Loyalty Links Security & Risk Analysis
wordpress.org/plugins/loyalty-linksConditionally break external links based on referrer history.
Is Loyalty Links Safe to Use in 2026?
Generally Safe
Score 100/100Loyalty Links has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The loyalty-links plugin, version 1.0.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. The absence of file operations and external HTTP requests is also a strong indicator of a secure design. The presence of nonce checks and capability checks, though limited, suggests an awareness of security fundamentals.
However, there are significant concerns. The plugin exposes two REST API routes without any permission callbacks, creating a direct and unprotected attack surface. This is the most critical finding from the static analysis, as unauthenticated access to these endpoints could lead to various vulnerabilities depending on their functionality. The lack of taint analysis data might be due to the static analysis tool's limitations or the plugin's simplicity, but the significant attack surface without authentication is a clear risk.
The plugin's vulnerability history is notably clean, with no recorded CVEs. This is a positive indicator, suggesting that the plugin has historically been developed with security in mind or has not been a significant target for attackers. However, the clean history should not overshadow the identified security weaknesses in the current version, particularly the unprotected REST API endpoints.
Key Concerns
- REST API routes without permission callbacks
- 2 unprotected entry points in attack surface
- Low number of capability checks relative to entry points
Loyalty Links Security Vulnerabilities
Loyalty Links Code Analysis
Output Escaping
Loyalty Links Attack Surface
REST API Routes 2
WordPress Hooks 6
Maintenance & Trust
Loyalty Links Maintenance & Trust
Maintenance Signals
Community Trust
Loyalty Links Alternatives
Exit Links Manager
exit-links-manager
Handle external link redirects with ease. Show notification to users when they visit an external link.
External Links Modifier
external-links-modifier
External Links Modifier automatically updates external links in your posts to open in a new tab with rel="nofollow noreferrer".
NDT Redirect
ndt-redirect
NDT Redirect helps manage external links by adding a no-referrer redirect page, enhancing security and user experience.
External Links – nofollow, noopener & new window
wp-external-links
Internal links & external links manager: open in new window or tab, control nofollow, ugc, sponsored & noopener. SEO friendly.
External Links in New Window / New Tab
open-external-links-in-a-new-window
Open external links in a new window or new tab. SEO optimized and XHTML Strict compliant.
Loyalty Links Developer Profile
56 plugins · 26K total installs
How We Detect Loyalty Links
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/loyalty-links/assets/css/loyalty-links.css/wp-content/plugins/loyalty-links/assets/js/loyalty-links.js/wp-content/plugins/loyalty-links/assets/js/loyalty-links.jsloyalty-links/assets/css/loyalty-links.css?ver=loyalty-links/assets/js/loyalty-links.js?ver=HTML / DOM Fingerprints
loyalty-links-noticeloyaltyLinks/wp-json/loyalty-links/v1/track-referrer