WP-Safety

WP Discord Invite Security & Risk Analysis

wordpress.org/plugins/wp-discord-invite

Create memorable Discord invite links (yoursite.com/discord) with tracking, webhooks, and social previews.

500 active installs v2.6.0 PHP 7.2+ WP 5.2+ Updated Feb 14, 2026
discordinvitelink-shortenervanity-urlwebhook
96
A · Safe
CVEs total4
Unpatched0
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is WP Discord Invite Safe to Use in 2026?

Generally Safe

Score 96/100

WP Discord Invite has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: May 7, 2025Updated 1mo ago
Risk Assessment

The static analysis of wp-discord-invite v2.6.0 reveals a generally secure code base with no identified vulnerabilities in its direct attack surface. The plugin demonstrates good practices by employing prepared statements for all SQL queries and ensuring all output is properly escaped, which significantly mitigates risks of SQL injection and Cross-Site Scripting (XSS) from direct code execution.

However, the plugin's vulnerability history is a significant concern. With four known medium-severity CVEs, including common types like XSS and CSRF, it suggests a pattern of past weaknesses that required patching. The fact that the last vulnerability was recorded in May 2025, and that there are currently no unpatched vulnerabilities, indicates that the developers have addressed past issues. Nevertheless, the existence of past vulnerabilities, particularly common ones, warrants vigilance and suggests that while the current version appears clean, the plugin's development may have had some historical security shortcomings.

Overall, wp-discord-invite v2.6.0 presents a mixed security profile. Its static analysis shows strong adherence to secure coding practices for its current implementation, with a minimal attack surface. The primary risk stems from its history of past vulnerabilities, even though they are currently patched. This history suggests a need for ongoing monitoring and prompt updating to address any future disclosed vulnerabilities.

Key Concerns

  • History of 4 medium-severity CVEs
  • History of XSS and CSRF vulnerabilities
  • No nonce checks on entry points
Vulnerabilities
4

WP Discord Invite Security Vulnerabilities

CVEs by Year

3 CVEs in 2023
2023
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-47638medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Discord Invite <= 2.5.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025 Patched in 2.6.0 (286d)
CVE-2023-5006medium · 5.4Cross-Site Request Forgery (CSRF)

WP Discord Invite < 2.5.1 - Cross-Site Request Forgery to Settings Update

Nov 7, 2023 Patched in 2.5.1 (77d)
CVE-2023-5181medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Discord Invite <= 2.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 16, 2023 Patched in 2.5.2 (99d)
WF-a961d30e-f2cb-458d-8f1a-18f6e769efbc-wp-discord-invitemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Discord Invite <= 2.4.1 - Reflected Cross-Site Scripting via webhook

Sep 24, 2023 Patched in 2.5.1 (121d)
Code Analysis
Analyzed Mar 16, 2026

WP Discord Invite Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
0
80 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped80 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
smr_discord_count_page (includes\countPage.php:22)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Discord Invite Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_enqueue_scriptsincludes\colorPicker.php:16
actionadmin_initincludes\oauthHandler.php:20
actionadmin_noticesincludes\oauthHandler.php:66
actionadmin_noticesincludes\oauthHandler.php:79
filterplugin_row_metaincludes\pluginRowMeta.php:15
actionadmin_menuincludes\registerMenu.php:17
actionadmin_initincludes\registerMenu.php:56
actionparse_requestincludes\urlCatching.php:17
actionplugins_loadedwp-discord-invite.php:73
Maintenance & Trust

WP Discord Invite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 14, 2026
PHP min version7.2
Downloads12K

Community Trust

Rating92/100
Number of ratings7
Active installs500
Alternatives

WP Discord Invite Alternatives

Webhook for Discord

Webhook for Discord

webhook-discord

A
85

This plugin allows you to easily notify the Discord group when you post an article.

500 No CVEs
Add-On for Discord and Gravity Forms

Add-On for Discord and Gravity Forms

gf-discord

A
100

Automatically send Gravity Form entries to a Discord channel.

40 No CVEs
Init Pulse For Discord – Webhooks, Roles, Instant

Init Pulse For Discord – Webhooks, Roles, Instant

init-pulse-for-discord

A
100

Send WordPress post notifications to Discord using webhooks. Lightweight, fast, role-aware, and built for modern WordPress sites.

30 No CVEs
DigitalME Join Button for Discord

DigitalME Join Button for Discord

digitalme-join-button-for-discord

A
100

A simple shortcode and settings page to display a fixed 'Join our Discord!' button.

0 No CVEs
Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

simple-301-redirects

A
97

Simple 301 Redirects provides an easy method of redirecting requests to another page on your site or elsewhere on the web.

100K 7 CVEs
Developer Profile

WP Discord Invite Developer Profile

Sarvesh M Rao

1 plugin · 500 total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
146 days
View full developer profile
Detection Fingerprints

How We Detect WP Discord Invite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-discord-invite/assets/admin-styles.css/wp-content/plugins/wp-discord-invite/assets/dsc-oauth.css/wp-content/plugins/wp-discord-invite/assets/icon-128x128.png/wp-content/plugins/wp-discord-invite/js/color-picker.js
Script Paths
/wp-content/plugins/wp-discord-invite/js/color-picker.js
Version Parameters
/wp-content/plugins/wp-discord-invite/assets/admin-styles.css?ver=2.6.0/wp-content/plugins/wp-discord-invite/assets/dsc-oauth.css?ver=2.6.0/wp-content/plugins/wp-discord-invite/js/color-picker.js

HTML / DOM Fingerprints

CSS Classes
wp-discord-wrapwp-discord-headerwp-discord-header-contentwp-discord-cardwp-discord-card-headerwp-discord-card-bodywp-discord-stats-gridwp-discord-stat-card+7 more
HTML Comments
<!-- COUNT PAGE START --><!-- Header --><!-- Stats Overview Card --><!-- Your Link -->+26 more
Data Attributes
data-setting-name="smr_discord_webhook_enable"data-setting-name="smr_discord_webhook_url"data-setting-name="smr_discord_oauth_enable"data-setting-name="smr_discord_server_id"data-setting-name="smr_discord_bot_token"data-setting-name="smr_discord_channel_id"
JS Globals
smr_discord_activatesmr_discord_deactivatesmr_discord_load_textdomainsmr_discord_enqueue_color_pickersmr_discord_count_pagesmr_discord_settings_page+3 more
FAQ

Frequently Asked Questions about WP Discord Invite