WP-Safety

Noio Iconized Bookmarks Security & Risk Analysis

wordpress.org/plugins/noio-iconized-bookmarks

Plugin that allows you to automatically add favicons to your blog's links.

10 active installs v1.0.1 PHP + WP 2.8+ Updated Feb 20, 2011
blogrollbookmarksfaviconsiconslinks
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Noio Iconized Bookmarks Safe to Use in 2026?

Generally Safe

Score 85/100

Noio Iconized Bookmarks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The "noio-iconized-bookmarks" plugin version 1.0.1 exhibits a concerning security posture despite having a seemingly small attack surface. While the static analysis reports zero AJAX handlers, REST API routes, shortcodes, or cron events without authentication, this lack of entry points might also contribute to the absence of built-in security checks like capability checks and nonce checks. The plugin uses the `create_function` which is deprecated and considered a security risk due to its ability to execute arbitrary PHP code. Furthermore, the taint analysis revealed two high-severity flows with unsanitized paths, indicating potential vulnerabilities related to file operations or external requests where input might not be properly validated before being used in a sensitive operation. The lack of output escaping for all 36 outputs is a significant concern, as it opens the door for cross-site scripting (XSS) vulnerabilities if any user-controlled data is displayed without proper sanitization. The complete absence of recorded CVEs is a positive sign, suggesting the plugin has not had publicly disclosed vulnerabilities. However, this does not negate the issues found in the static analysis. The overall security posture is weakened by the presence of dangerous functions, unsanitized taint flows, and universal output escaping failures, despite the limited attack surface and clean CVE history.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Dangerous function 'create_function' used
  • 100% of outputs are not properly escaped
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

Noio Iconized Bookmarks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Noio Iconized Bookmarks Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
6 prepared
Unescaped Output
36
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("IconizedBookmarksWidget");')noio_iconized_bookmarks.php:69

SQL Query Safety

100% prepared6 total queries

Output Escaping

0% escaped36 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
noio_iconize_bookmarks_options_page (noio_iconized_bookmarks.php:149)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Noio Iconized Bookmarks Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actionwidgets_initnoio_iconized_bookmarks.php:69
actionadmin_headnoio_iconized_bookmarks.php:418
actionadmin_menunoio_iconized_bookmarks.php:419
Maintenance & Trust

Noio Iconized Bookmarks Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedFeb 20, 2011
PHP min version
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Noio Iconized Bookmarks Alternatives

FAVIROLL – FAVIcons for blogROLL

FAVIROLL – FAVIcons for blogROLL

faviroll

A
100

This plugin convert the favicon.ico from the blogroll sites into PNG images and save this in a local cache file. The conversion process works just on …

40 No CVEs
Blogroll Links Favicons

Blogroll Links Favicons

blogroll-links-favicons

A
100

Automatically adds favicons to blogroll/bookmark links.

20 No CVEs
Blogroll Links

Blogroll Links

blogroll-links

A
100

Display your blogroll links anywhere in posts or pages using a simple shortcode.

300 No CVEs
Blogroll Widget with RSS Feeds

Blogroll Widget with RSS Feeds

blogroll-rss-widget

A
85

Displays the recent posts of your blogroll links via RSS Feeds in a customizable sidebar widget

200 No CVEs
Bookmarks Shortcode

Bookmarks Shortcode

bookmarks-shortcode

A
85

Creates shortcodes that will generate an unordered list of your WordPress links (bookmarks).

90 No CVEs
Developer Profile

Noio Iconized Bookmarks Developer Profile

noiodotnl

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Noio Iconized Bookmarks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/noio-iconized-bookmarks/empty.png/wp-content/plugins/noio-iconized-bookmarks/notfound.png/wp-content/plugins/noio-iconized-bookmarks/default.gif/wp-content/plugins/noio-iconized-bookmarks/select.png
Version Parameters
noio-iconized-bookmarks/empty.png?ver=noio-iconized-bookmarks/notfound.png?ver=noio-iconized-bookmarks/default.gif?ver=noio-iconized-bookmarks/select.png?ver=noio-iconized-bookmarks/noio_iconized_bookmarks.php?ver=

HTML / DOM Fingerprints

CSS Classes
iconized_bookmarks
Data Attributes
widget_args
FAQ

Frequently Asked Questions about Noio Iconized Bookmarks