Post Bookmarks Security & Risk Analysis
wordpress.org/plugins/post-bookmarksManage links attached to a post through a metabox, and setup how they are displayed in your posts... With a link favicon.
Is Post Bookmarks Safe to Use in 2026?
Generally Safe
Score 85/100Post Bookmarks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The post-bookmarks plugin v2.1.7 presents a mixed security posture. On the positive side, it demonstrates good practices in its SQL query handling, with 100% of queries utilizing prepared statements, and it has no recorded vulnerability history (CVEs). However, the static analysis reveals significant concerns, particularly regarding its attack surface. All three identified AJAX handlers lack authentication checks, making them direct entry points for potential malicious actions. While no critical or high severity taint flows were identified, the presence of 5 flows with unsanitized paths is a red flag, suggesting potential for unexpected behavior or further exploitation if combined with other weaknesses.
The plugin's output escaping is also a concern, with only 67% of outputs properly escaped. This could lead to cross-site scripting (XSS) vulnerabilities if untrusted data is rendered without sufficient sanitization. The plugin does implement some capability checks and a single nonce check, which are positive security controls, but their effectiveness is diminished by the unprotected AJAX handlers. Overall, while the plugin avoids common pitfalls like unpatched CVEs and raw SQL, the unprotected AJAX handlers and less-than-perfect output escaping create a notable risk profile that requires attention.
Key Concerns
- AJAX handlers without authentication checks
- Flows with unsanitized paths
- Output escaping is not fully implemented
Post Bookmarks Security Vulnerabilities
Post Bookmarks Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Post Bookmarks Attack Surface
AJAX Handlers 3
WordPress Hooks 14
Maintenance & Trust
Post Bookmarks Maintenance & Trust
Maintenance Signals
Community Trust
Post Bookmarks Alternatives
Custom Post Links
custom-post-links
Adds a new metabox to the editor, allowing you to attach a set of related links to any post.
Google related post links
google-related-post-links
Displays a list of related posts and searches by Google
EXMAGE – WordPress Image Links
exmage-wp-image-links
Add images using external links - Save your storage with EXMAGE effortlessly
Custom links in Elementor Image Carousel
custom-links-in-elementor-image-carousel
Lets you add custom links in Elementor Image Carousel widget
Floating Side Tab
floating-side-tab
Floating Side Tab lets you add customizable sticky tab menus on any page to showcase quick links, social icons, forms, or custom content.
Post Bookmarks Developer Profile
16 plugins · 380 total installs
How We Detect Post Bookmarks
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-bookmarks/post_bkmarks-admin.css/wp-content/plugins/post-bookmarks/post_bkmarks-admin.js/wp-content/plugins/post-bookmarks/post_bkmarks-frontend.css/wp-content/plugins/post-bookmarks/post_bkmarks-frontend.js/wp-content/plugins/post-bookmarks/post_bkmarks-settings.css/wp-content/plugins/post-bookmarks/post_bkmarks-settings.js/wp-content/plugins/post-bookmarks/assets/css/bootstrap.min.css/wp-content/plugins/post-bookmarks/assets/css/bootstrap-theme.min.css+14 more/wp-content/plugins/post-bookmarks/post_bkmarks-admin.js/wp-content/plugins/post-bookmarks/post_bkmarks-frontend.js/wp-content/plugins/post-bookmarks/post_bkmarks-settings.js/wp-content/plugins/post-bookmarks/assets/js/bootstrap.min.js/wp-content/plugins/post-bookmarks/assets/js/post_bkmarks-admin-settings.js/wp-content/plugins/post-bookmarks/assets/js/post_bkmarks-admin-table.js+11 morepost-bookmarks/post_bkmarks-admin.css?ver=post-bookmarks/post_bkmarks-admin.js?ver=post-bookmarks/post_bkmarks-frontend.css?ver=post-bookmarks/post_bkmarks-frontend.js?ver=post-bookmarks/post_bkmarks-settings.css?ver=post-bookmarks/post_bkmarks-settings.js?ver=post-bookmarks/assets/css/bootstrap.min.css?ver=post-bookmarks/assets/css/bootstrap-theme.min.css?ver=post-bookmarks/assets/js/bootstrap.min.js?ver=post-bookmarks/assets/js/post_bkmarks-admin-settings.js?ver=post-bookmarks/assets/js/post_bkmarks-admin-table.js?ver=post-bookmarks/assets/js/post_bkmarks-save.js?ver=post-bookmarks/assets/js/post_bkmarks-search.js?ver=post-bookmarks/assets/js/post_bkmarks-search_links.js?ver=post-bookmarks/assets/js/post_bkmarks-show.js?ver=post-bookmarks/assets/js/post_bkmarks-show_settings.js?ver=post-bookmarks/assets/js/post_bkmarks-update.js?ver=post-bookmarks/assets/js/post_bkmarks-update_settings.js?ver=post-bookmarks/assets/js/post_bkmarks-validate.js?ver=post-bookmarks/assets/js/jquery.dataTables.min.js?ver=post-bookmarks/assets/js/jquery.tokeninput.js?ver=post-bookmarks/assets/js/selectize.min.js?ver=HTML / DOM Fingerprints
pbkm-meta-boxpbkm-settingspost_bkmarks_links_tablepbkm-save-buttonpbkm-search-inputpbkm-search-links<!-- Post Bookmarks --><!-- pbkm_tab --><!-- pbkm_filter --><!-- pbkm_option -->+12 moredata-post-iddata-pbkm-actiondata-pbkm-link-iddata-pbkm-noncedata-pbkm-tabdata-pbkm-target+3 morepost_bkmarks_ajax_objpbkm_save_objectpbkm_search_objectpbkm_show_objectpbkm_update_objectpbkm_validate_object+2 more/wp-json/post-bookmarks/v1/links/wp-json/post-bookmarks/v1/settings[post_bookmarks]