Does WP Link Preview have any unpatched vulnerabilities?

Yes — WP Link Preview currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is WP Link Preview compatible with WordPress 4.9.29?

According to WordPress.org data, WP Link Preview 1.4.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is WP Link Preview updated?

WP Link Preview was last updated on Jun 30, 2018. Frequent updates are generally a positive security signal.

What is WP Link Preview's security score?

WP Link Preview has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Link Preview Security & Risk Analysis

wordpress.org/plugins/wp-link-preview

Display a preview for a URL similar to sharing a link on Facebook.

500 active installs v1.4.1 PHP + WP 4.7+ Updated Jun 30, 2018

facebook-link-previewlink-excerptlink-previewlink-teasershare-link

C · Use Caution

CVEs total1

Unpatched1

Last CVEMar 31, 2025

Download

Safety Verdict

Is WP Link Preview Safe to Use in 2026?

Use With Caution

Score 64/100

WP Link Preview has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Mar 31, 2025Updated 7yr ago

Risk Assessment

The wp-link-preview plugin version 1.4.1 presents a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of an unprotected AJAX handler is a critical vulnerability, providing an entry point for attackers without requiring authentication. Furthermore, the plugin has a documented history of medium severity vulnerabilities, including a recent one related to Server-Side Request Forgery (SSRF) which is still unpatched. This historical pattern suggests potential ongoing security weaknesses that require careful monitoring. Despite the good aspects of its code, the unpatched SSRF vulnerability and the unprotected AJAX handler pose a substantial risk to WordPress sites using this plugin.

Key Concerns

Unprotected AJAX handler
Currently unpatched CVE (medium severity)
Vulnerability history (SSRF)

Vulnerabilities

WP Link Preview Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-31527medium · 6.4Server-Side Request Forgery (SSRF)

WP Link Preview <= 1.4.1 - Authenticated (Contributor+) Server-Side Request Forgery

Mar 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Link Preview Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped22 total outputs

Attack Surface

1 unprotected

WP Link Preview Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_fetch_wplinkpreviewwplinkpreview.php:80

Shortcodes 1

[wplinkpreview] wplinkpreview.php:31

WordPress Hooks 5

actioninitwplinkpreview.php:23

actionadmin_print_scriptswplinkpreview.php:24

actionwp_enqueue_scriptswplinkpreview.php:28

filtermce_external_pluginswplinkpreview.php:76

filtermce_buttonswplinkpreview.php:77

Maintenance & Trust

WP Link Preview Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJun 30, 2018

PHP min version

Downloads16K

Community Trust

Rating96/100

Number of ratings4

Active installs500

Alternatives

WP Link Preview Alternatives

Visual Link Preview

visual-link-preview

Display a fully customizable visual link preview for any internal or external link.

10K 3 CVEs

Bookmark Card

bookmark-card

Turn any URL into a beautiful preview card.

700 No CVEs

Activity Link Preview For BuddyPress

activity-link-preview-for-buddypress

BuddyPress activity link preview displays image, title and description from websites when links are shared in activity posts.

100 1 CVE

URL Preview

link-preview

A plugin used to embed the preview of a link similar to facebook and linkedin

100 No CVEs

4Site ShareThumb – Branded Social Preview OG Image Plugin

sharethumb

Free social share images for unlimited pages using customizable OG image templates. Upgrade to optimize with AI and get sharing analytics.

20 No CVEs

Developer Profile

WP Link Preview Developer Profile

Kishan

1 plugin · 500 total installs

trust score

Avg Security Score

64/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Link Preview

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-link-preview/wplinkpreview.css

Script Paths

/wp-content/plugins/wp-link-preview/wplinkpreview.js

HTML / DOM Fingerprints

JS Globals

siteurl

Shortcode Output

[wplinkpreview url="

FAQ