WP-Safety

URL Autolinker by Jerin.ca Security & Risk Analysis

wordpress.org/plugins/url-autolinker

Automatically link saved keywords to URLs in posts and pages — optional Pro features (including AI Links) available.

10 active installs v2.14.5 PHP 7.2+ WP 5.6+ Updated Feb 24, 2026
autolinkexternal-linksinternal-linkslinksseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is URL Autolinker by Jerin.ca Safe to Use in 2026?

Generally Safe

Score 100/100

URL Autolinker by Jerin.ca has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The url-autolinker plugin version 2.14.5 exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the plugin demonstrates good practices in its SQL query handling, with 100% using prepared statements, and a reasonably high percentage of output escaping (81%), the presence of 13 AJAX handlers entirely without authentication checks presents a significant attack surface. This means any unauthenticated user could potentially trigger actions within the plugin, leading to unintended consequences if these handlers are not robustly sanitized and validated internally.

The static analysis did not reveal any critical or high severity issues in taint flows, and the vulnerability history is clean, indicating a lack of publicly known exploits. However, the absence of any recorded vulnerabilities could also suggest that the plugin has not been extensively audited or that past vulnerabilities were not publicly disclosed. The plugin's reliance on external HTTP requests (4) and file operations (1) also warrant attention, as these can sometimes be vectors for further exploitation if not handled securely.

In conclusion, the plugin's adherence to secure coding practices like prepared statements and output escaping is a positive sign. Nevertheless, the identified lack of authentication on all AJAX handlers is a major weakness that significantly increases its risk profile. A attacker could potentially exploit these unprotected endpoints to trigger plugin functionality, leading to denial-of-service or other unintended behaviors. The lack of a vulnerability history is good, but the substantial unprotected attack surface outweighs this positive aspect.

Key Concerns

  • Unprotected AJAX handlers
  • High percentage of output unescaped
Vulnerabilities
None known

URL Autolinker by Jerin.ca Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

URL Autolinker by Jerin.ca Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
11 prepared
Unescaped Output
64
266 escaped
Nonce Checks
23
Capability Checks
19
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared11 total queries

Output Escaping

81% escaped330 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
url_autolinker_buy_pro_page (url_autolinker.php:1798)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

URL Autolinker by Jerin.ca Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 13

authwp_ajax_ual_update_allurl_autolinker.php:2844
authwp_ajax_ual_search_linksurl_autolinker.php:2875
authwp_ajax_ual_ai_links_post_searchurl_autolinker.php:3808
authwp_ajax_ual_ai_links_post_paragraphsurl_autolinker.php:3840
authwp_ajax_ual_ai_links_post_texturl_autolinker.php:3871
authwp_ajax_ual_ai_links_suggesturl_autolinker.php:3890
authwp_ajax_ual_ai_links_save_selectedurl_autolinker.php:4361
authwp_ajax_ual_ai_links_preview_impacturl_autolinker.php:4399
authwp_ajax_ual_ai_links_taxonomy_generateurl_autolinker.php:4476
authwp_ajax_ual_ai_links_apply_allurl_autolinker.php:4595
authwp_ajax_ual_ai_links_index_batchurl_autolinker.php:4838
authwp_ajax_ual_ai_links_index_statsurl_autolinker.php:4934
authwp_ajax_ual_ai_links_zero_links_batchurl_autolinker.php:4957
WordPress Hooks 13
actionadmin_menuurl_autolinker.php:380
actionadmin_bar_menuurl_autolinker.php:453
actionadmin_enqueue_scriptsurl_autolinker.php:496
actionadmin_footerurl_autolinker.php:572
actionadmin_initurl_autolinker.php:598
actionadmin_noticesurl_autolinker.php:764
actionadmin_post_ual_clear_cacheurl_autolinker.php:2779
actionadmin_noticesurl_autolinker.php:2795
actionadmin_post_ual_exporturl_autolinker.php:2936
actionadmin_post_ual_importurl_autolinker.php:3058
actionadd_meta_boxesurl_autolinker.php:3272
actionsave_posturl_autolinker.php:3302
filterthe_contenturl_autolinker.php:3357
Maintenance & Trust

URL Autolinker by Jerin.ca Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.2
Downloads581

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

URL Autolinker by Jerin.ca Alternatives

anyLink

anyLink

anylink

A
85

AnyLink is a Wordpress plugin which allow you to customise you external link like an internal one.

100 No CVEs
Linkable

Linkable

linkable

A
100

Automatically link keywords in your content to internal pages or posts. Simple, fast, and Gutenberg-compatible.

30 No CVEs
Internal Link Juicer: SEO Auto Linker for WordPress

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

A
99

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs
Internal Links Manager

Internal Links Manager

seo-automated-link-building

A
97

Boost your SEO and get better rankings with our automated link building plugin. With this plugin you can link any keyword to any URL - internal or ext …

10K 3 CVEs
Autolinks Manager – SEO Auto Linker

Autolinks Manager – SEO Auto Linker

daext-autolinks-manager

A
100

Automate your affiliate links, increase product page visits, link glossary keywords, and more with this advanced SEO auto-linker plugin.

2K 1 CVE
Developer Profile

URL Autolinker by Jerin.ca Developer Profile

Jerin George

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect URL Autolinker by Jerin.ca

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/url-autolinker/css//wp-content/plugins/url-autolinker/js/
Script Paths
/wp-content/plugins/url-autolinker/url-autolinker.js/wp-content/plugins/url-autolinker/admin.js/wp-content/plugins/url-autolinker/pro.js/wp-content/plugins/url-autolinker/vendors/clipboard.min.js/wp-content/plugins/url-autolinker/vendors/bootstrap-notify.min.js/wp-content/plugins/url-autolinker/vendors/dragula.min.js
Version Parameters
/wp-content/plugins/url-autolinker/css/admin.css?ver=/wp-content/plugins/url-autolinker/css/bootstrap.min.css?ver=/wp-content/plugins/url-autolinker/css/bootstrap-notify.css?ver=/wp-content/plugins/url-autolinker/css/dragula.min.css?ver=/wp-content/plugins/url-autolinker/css/main.css?ver=/wp-content/plugins/url-autolinker/css/style.css?ver=/wp-content/plugins/url-autolinker/js/admin.js?ver=/wp-content/plugins/url-autolinker/js/bootstrap.min.js?ver=/wp-content/plugins/url-autolinker/js/clipboard.min.js?ver=/wp-content/plugins/url-autolinker/js/dragula.min.js?ver=/wp-content/plugins/url-autolinker/js/url-autolinker.js?ver=

HTML / DOM Fingerprints

CSS Classes
ual-admin-pageual-settings-sectionual-add-new-rowual-loading-spinnerual-tooltip
HTML Comments
<!-- URL Autolinker Pro Button --><!-- URL Autolinker Pro Activation -->
Data Attributes
data-ual-setting-groupdata-ual-setting-namedata-ual-setting-iddata-ual-btn-textdata-ual-btn-classdata-ual-btn-icon
JS Globals
urlAutolinkerAdminurlAutolinkerProUAL
FAQ

Frequently Asked Questions about URL Autolinker by Jerin.ca