MtG-Tutor.de CardLinker Security & Risk Analysis
wordpress.org/plugins/mtg-tutorde-cardlinkerThis plugin provides some shortcode to easily link MtG Cards and Decks! - Ein Plugin mit dem man ganz leicht MtG Karten und Decks verlinken kann!
Is MtG-Tutor.de CardLinker Safe to Use in 2026?
Generally Safe
Score 85/100MtG-Tutor.de CardLinker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The mtg-tutorde-cardlinker v0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests. All SQL queries are prepared, and capability checks are in place for its entry points. The lack of known vulnerabilities in its history is also a positive indicator.
However, there are significant concerns. The plugin has a very low percentage (23%) of properly escaped output, suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. While the static analysis reported no critical taint flows, the lack of thorough taint analysis (0 flows analyzed) means that potential vulnerabilities could be missed. Furthermore, the absence of nonce checks on its entry points, combined with a notable portion of unescaped output, is a substantial security weakness that could be exploited.
In conclusion, while the plugin has a clean vulnerability history and avoids some common pitfalls, the severe lack of output escaping and the absence of nonce checks present critical risks. These issues indicate a need for significant improvement in secure coding practices, particularly concerning input validation and output sanitization, to mitigate potential XSS attacks.
Key Concerns
- Low output escaping percentage
- No nonce checks on entry points
- Limited taint analysis coverage
MtG-Tutor.de CardLinker Security Vulnerabilities
MtG-Tutor.de CardLinker Code Analysis
Output Escaping
MtG-Tutor.de CardLinker Attack Surface
Shortcodes 2
WordPress Hooks 7
Maintenance & Trust
MtG-Tutor.de CardLinker Maintenance & Trust
Maintenance Signals
Community Trust
MtG-Tutor.de CardLinker Alternatives
Magic the Gathering Card Tooltips
magic-the-gathering-card-tooltips
Easily transform Magic the Gathering card names into links that show the card image in a tooltip when hovering over them. You can also quickly create …
MTGPulse deckbox embedding tool
mtgpulse-magic-the-gathering-deckbox-plugin
Facilitates embedding of MTGPulse.com deckboxes on your word press site
TCG Card Links
tcg-card-links
The goal of this Plug-in is to provide an instantaneous way for you to turn all Magic: the Gathering card names within your blog posts into card infor …
WP MtG-Helper
wp-mtg-helper
The goal of this plugin is to help you writing articels about Magic: the Gathering like tournament reports or draft walkthroughs and reducing the time …
Nginx Helper
nginx-helper
Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.
MtG-Tutor.de CardLinker Developer Profile
1 plugin · 10 total installs
How We Detect MtG-Tutor.de CardLinker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/mtg-tutorde-cardlinker/css/mt_deck.css/wp-content/plugins/mtg-tutorde-cardlinker/js/mt_card_hover.js/wp-content/plugins/mtg-tutorde-cardlinker/js/mt_card_editor_plugin.js/wp-content/plugins/mtg-tutorde-cardlinker/js/mt_deck_editor_plugin.jsmtg-tutorde-cardlinker/css/mt_deck.css?ver=mtg-tutorde-cardlinker/js/mt_card_hover.js?ver=mtg-tutorde-cardlinker/js/mt_card_editor_plugin.js?ver=mtg-tutorde-cardlinker/js/mt_deck_editor_plugin.js?ver=HTML / DOM Fingerprints
mt_cardlinkermt_decklinker