Does Permalink History have any unpatched vulnerabilities?

No. All known vulnerabilities in Permalink History have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Permalink History compatible with WordPress 6.8.5?

According to WordPress.org data, Permalink History 2.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Permalink History updated?

Permalink History was last updated on Feb 10, 2026. Frequent updates are generally a positive security signal.

What is Permalink History's security score?

Permalink History has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Permalink History Security & Risk Analysis

wordpress.org/plugins/permalink-history

Saves the history of your WordPress site permalinks and provides automatic redirects.

50 active installs v2.0.3 PHP + WP 5.0+ Updated Feb 10, 2026

backuphistorypermalinkprotocolseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Permalink History Safe to Use in 2026?

Generally Safe

Score 100/100

Permalink History has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "permalink-history" plugin v2.0.3 exhibits a mixed security posture. While it shows good practices by avoiding dangerous functions, file operations, and external HTTP requests, and largely using prepared statements for SQL queries, significant security concerns exist. The presence of two AJAX handlers without authentication checks presents a direct attack vector that could be exploited by unauthenticated users. Furthermore, the lack of nonce checks on these AJAX endpoints exacerbates this risk, as it makes them susceptible to Cross-Site Request Forgery (CSRF) attacks. The code also shows only 52% of outputs being properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past security diligence. However, this clean history does not negate the immediate risks identified in the current static analysis. The overall conclusion is that while the plugin has some good security foundations, the unprotected AJAX endpoints and potential for unescaped output are critical weaknesses that require immediate attention.

Key Concerns

AJAX handlers without auth checks
Output escaping is insufficient (52% proper)
No nonce checks on AJAX handlers

Vulnerabilities

None known

Permalink History Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Permalink History Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared19 total queries

Output Escaping

52% escaped21 total outputs

Attack Surface

2 unprotected

Permalink History Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_permalink_historyclasses\Ajax.php:9

noprivwp_ajax_permalink_historyclasses\Ajax.php:10

WordPress Hooks 12

actioninitclasses\Components\Plugin.php:30

actioninitclasses\Gutenberg.php:11

actionenqueue_block_editor_assetsclasses\Gutenberg.php:12

actionph_migrate_register_field_handlersclasses\Migrate.php:16

actionsave_postclasses\Post.php:16

actionget_headerclasses\Post.php:17

actiondeleted_postclasses\Post.php:18

actiontemplate_redirectclasses\Redirects.php:22

actionrest_api_initclasses\REST.php:13

actionadmin_initclasses\Settings.php:16

actionedit_termsclasses\TermTaxonomy.php:17

actionget_headerclasses\TermTaxonomy.php:18

Maintenance & Trust

Permalink History Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 10, 2026

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs50

Alternatives

Permalink History Alternatives

Permalink Manager for WooCommerce

permalink-manager-for-woocommerce

100

Permalink Manager for WooCommerce improves your store permalinks and remove product, product_category and product_tag slugs from the URL.

8K No CVEs

Wenprise Pinyin Slug

wenprise-pinyin-slug

自动转换 WordPress 中的中文文章别名、分类项目别名、图片文件名称为汉语拼音或英文翻译。

4K No CVEs

Change Permalink Helper

change-permalink-helper

It checks the Permalink and redirects to the new URL, if it doesn't exist. It sends the header message "moved permanently 301"

1K No CVEs

Greek Multi Tool – Greeklish Slugs, Permalinks & Transliteration

greek-multi-tool

The only lightweight plugin you need for Greek WordPress sites. Auto-convert Greeklish slugs, optimize permalinks, and enhance search without bloat.

1K 2 CVEs

Advanced Permalinks

advanced-permalinks

Allows multiple permalink structures and category-specific permalinks without needing redirects.

400 No CVEs

Developer Profile

Permalink History Developer Profile

EdwardBock

22 plugins · 2K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

107 days

View full developer profile

Detection Fingerprints

How We Detect Permalink History

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/permalink-history/dist/gutenberg.ts.js

Script Paths