Does External Links – nofollow, noopener & new window have any unpatched vulnerabilities?

No. All known vulnerabilities in External Links – nofollow, noopener & new window have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is External Links – nofollow, noopener & new window compatible with WordPress 6.9.4?

According to WordPress.org data, External Links – nofollow, noopener & new window 2.63 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is External Links – nofollow, noopener & new window compatible with PHP 7.2+?

External Links – nofollow, noopener & new window requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is External Links – nofollow, noopener & new window updated?

External Links – nofollow, noopener & new window was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is External Links – nofollow, noopener & new window's security score?

External Links – nofollow, noopener & new window has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

External Links – nofollow, noopener & new window Security & Risk Analysis

wordpress.org/plugins/wp-external-links

Internal links & external links manager: open in new window or tab, control nofollow, ugc, sponsored & noopener. SEO friendly.

90K active installs v2.63 PHP 7.2+ WP 4.2+ Updated Dec 3, 2025

external-linksnew-tabnew-windownofollownoopener

A · Safe

CVEs total3

Unpatched0

Last CVEMar 8, 2023

Plugin page Download

Safety Verdict

Is External Links – nofollow, noopener & new window Safe to Use in 2026?

Generally Safe

Score 99/100

External Links – nofollow, noopener & new window has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 8, 2023Updated 4mo ago

Risk Assessment

The wp-external-links plugin, version 2.63, exhibits a mixed security posture. While the static analysis indicates good practices such as 100% prepared SQL statements and a relatively small attack surface with no unprotected entry points, the vulnerability history raises significant concerns. The presence of three known medium-severity vulnerabilities, including CSRF and Cross-site Scripting, suggests a history of exploitable weaknesses. The fact that these vulnerabilities have been addressed and are currently unpatched is a positive sign, but the historical pattern indicates a need for ongoing vigilance and thorough security audits. The lack of identified taint flows in the static analysis is encouraging, but the past vulnerabilities highlight that such issues might have been present or overlooked in prior versions.

Key Concerns

History of medium severity vulnerabilities
History of CSRF vulnerabilities
History of XSS vulnerabilities
82% output escaping is good, but not 100%

Vulnerabilities

External Links – nofollow, noopener & new window Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

WF-ae7d54a5-3952-4206-a5f4-be60aac27767-wp-external-linksmedium · 4.3Cross-Site Request Forgery (CSRF)

External Links <= 2.57 - Cross-Site Request Forgery via action_admin_action_wpel_dismiss_notice

Mar 8, 2023 Patched in 2.58 (407d)

WF-1254e0ad-852e-4fd4-8317-61bfbbc9f737-wp-external-linksmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

External Links <= 2.55 - Authenticated (Administrator+) Cross-Site Scripting

Nov 20, 2022 Patched in 2.56 (429d)

WF-3621801a-231b-4678-bfb5-fbf18e58a658-wp-external-linksmedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP External Links < 1.81 - Authenticated Stored Cross-Site Scripting

Mar 23, 2016 Patched in 1.81 (2862d)

Code Analysis

Analyzed Mar 16, 2026

External Links – nofollow, noopener & new window Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

82% escaped98 total outputs

Attack Surface

External Links – nofollow, noopener & new window Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_wpel_dismiss_noticeincludes\class-wpel-plugin.php:24

WordPress Hooks 10

filteradmin_footer_textincludes\admin\class-wpel-settings-page.php:105

actionfinal_outputincludes\class-wpel-front.php:38

filtersafe_style_cssincludes\class-wpel-plugin.php:96

filtersafe_style_cssincludes\class-wpel-plugin.php:328

actionadmin_initwf-flyout\wf-flyout.php:27

actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:73

actionadmin_headwf-flyout\wf-flyout.php:74

actionadmin_footerwf-flyout\wf-flyout.php:75

actionadmin_noticeswp-external-links.php:60

actioninitwp-external-links.php:101

Maintenance & Trust

External Links – nofollow, noopener & new window Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version7.2

Downloads1.6M

Community Trust

Rating86/100

Number of ratings247

Active installs90K

Alternatives

External Links – nofollow, noopener & new window Alternatives

External Links Manager – Open new window in a new tab + nofollow, noreferrer

smart-external-links-manager

100

Manage external links: new tabs, add rel attribute nofollow, noopener, noreferrer, sponsored, show icon on/off. SEO, secure, XHTML Strict compliant.

30 No CVEs

External Links in New Window / New Tab

open-external-links-in-a-new-window

Open external links in a new window or new tab. SEO optimized and XHTML Strict compliant.

30K 2 CVEs

Open Links In New Tab

open-links-in-new-tab

Opens external links and internal links in a new window depending on user settings. Manage all external & internal links on your site.

1K No CVEs

Daisy Links – open links in new tab, add nofollow attribute, disable right click on links

daisy-links

100

Manage external links effortlessly! open links in new tab, add nofollow attribute, disable right click on links.

70 No CVEs

External Links

sem-external-links

The external links plugin for WordPress lets you process outgoing links differently from internal links.

9K No CVEs

Developer Profile

External Links – nofollow, noopener & new window Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect External Links – nofollow, noopener & new window

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-external-links/public/css/external-links.css/wp-content/plugins/wp-external-links/public/js/external-links.js/wp-content/plugins/wp-external-links/libs/wprun/assets/css/wprun-forms.css

Script Paths

/wp-content/plugins/wp-external-links/public/js/external-links.js

Version Parameters

wp-external-links/public/css/external-links.css?ver=wp-external-links/public/js/external-links.js?ver=wprun/assets/css/wprun-forms.css?ver=

HTML / DOM Fingerprints

CSS Classes

wpel-tooltipwpel-icon

HTML Comments

WP External Links Plugin | WebFactory LtdWPEL SettingsWP External LinksNetwork Settings+2 more

Data Attributes

data-wpel-icondata-wpel-icon-colordata-wpel-icon-positiondata-wpel-titledata-wpel-tooltip-style

JS Globals

WPEL_Settings

FAQ