WP-Safety

WP Category Permalink Security & Risk Analysis

wordpress.org/plugins/wp-category-permalink

Allows manual selection of a 'main' category for each post for nicer permalinks and better SEO.

2K active installs v3.4.0 PHP 5.3+ WP 3.5+ Updated Dec 6, 2018
categorypermalinkwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Category Permalink Safe to Use in 2026?

Generally Safe

Score 85/100

WP Category Permalink has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "wp-category-permalink" plugin v3.4.0 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the lack of documented vulnerabilities and CVEs suggests a history of stable and secure development. The static analysis also shows no critical or high severity taint flows, indicating that data processing within the plugin appears to be handled safely.

However, there are notable areas for improvement. The presence of one SQL query that does not use prepared statements is a concern, as it could potentially lead to SQL injection vulnerabilities if not handled with extreme care in how data is sanitized before being used in the query. Additionally, a very low percentage of output escaping (6%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as data displayed to users may not be properly sanitized, allowing malicious scripts to be injected.

In conclusion, while the plugin benefits from a small attack surface and a clean vulnerability history, the identified issues with SQL query preparation and output escaping represent significant security weaknesses that require immediate attention. Addressing these would greatly enhance the plugin's overall security.

Key Concerns

  • SQL query not using prepared statements
  • Low percentage of properly escaped output
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

WP Category Permalink Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Category Permalink Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
33
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

6% escaped35 total outputs
Attack Surface

WP Category Permalink Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actionadmin_menucommon\admin.php:21
actionadmin_enqueue_scriptscommon\admin.php:22
actionplugins_loadedcommon\admin.php:23
actionadmin_noticescommon\admin.php:38
actionadmin_noticescommon\admin.php:43
actionadmin_enqueue_scriptswp-category-permalink.php:30
actionadmin_print_styles-post.phpwp-category-permalink.php:31
actionadmin_print_styles-post-new.phpwp-category-permalink.php:32
actionadmin_footer-post.phpwp-category-permalink.php:33
actionadmin_footer-post-new.phpwp-category-permalink.php:34
filterpost_row_actionswp-category-permalink.php:35
filtermanage_posts_columnswp-category-permalink.php:36
actionmanage_posts_custom_columnwp-category-permalink.php:37
actiontransition_post_statuswp-category-permalink.php:40
filterpost_link_categorywp-category-permalink.php:43
filterpost_type_linkwp-category-permalink.php:46
filterwpseo_primary_term_taxonomieswp-category-permalink.php:49
actionadmin_menuwpcp_admin.php:10
actionadmin_noticeswpcp_admin.php:11
Maintenance & Trust

WP Category Permalink Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedDec 6, 2018
PHP min version5.3
Downloads101K

Community Trust

Rating96/100
Number of ratings32
Active installs2K
Alternatives

WP Category Permalink Alternatives

Premmerce Permalink Manager for WooCommerce

Premmerce Permalink Manager for WooCommerce

woo-permalink-manager

A
98

Premmerce Permalink Manager for WooCommerce allows you to change WooCommerce permalink and remove product and product_category slugs from the URL.

50K 1 CVE
No Category Base (WPML)

No Category Base (WPML)

no-category-base-wpml

A
100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs
Permalink Manager Lite

Permalink Manager Lite

permalink-manager

A
91

Permalink Manager enhances WordPress’s built-in URL system, allowing you to change the URLs of native and custom post types and taxonomies.

100K 11 CVEs
Remove Category URL – Remove 'category' base from category permalinks

Remove Category URL – Remove 'category' base from category permalinks

remove-category-url

A
100

Remove Category URL strips the /category/ base from your category URLs, turning something like /category/my-category/ into simply /my-category/.

50K No CVEs
Advanced AJAX Product Filters

Advanced AJAX Product Filters

woocommerce-ajax-filters

A
92

Fast and flexible AJAX product filters for WooCommerce. Filter by categories, attributes, price, tags, rating, and more. No page reloads.

50K 4 CVEs
Developer Profile

WP Category Permalink Developer Profile

Jordy Meow

27 plugins · 371K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
372 days
View full developer profile
Detection Fingerprints

How We Detect WP Category Permalink

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-category-permalink/css/wpcp.css/wp-content/plugins/wp-category-permalink/js/wpcp.js
Script Paths
/wp-content/plugins/wp-category-permalink/js/wpcp.js
Version Parameters
wp-category-permalink/css/wpcp.css?ver=wp-category-permalink/js/wpcp.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcp-main-categories
HTML Comments
Post Edit CSS/JS + Update
FAQ

Frequently Asked Questions about WP Category Permalink