WP-Safety

Syndication Links Security & Risk Analysis

wordpress.org/plugins/syndication-links

Link to copies of your cross-posted content in other social networks or websites.

300 active installs v4.5.3 PHP 7.0+ WP 4.9.9+ Updated Jul 5, 2025
indiewebpossesharingsyndication
100
A · Safe
CVEs total1
Unpatched0
Last CVEMay 13, 2015
Plugin page Download
Safety Verdict

Is Syndication Links Safe to Use in 2026?

Generally Safe

Score 100/100

Syndication Links has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 13, 2015Updated 9mo ago
Risk Assessment

The syndication-links plugin version 4.5.3 demonstrates several positive security practices, including the absence of critical or high severity taint flows and 100% of SQL queries using prepared statements. The majority of output is properly escaped, and there are multiple nonce and capability checks in place. The plugin also bundles Lodash, a common and generally well-maintained library. However, the presence of one past medium severity Cross-Site Scripting (XSS) vulnerability, albeit old and patched, suggests that inputs should always be treated with caution. While the static analysis shows no immediate critical vulnerabilities, the past XSS indicates a potential area for concern if input sanitization is not consistently applied across all functionalities.

Key Concerns

  • Past medium severity XSS vulnerability
  • One file operation found
  • Eight external HTTP requests
Vulnerabilities
1

Syndication Links Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2015-9495medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Syndication Links < 1.0.3 - DOM-based Cross-Site Scripting

May 13, 2015 Patched in 1.3 (3177d)
Code Analysis
Analyzed Mar 16, 2026

Syndication Links Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
8
60 escaped
Nonce Checks
3
Capability Checks
4
File Operations
1
External Requests
8
Bundled Libraries
1

Bundled Libraries

Lodash

SQL Query Safety

100% prepared1 total queries

Output Escaping

88% escaped68 total outputs
Attack Surface

Syndication Links Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 52
filterquery_varsincludes\apis\class-syndication-provider-microdotblog.php:17
actionpre_get_postsincludes\apis\class-syndication-provider-microdotblog.php:18
actioninitincludes\apis\class-syndication-provider-microdotblog.php:19
actionadmin_initincludes\apis\class-syndication-provider-microdotblog.php:20
filteruser_contactmethodsincludes\apis\class-syndication-provider-microdotblog.php:21
actionmicrodotblog_get_idsincludes\apis\class-syndication-provider-microdotblog.php:22
actionadmin_initincludes\apis\class-syndication-provider-pinboard.php:22
actioninitincludes\class-post-syndication.php:6
actionload-post.phpincludes\class-post-syndication.php:13
actionload-post-new.phpincludes\class-post-syndication.php:14
actiondo_pingsincludes\class-post-syndication.php:15
actionmicropub_syndicationincludes\class-post-syndication.php:20
actionsyn_syndicationincludes\class-post-syndication.php:21
actionadmin_initincludes\class-post-syndication.php:22
actionadd_meta_boxesincludes\class-post-syndication.php:289
actioninitincludes\class-social-plugins.php:3
filterget_post_syndication_linksincludes\class-social-plugins.php:7
filtersyn_links_url_to_nameincludes\class-social-plugins.php:8
actionwpt_tweet_postedincludes\class-social-plugins.php:9
filterget_post_syndication_linksincludes\class-social-plugins.php:10
actioninitincludes\class-syn-config.php:3
actionadmin_initincludes\class-syn-config.php:4
actionadmin_menuincludes\class-syn-config.php:5
actionwp_enqueue_scriptsincludes\class-syn-config.php:10
filterthe_contentincludes\class-syn-config.php:13
filterthe_content_feedincludes\class-syn-config.php:17
filtercomment_textincludes\class-syn-config.php:19
filterjson_feed_itemincludes\class-syn-config.php:20
actionadmin_enqueue_scriptsincludes\class-syn-config.php:21
actioninitincludes\class-syn-meta.php:3
actionadmin_initincludes\class-syn-meta.php:9
actionsave_postincludes\class-syn-meta.php:10
actionedit_commentincludes\class-syn-meta.php:11
filterquery_varsincludes\class-syn-meta.php:35
actionparse_queryincludes\class-syn-meta.php:36
actionpre_get_postsincludes\class-syn-meta.php:37
filterwp_privacy_personal_data_exportersincludes\class-syn-meta.php:39
actionadmin_enqueue_scriptsincludes\class-syn-meta.php:220
actionadd_meta_boxesincludes\class-syn-meta.php:222
filtermicropub_syndicate-toincludes\class-syndication-provider.php:60
filterthe_contentincludes\functions.php:221
filterthe_contentincludes\functions.php:230
actionadmin_initincludes\micropub\class-synprovider-micropub-bridgy-bluesky.php:29
actionadmin_initincludes\micropub\class-synprovider-micropub-bridgy-flickr.php:28
actionadmin_initincludes\micropub\class-synprovider-micropub-bridgy-github.php:28
actionadmin_initincludes\micropub\class-synprovider-micropub-bridgy-mastodon.php:29
actionwp_footerincludes\webmentions\class-synprovider-webmention-bridgy-mastodon.php:13
filterwebmention_send_varsincludes\webmentions\class-synprovider-webmention-bridgy.php:9
actionadmin_initincludes\webmentions\class-synprovider-webmention-custom.php:14
actionwidgets_initsyndication-links.php:99
actionplugins_loadedsyndication-links.php:194
actionadmin_initsyndication-links.php:210

Scheduled Events 2

microdotblog_get_ids
syn_syndication
Maintenance & Trust

Syndication Links Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 5, 2025
PHP min version7.0
Downloads36K

Community Trust

Rating100/100
Number of ratings5
Active installs300
Alternatives

Syndication Links Alternatives

Share on Mastodon

Share on Mastodon

share-on-mastodon

A
100

Automatically share WordPress posts on Mastodon.

1K No CVEs
Broadcast

Broadcast

threewp-broadcast

A
99

Network content syndication made easy! Automatically share content by multiposting between multisite blogs.

1K 1 CVE
IndieWeb

IndieWeb

indieweb

A
99

IndieWeb for WordPress!

600 1 CVE
IndieWeb Press This

IndieWeb Press This

indieweb-press-this

A
85

IndieWebified Press This bookmarklets.

20 No CVEs
The Publisher Desk – Headlines Plus Widget

The Publisher Desk – Headlines Plus Widget

headlines-plus-widget

A
100

Headlines Plus: Free plugin for WordPress to grow your audience with traffic sharing, syndication, and lazy-loading widgets or shortcodes.

10 No CVEs
Developer Profile

Syndication Links Developer Profile

David Shanske

5 plugins · 720 total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
3177 days
View full developer profile
Detection Fingerprints

How We Detect Syndication Links

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/syndication-links/css/syndication-links-admin.css/wp-content/plugins/syndication-links/css/syndication-links.css/wp-content/plugins/syndication-links/js/syndication-links-admin.js/wp-content/plugins/syndication-links/js/syndication-links.js
Version Parameters
syndication-links/css/syndication-links-admin.css?ver=syndication-links/css/syndication-links.css?ver=syndication-links/js/syndication-links-admin.js?ver=syndication-links/js/syndication-links.js?ver=

HTML / DOM Fingerprints

CSS Classes
syndication-links
JS Globals
syndicationLinksAdmin
REST Endpoints
/wp-json/syndication-links
FAQ

Frequently Asked Questions about Syndication Links