Does PostLinks have any unpatched vulnerabilities?

No. All known vulnerabilities in PostLinks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PostLinks compatible with WordPress 3.0.5?

According to WordPress.org data, PostLinks 0.2 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is PostLinks updated?

PostLinks was last updated on Aug 18, 2010. Frequent updates are generally a positive security signal.

What is PostLinks's security score?

PostLinks has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PostLinks Security & Risk Analysis

wordpress.org/plugins/postlinks

(Beta) An extension of Fields, a custom field management plugin. PostLinks provides additional field types such as Series, PhotoLink and PostLink.

500 active installs v0.2 PHP + WP 3.0+ Updated Aug 18, 2010

admincustomfieldslinkspost

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PostLinks Safe to Use in 2026?

Generally Safe

Score 85/100

PostLinks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "postlinks" plugin v0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a generally secure development approach so far. However, significant concerns arise from the static analysis. The plugin has a notable attack surface, with 2 out of 3 entry points being unprotected AJAX handlers. Furthermore, a very low percentage (4%) of outputs are properly escaped, creating a high risk of cross-site scripting (XSS) vulnerabilities. The complete absence of nonce checks on any of the entry points exacerbates the risk associated with unprotected AJAX handlers. While no critical taint flows or dangerous functions were detected in this analysis, the identified weaknesses, particularly the unprotected AJAX endpoints and poor output escaping, present a substantial risk. The lack of vulnerability history is positive but does not negate the current security flaws.

Key Concerns

2 unprotected AJAX handlers
4% properly escaped outputs
0 Nonce checks found

Vulnerabilities

None known

PostLinks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PostLinks Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

4% escaped49 total outputs

Attack Surface

2 unprotected

PostLinks Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_ls_get_titlepostlinks.php:103

authwp_ajax_ls_get_postspostlinks.php:104

Shortcodes 1

[series] ls-series.php:17

WordPress Hooks 7

actionadmin_menuls-series.php:14

actionfs_meta_savels-series.php:15

actionwidgets_initpostlinks.php:54

actioninitpostlinks.php:56

actionplugin_action_linkspostlinks.php:85

actionfs_initpostlinks.php:97

actionadmin_initpostlinks.php:101

Maintenance & Trust

PostLinks Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedAug 18, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs500

Alternatives

PostLinks Alternatives

Custom Fields Permalink 2

custom-fields-permalink-redux

Plugin allows to use post's custom fields values in permalink structure by adding %field_fieldname%, for posts, pages and custom post types.

600 No CVEs

Show Hidden Post Meta

show-hidden-post-meta

Makes hidden post meta visible on post edit screens

300 No CVEs

WP-Admin Search Post Meta

wp-admin-search-meta

Enables searching post meta fields on admin pages.

300 No CVEs

List More Custom Field Names

list-more-custom-field-names

100

Allows for more existing custom field names to be listed in the dropdown selection field when writing a post.

80 No CVEs

Enable posts order

enable-posts-order

Order posts using a simple drag and drop ui.

10 No CVEs

Developer Profile

PostLinks Developer Profile

Khanh

2 plugins · 510 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PostLinks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/postlinks/css/links.css/wp-content/plugins/postlinks/js/links.js

Script Paths

/wp-content/plugins/postlinks/js/links.js

Version Parameters

postlinks/js/links.js?ver=1.0

HTML / DOM Fingerprints

CSS Classes

fs-series-linked

Shortcode Output

<ul class="ls-series"><a href={$post->part}$ - {$post->post_title}{$post->post_title}

FAQ