthesis