Does WP Links Page have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Links Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Links Page compatible with WordPress 6.9.4?

According to WordPress.org data, WP Links Page 5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WP Links Page updated?

WP Links Page was last updated on Dec 4, 2025. Frequent updates are generally a positive security signal.

What is WP Links Page's security score?

WP Links Page has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Links Page Security & Risk Analysis

wordpress.org/plugins/wp-links-page

This plugin allows you to create a dynamic link gallery with screenshots of each link.

4K active installs v5.0 PHP + WP + Updated Dec 4, 2025

link-directorylink-gallerylink-screenshotslink-thumbnailslinks-page

A · Safe

CVEs total5

Unpatched0

Last CVEOct 10, 2025

Plugin page Download

Safety Verdict

Is WP Links Page Safe to Use in 2026?

Generally Safe

Score 95/100

WP Links Page has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Oct 10, 2025Updated 4mo ago

Risk Assessment

The 'wp-links-page' v5.0 plugin exhibits a strong security posture in its current static analysis, with no direct critical or high-severity code vulnerabilities identified. All SQL queries are properly prepared, and output is consistently escaped, indicating good development practices for preventing common web attacks like SQL injection and cross-site scripting. The plugin also implements nonce and capability checks on its entry points, further enhancing its security by restricting unauthorized access and actions. The limited attack surface, with no unprotected AJAX handlers or REST API routes, is also a positive sign.

However, the plugin's historical vulnerability data is a significant concern. Having accumulated five medium-severity vulnerabilities in the past, including SQL injection, missing authorization, CSRF, and XSS, suggests a pattern of past security weaknesses. While these issues are reportedly patched, the frequency and variety of past vulnerabilities indicate potential underlying coding practices that might still be present or could re-emerge in future updates if not rigorously addressed. The fact that the last vulnerability was very recent (2025-10-10) also warrants attention, suggesting ongoing security challenges.

In conclusion, 'wp-links-page' v5.0 demonstrates commendable adherence to secure coding principles in its current version. The absence of immediate threats from static analysis is reassuring. Nevertheless, the plugin's past security track record, characterized by multiple medium-severity vulnerabilities of various types, necessitates a cautious approach. Users should remain vigilant for future updates and be aware of the plugin's history of security issues.

Key Concerns

5 past medium vulnerabilities

Vulnerabilities

WP Links Page Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2025-10175medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection

Oct 10, 2025 Patched in 5.0 (60d)

CVE-2025-30998medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection

Jul 22, 2025 Patched in 5.0 (141d)

CVE-2024-6465medium · 4.3Missing Authorization

WP Links Page <= 4.9.5 - Missing Authorization to Authenticated (Subscriber+) Limited Image Update

Jul 12, 2024 Patched in 4.9.6 (1d)

CVE-2023-47651medium · 4.3Cross-Site Request Forgery (CSRF)

WP Links Page <= 4.9.4 - Cross-Site Request Forgery via wplf_ajax_update_screenshots

Nov 7, 2023 Patched in 4.9.5 (77d)

CVE-2023-22720medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Links Page <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 19, 2023 Patched in 4.9.2 (279d)

Code Analysis

Analyzed Mar 16, 2026

WP Links Page Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

92 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

100% escaped92 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

wplf_ajax_update_screenshots (wp-links-page-free.php:354)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Links Page Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_wplf_ajax_update_screenshotswp-links-page-free.php:421

authwp_ajax_wplf_update_from_previouswp-links-page-free.php:707

Shortcodes 2

[wp_links_page] wp-links-page-free.php:1705

[wp_links_page_free] wp-links-page-free.php:1707

WordPress Hooks 25

actionadmin_initwp-links-page-free.php:58

actionadmin_noticeswp-links-page-free.php:59

filtercron_scheduleswp-links-page-free.php:81

actionwpmu_new_blogwp-links-page-free.php:87

actionwp_links_page_free_eventwp-links-page-free.php:88

actionadmin_initwp-links-page-free.php:95

actionadd_meta_boxes_wplp_linkwp-links-page-free.php:96

actionadmin_menuwp-links-page-free.php:97

actionadmin_enqueue_scriptswp-links-page-free.php:98

actionwp_enqueue_scriptswp-links-page-free.php:352

actioninitwp-links-page-free.php:465

actionpre_get_postswp-links-page-free.php:475

actionload-edit.phpwp-links-page-free.php:511

filterviews_edit-wplp_linkwp-links-page-free.php:512

actionadmin_head-edit.phpwp-links-page-free.php:548

filtermanage_wplp_link_posts_columnswp-links-page-free.php:569

actionmanage_wplp_link_posts_custom_columnwp-links-page-free.php:604

filterthe_titlewp-links-page-free.php:617

actionedit_form_after_titlewp-links-page-free.php:619

filterwp_insert_post_datawp-links-page-free.php:726

actionsave_postwp-links-page-free.php:830

actionbefore_delete_postwp-links-page-free.php:845

filtergettextwp-links-page-free.php:865

actionupdate_option_wplp_screenshot_refreshwp-links-page-free.php:1304

filterthe_contentwp-links-page-free.php:1553

Scheduled Events 4

wp_ajax_wplf_ajax_update_screenshots

wp_links_page_free_event

Maintenance & Trust

WP Links Page Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 4, 2025

PHP min version

Downloads124K

Community Trust

Rating92/100

Number of ratings45

Active installs4K

Alternatives

WP Links Page Alternatives

Simple Link Directory

simple-link-directory

Free LINK DIRECTORY Plugin for WordPress to Curate Links for Web Directory. Link management, Directory Listings, Link Archive, Vendor Directory

2K 6 CVEs

Open Links Directory

odlinks

100

Build A Webpage directory The plugin will help you to build a website directory and allow the site visitors to submit links by themselves.

10 No CVEs

Developer Profile

WP Links Page Developer Profile

Rico Macchi

3 plugins · 6K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

79 days

View full developer profile

Detection Fingerprints

How We Detect WP Links Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-links-page/css/wplp-style.css/wp-content/plugins/wp-links-page/js/wplp-script.js/wp-content/plugins/wp-links-page/images/loading.gif

Script Paths

/wp-content/plugins/wp-links-page/js/wplp-script.js

Version Parameters

wp-links-page/css/wplp-style.css?ver=wp-links-page/js/wplp-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

ss

Data Attributes

data-wplp_iddata-wplp_link_id

JS Globals

wplpf_admin_paramswplf_media_params

Shortcode Output

[wp_links_page]

FAQ