Does Magic Links have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Magic Links compatible with WordPress 3.0.5?

According to WordPress.org data, Magic Links 1.0.2 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Magic Links updated?

Magic Links was last updated on Feb 10, 2011. Frequent updates are generally a positive security signal.

What is Magic Links's security score?

Magic Links has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Magic Links Security & Risk Analysis

wordpress.org/plugins/magic-links

Magic Links is a WordPress plugin that offers a variety of methods to show links.

10 active installs v1.0.2 PHP + WP 2.3+ Updated Feb 10, 2011

linkspostpostssidebarwidgets

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Magic Links Safe to Use in 2026?

Generally Safe

Score 85/100

Magic Links has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The magic-links v1.0.2 plugin exhibits a generally good security posture from a static analysis perspective, with no critical or high severity issues identified in taint analysis and a clean vulnerability history. The absence of dangerous functions, file operations, and external HTTP requests is commendable. However, several areas raise concerns. The plugin uses raw SQL queries without prepared statements, which is a significant risk for SQL injection vulnerabilities. Furthermore, the low percentage of properly escaped output suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, especially considering the presence of a shortcode which represents a potential entry point for user-supplied data that could be rendered unsafely. The complete lack of nonce and capability checks on its entry points also presents a broad attack surface that could be exploited for various malicious actions.

Key Concerns

Raw SQL queries without prepared statements
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Magic Links Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Magic Links Release Timeline

v1.0.2Current

v1.0

Code Analysis

Analyzed Mar 16, 2026

Magic Links Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

28% escaped18 total outputs

Attack Surface

Magic Links Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[MAGIC-LINKS] magic-links.php:170

WordPress Hooks 5

actionml_update_eventmagic-links.php:146

filterwidget_textmagic-links.php:171

actionadmin_menumagic-links.php:177

filtercron_schedulesmagic-links.php:195

actionplugins_loadedmagic-links.php:241

Scheduled Events 2

ml_update_event

Maintenance & Trust

Magic Links Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedFeb 10, 2011

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Magic Links Alternatives

RaraTheme Companion

raratheme-companion

100

23 extremely useful custom widgets to create an engaging website.

10K No CVEs

Must Read Posts

must-read-posts

Retrieves posts and pages with a certain custom field (e.g. to permanently show your most recommended posts in a widget) and displays them in a list.

10 No CVEs

KeenSalon Companion

keensalon-companion

5 extremely useful custom widgets to create an engaging website.

0 No CVEs

Advanced Random Posts Widget

advanced-random-posts-widget

Provides flexible and advanced random posts. Display it via shortcode or widget with thumbnails, post excerpt, and much more!

10K No CVEs

Per Page Sidebars

per-page-sidebars

The Per Page Sidebars (PPS) plugin allows blog administrators to create a unique sidebar for each Page. No template editing is required.

1K No CVEs

Developer Profile

Magic Links Developer Profile

raychow

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Magic Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

magic-links

Data Attributes

data-ml-colordata-ml-font-sizedata-ml-output-styledata-ml-link-separatordata-ml-target-blankdata-ml-nofollow+12 more

Shortcode Output

[MAGIC-LINKS]

FAQ