WP-Safety

RK Link Preview Security & Risk Analysis

wordpress.org/plugins/rk-link-preview

Get basic website information from any given URL, in JSON format, and creating visual preview for inserting into content

0 active installs v1.0 PHP + WP + Updated Jun 6, 2022
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is RK Link Preview Safe to Use in 2026?

Generally Safe

Score 85/100

RK Link Preview has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The rk-link-preview plugin v1.0 exhibits a mixed security posture. While it demonstrates good practices such as utilizing prepared statements for all SQL queries and avoiding file operations and external HTTP requests, there are significant areas of concern. The presence of an unprotected AJAX handler represents a direct attack vector that could be exploited by unauthenticated users, especially given the lack of nonce checks and capability checks on this entry point. The relatively high percentage of unescaped output, though not critical in severity based on the available data, still poses a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly sanitized before being displayed.

The plugin has no recorded vulnerability history (CVEs), which is a positive indicator of its past security. However, the static analysis does reveal a small but present attack surface with one unprotected entry point. The absence of any reported taint flows suggests that any potential data handling issues are either not present or not detected by the analysis tools. The reliance on the TinyMCE bundled library is noted, but without information on its specific version and any known vulnerabilities, it's difficult to assess its risk contribution.

Overall, the plugin has some strong security foundations, particularly in database interaction. However, the unprotected AJAX handler is a critical oversight that significantly elevates the risk profile. The less than ideal output escaping also warrants attention. Addressing the unprotected AJAX handler should be the immediate priority to mitigate the most pressing security threat.

Key Concerns

  • Unprotected AJAX handler found
  • Unescaped output detected (27%)
  • Bundled TinyMCE library
Vulnerabilities
None known

RK Link Preview Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

RK Link Preview Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
19 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

73% escaped26 total outputs
Attack Surface
1 unprotected

RK Link Preview Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_get_templatescore\controller\rklp_admin.class.php:15

Shortcodes 1

[rklp_shortcode] core\controller\rklp_editor.class.php:7
WordPress Hooks 8
actionadmin_menucore\controller\rklp_admin.class.php:13
actionadmin_enqueue_scriptscore\controller\rklp_admin.class.php:14
actionwp_enqueue_scriptscore\controller\rklp_admin.class.php:16
actionadmin_enqueue_scriptscore\controller\rklp_admin.class.php:17
actionadmin_headcore\controller\rklp_editor.class.php:6
actioninitcore\controller\rklp_editor.class.php:8
filtermce_external_pluginscore\controller\rklp_editor.class.php:20
filtermce_buttonscore\controller\rklp_editor.class.php:21
Maintenance & Trust

RK Link Preview Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedJun 6, 2022
PHP min version
Downloads930

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

RK Link Preview Alternatives

No alternatives data available yet.

Developer Profile

RK Link Preview Developer Profile

Ruslan Kolibabchuk

2 plugins · 20 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect RK Link Preview

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rk-link-preview/assets/build/css/style.css/wp-content/plugins/rk-link-preview/assets/build/css/front.css/wp-content/plugins/rk-link-preview/assets/build/js/main.js/wp-content/plugins/rk-link-preview/assets/build/js/tinymce-plugins/rk-mce-button.js/wp-content/plugins/rk-link-preview/assets/build/js/tinymce-plugins/rk-shortcodes.js
Script Paths
/wp-content/plugins/rk-link-preview/assets/build/js/main.js/wp-content/plugins/rk-link-preview/assets/build/js/tinymce-plugins/rk-mce-button.js/wp-content/plugins/rk-link-preview/assets/build/js/tinymce-plugins/rk-shortcodes.js
Version Parameters
rk-link-preview/style.css?ver=rk-link-preview/front.css?ver=rk-link-preview/main.js?ver=rk-link-preview/rk-mce-button.js?ver=rk-link-preview/rk-shortcodes.js?ver=

HTML / DOM Fingerprints

CSS Classes
rklp-modal__previewrklp-containerrklp-previewjs-previewrklp-preview__imagerklp-preview__content
Data Attributes
data-templatedata-image
JS Globals
rklkp_ajax_urlwindow.rk_read_more
REST Endpoints
/wp-json/wp/v2/users/wp-json/wp/v2/types/wp-json/wp/v2/categories/wp-json/wp/v2/tags/wp-json/wp/v2/pages/wp-json/wp/v2/posts/wp-json/wp/v2/comments/wp-json/wp/v2/media/wp-json/wp/v2/themes/wp-json/wp/v2/plugins/wp-json/wp/v2/settings/wp-json/wp/v2/taxonomies/wp-json/wp/v2/statuses/wp-json/wp/v2/types/wp-json/wp/v2/search
Shortcode Output
<a href="" class="rklp-modal__preview rklp-container"<div class="rklp-modal__preview rklp-container"<div class="rklp-preview js-preview
FAQ

Frequently Asked Questions about RK Link Preview