Does Links synthesis have any unpatched vulnerabilities?

No. All known vulnerabilities in Links synthesis have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Links synthesis compatible with WordPress 4.5.33?

According to WordPress.org data, Links synthesis 1.3.3 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Links synthesis updated?

Links synthesis was last updated on Apr 18, 2016. Frequent updates are generally a positive security signal.

What is Links synthesis's security score?

Links synthesis has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Links synthesis Security & Risk Analysis

wordpress.org/plugins/links-synthesis

This plugin enables a synthesis of all links and the creation of thumbnail for links in an article and retrieves data from them.

10 active installs v1.3.3 PHP + WP 3.0+ Updated Apr 18, 2016

analysischeckdeadlinksvalidity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Links synthesis Safe to Use in 2026?

Generally Safe

Score 85/100

Links synthesis has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "links-synthesis" v1.3.3 plugin presents a significant security risk due to its large, unprotected attack surface. All 16 identified AJAX handlers lack authentication checks, meaning any user, authenticated or not, can potentially trigger these functions. This is exacerbated by the presence of dangerous functions like `unserialize` and `exec`, which, when combined with unsanitized input, can lead to remote code execution.

Taint analysis reveals 17 flows with unsanitized paths, and 5 of these are classified as high severity. This indicates a strong likelihood of vulnerabilities where user-supplied data can be manipulated to execute malicious code or access sensitive information. The complete absence of nonce checks on AJAX handlers is a critical oversight, making cross-site request forgery (CSRF) attacks highly probable.

The plugin's history of zero known CVEs is a positive sign, suggesting a lack of publicly disclosed vulnerabilities. However, this history, coupled with the alarming static analysis results, indicates that the plugin may be susceptible to undiscovered vulnerabilities. The low percentage of properly escaped output (6%) also raises concerns about potential cross-site scripting (XSS) vulnerabilities. Overall, while the plugin has no public vulnerability history, its internal code structure and lack of basic security checks create a very high-risk profile.

Key Concerns

Unprotected AJAX handlers
Dangerous functions: unserialize, exec
High severity unsanitized taint flows
Missing nonce checks on AJAX
Low percentage of proper output escaping
Unsanitized paths in taint flows
Unprotected entry points
Limited capability checks

Vulnerabilities

None known

Links synthesis Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Links synthesis Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

292

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$plugins = unserialize(@file_get_contents(dirname(__FILE__)."/data/SLFramework_OtherPlugins_".date('core\otherplugins.class.php:48

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:128

unserialize$res = unserialize($request['body']);core\otherplugins.class.php:176

unserialize$meta = unserialize(str_replace("##'##", "'", $tl['metatag'])) ;links-synthesis.php:329

unserialize$head = unserialize(str_replace("##'##", "'", $tl['header'])) ;links-synthesis.php:338

unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $result[0]->occurrence)) ;links-synthesis.php:429

unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $r->occurrence)) ;links-synthesis.php:521

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->metatag)))) {links-synthesis.php:1031

unserializeforeach (unserialize(str_replace("##'##", "'", $r->metatag)) as $k=>$m) {links-synthesis.php:1032

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->header)))) {links-synthesis.php:1037

unserializeforeach (unserialize(str_replace("##'##", "'", $r->header)) as $k=>$m) {links-synthesis.php:1038

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1050

unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1051

unserialize$header_array = unserialize(str_replace("##'##", "'", $r[7])) ;links-synthesis.php:1131

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->metatag)))) {links-synthesis.php:1187

unserializeforeach (unserialize(str_replace("##'##", "'", $r->metatag)) as $k=>$m) {links-synthesis.php:1188

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->header)))) {links-synthesis.php:1193

unserializeforeach (unserialize(str_replace("##'##", "'", $r->header)) as $k=>$m) {links-synthesis.php:1194

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1206

unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1207

exec$str = exec($command, $output, $return) ;links-synthesis.php:1489

unserializeif (is_array(unserialize(str_replace("##'##", "'", $r->occurrence)))) {links-synthesis.php:1582

unserializeforeach (unserialize(str_replace("##'##", "'", $r->occurrence)) as $m) {links-synthesis.php:1583

unserialize$header_array = unserialize(str_replace("##'##", "'", $r[7])) ;links-synthesis.php:1664

unserialize$current_occurrence = unserialize(str_replace("##'##", "'", $r->occurrence)) ;links-synthesis.php:1939

SQL Query Safety

48% prepared48 total queries

Output Escaping

6% escaped309 total outputs

Data Flows

17 unsanitized

Data Flow Analysis

17 flows17 with unsanitized paths

flush (core\admin_table.class.php:170)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

16 unprotected

Links synthesis Attack Surface

Entry Points16

Unprotected16

AJAX Handlers 16

authwp_ajax_translate_addcore.class.php:85

authwp_ajax_translate_modifycore.class.php:86

authwp_ajax_translate_createcore.class.php:87

authwp_ajax_send_translationcore.class.php:88

authwp_ajax_update_summarycore.class.php:89

authwp_ajax_del_paramcore.class.php:92

authwp_ajax_add_paramcore.class.php:93

authwp_ajax_send_feedbackcore.class.php:96

authwp_ajax_changeURLlinks-synthesis.php:55

authwp_ajax_recheckURLlinks-synthesis.php:56

authwp_ajax_ignoreURLlinks-synthesis.php:57

authwp_ajax_doNotIgnoreURLlinks-synthesis.php:58

authwp_ajax_stopAnalysisLinkslinks-synthesis.php:60

authwp_ajax_forceAnalysisLinkslinks-synthesis.php:61

noprivwp_ajax_checkLinksSynthesislinks-synthesis.php:80

authwp_ajax_checkLinksSynthesislinks-synthesis.php:81

WordPress Hooks 29

actioninitcore.class.php:50

actionparse_requestcore.class.php:51

actionadmin_menucore.class.php:53

filterplugin_row_metacore.class.php:54

filterplugin_action_linkscore.class.php:55

actioninitcore.class.php:56

actioninitcore.class.php:58

actionwp_enqueue_scriptscore.class.php:61

actionwp_enqueue_scriptscore.class.php:62

actionwp_enqueue_scriptscore.class.php:64

actionwp_enqueue_scriptscore.class.php:67

actionwp_enqueue_scriptscore.class.php:69

actionwp_enqueue_scriptscore.class.php:70

actionadmin_enqueue_scriptscore.class.php:73

actionadmin_enqueue_scriptscore.class.php:74

actionadmin_enqueue_scriptscore.class.php:76

actionadmin_enqueue_scriptscore.class.php:79

actionadmin_enqueue_scriptscore.class.php:81

actionadmin_enqueue_scriptscore.class.php:82

filterthe_contentcore.class.php:99

filterget_the_excerptcore.class.php:100

filterget_the_excerptcore.class.php:101

actionactivated_plugincore.class.php:104

filtermce_external_pluginscore.class.php:702

filtermce_buttonscore.class.php:703

filtertiny_mce_versioncore.class.php:704

actionsave_postlinks-synthesis.php:63

actiondelete_postlinks-synthesis.php:64

actionall_admin_noticeslinks-synthesis.php:65

Maintenance & Trust

Links synthesis Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedApr 18, 2016

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Links synthesis Alternatives

Check for Broken Links

check-for-broken-links

Check for Broken Links is a WordPress plugin that helps you find and fix broken links on your website.

400 No CVEs

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K 3 CVEs

Title and Nofollow For Links (Classic Editor)

title-and-nofollow-for-links

The plugin adds a title and a rel="nofollow" checkbox to the insert link popup box. Only for Classic Editor, NOT Block Editor.

30K No CVEs

Link Checker Professional

link-checker

An easy to use link checker for WordPress to detect broken links and images on your website.

4K 1 CVE

Broken Link Notifier

broken-link-notifier

Get notifications when a visitor loads a page with broken links

1K 3 CVEs

Developer Profile

Links synthesis Developer Profile

KaizenCoders

14 plugins · 31K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

153 days

View full developer profile

Detection Fingerprints

How We Detect Links synthesis

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ