Does SAPE Links have any unpatched vulnerabilities?

No. All known vulnerabilities in SAPE Links have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SAPE Links compatible with WordPress 4.2.39?

According to WordPress.org data, SAPE Links 0.5.6 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is SAPE Links updated?

SAPE Links was last updated on Mar 14, 2015. Frequent updates are generally a positive security signal.

What is SAPE Links's security score?

SAPE Links has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SAPE Links Security & Risk Analysis

wordpress.org/plugins/ram108-sape

This plugin is in Russian language only.

100 active installs v0.5.6 PHP + WP 3.3.3+ Updated Mar 14, 2015

linksrussiansapeseoyandex

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SAPE Links Safe to Use in 2026?

Generally Safe

Score 85/100

SAPE Links has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The ram108-sape plugin, version 0.5.6, exhibits a mixed security posture. On the positive side, it demonstrates excellent practices regarding SQL queries, utilizing prepared statements exclusively, and has no recorded vulnerability history or external HTTP requests, which are common vectors for exploitation. The static analysis also indicates a minimal attack surface with no unauthenticated entry points found. However, several significant concerns emerge from the code signals. The use of the `create_function` is a major red flag, as it can be a source of arbitrary code execution if not handled with extreme care. Furthermore, a very low percentage of output escaping (8%) suggests a high likelihood of cross-site scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered directly in the browser without proper sanitization. The absence of nonce checks is also concerning, especially if the shortcode handles any user-editable content or actions, as it leaves the plugin open to cross-site request forgery (CSRF) attacks. While the taint analysis shows no immediate critical or high severity flows, the presence of unescaped output and the dangerous `create_function` warrant caution. Overall, while the plugin avoids common vulnerabilities like unpatched CVEs and raw SQL, the identified code quality issues present significant potential risks.

Key Concerns

Use of dangerous function create_function
Low percentage of output escaping (8%)
No nonce checks found

Vulnerabilities

None known

SAPE Links Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SAPE Links Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', "register_widget('ram108_sape_widget');" ) );include\ram108_sape_widget.php:66

Output Escaping

8% escaped24 total outputs

Attack Surface

SAPE Links Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[sape] include\ram108_sape.php:71

WordPress Hooks 12

actionadmin_initinclude\plugin_admin.php:16

actionadmin_menuinclude\plugin_admin.php:17

actionadmin_noticesinclude\plugin_admin.php:154

filterthe_contentinclude\ram108_sape.php:51

filterthe_excerptinclude\ram108_sape.php:56

filterwidget_textinclude\ram108_sape.php:69

filterthe_excerptinclude\ram108_sape.php:70

actionwidgets_initinclude\ram108_sape_widget.php:66

actioninitlibrary\plugin.php:17

actionwp_headlibrary\plugin.php:18

actionwp_footerlibrary\plugin.php:19

actionwp_enqueue_scriptslibrary\plugin.php:20

Maintenance & Trust

SAPE Links Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMar 14, 2015

PHP min version

Downloads16K

Community Trust

Rating90/100

Number of ratings10

Active installs100

Alternatives

SAPE Links Alternatives

Feed Delay

ram108-feed-delay

Delay posts from being appear in the RSS feed immediately after publication.

10 No CVEs

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K 3 CVEs

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs

CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor

mihdan-index-now

Improve your WordPress SEO with instant search-engine indexing, SEO insights, and indexing status tracking.

40K 1 CVE

Developer Profile

SAPE Links Developer Profile

ram108

3 plugins · 310 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SAPE Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ram108-sape/style.css

HTML / DOM Fingerprints

CSS Classes

ram108-slink

Shortcode Output

<div class="ram108-slink">

FAQ