WP-Safety

WP MyLinks Security & Risk Analysis

wordpress.org/plugins/wp-mylinks

Easily build your own micro landing page showing all the links you want to share to engage your audience. Use your own brand, link it anywhere.

1K active installs v1.0.7 PHP 7.4+ WP 5.3+ Updated Sep 26, 2024
bioinstagramlanding-pagelinkprofile
91
A · Safe
CVEs total1
Unpatched0
Last CVESep 30, 2024
Plugin page Download
Safety Verdict

Is WP MyLinks Safe to Use in 2026?

Generally Safe

Score 91/100

WP MyLinks has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 30, 2024Updated 1yr ago
Risk Assessment

The wp-mylinks plugin v1.0.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, implementing nonce checks, and performing capability checks on a reasonable number of entry points. The absence of direct file operations and external HTTP requests also reduces potential attack vectors. However, concerns arise from the presence of the `unserialize` function, which can be a significant vulnerability if used with user-controlled input, although taint analysis shows no current flows with unsanitized paths. Furthermore, a notable portion (23%) of output is not properly escaped, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.

The plugin's vulnerability history, including a past medium severity XSS vulnerability, suggests a need for continued vigilance. While there are currently no unpatched CVEs, the previous XSS issue highlights a recurring type of vulnerability that requires careful attention to output sanitization. The limited number of entry points and the absence of unprotected handlers are strengths, but the potential for deserialization vulnerabilities combined with unescaped output warrants caution.

In conclusion, while wp-mylinks has made strides in secure coding practices like prepared statements and authorization checks, the presence of `unserialize` and a significant percentage of unescaped output are clear areas of concern. The past medium vulnerability underscores the importance of thorough output sanitization. The plugin's overall security is fair, but these specific weaknesses require attention to mitigate potential risks.

Key Concerns

  • Dangerous function: unserialize
  • Unescaped output percentage is high (23%)
  • Past medium vulnerability history
Vulnerabilities
1

WP MyLinks Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-47371medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP MyLinks <= 1.0.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Sep 30, 2024 Patched in 1.0.7 (11d)
Code Analysis
Analyzed Mar 16, 2026

WP MyLinks Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
67
230 escaped
Nonce Checks
3
Capability Checks
6
File Operations
0
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );includes\cmb2\includes\CMB2_Utils.php:571

Bundled Libraries

Select2

Output Escaping

77% escaped297 total outputs
Attack Surface

WP MyLinks Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 1

[donate] admin\partials\wp-mylinks-admin-settings.php:32
WordPress Hooks 85
filterpost_type_linkadmin\class-wp-mylinks-admin.php:119
actionpre_get_postsadmin\class-wp-mylinks-admin.php:135
filtermanage_posts_columnsadmin\class-wp-mylinks-admin.php:142
actionmanage_posts_custom_columnadmin\class-wp-mylinks-admin.php:167
actionadmin_noticesadmin\class-wp-mylinks-admin.php:203
actionadmin_initadmin\partials\wp-mylinks-admin-settings.php:40
actionadmin_menuadmin\partials\wp-mylinks-admin-settings.php:42
actioninitadmin\partials\wp-mylinks-links-collection.php:73
actioncmb2_admin_initadmin\partials\wp-mylinks-links-collection.php:80
actionadmin_menuadmin\partials\wp-mylinks-links-collection.php:118
filtercmb2_render_pw_selectincludes\class-cmb-field-select2.php:23
filtercmb2_render_pw_multiselectincludes\class-cmb-field-select2.php:24
filtercmb2_sanitize_pw_multiselectincludes\class-cmb-field-select2.php:25
filtercmb2_types_esc_pw_multiselectincludes\class-cmb-field-select2.php:26
filtercmb2_repeat_table_row_typesincludes\class-cmb-field-select2.php:27
actionadmin_enqueue_scriptsincludes\class-cmb-field-select2.php:30
filterwp_dropdown_pagesincludes\class-wp-mylinks-loader.php:162
actionpre_get_postsincludes\class-wp-mylinks-loader.php:164
actiontemplate_redirectincludes\class-wp-mylinks-loader.php:165
actioninitincludes\class-wp-mylinks-post-type.php:78
actioncmb2_admin_initincludes\class-wp-mylinks-post-type.php:93
actionadd_meta_boxesincludes\class-wp-mylinks-post-type.php:757
actionplugins_loadedincludes\class-wp-mylinks.php:154
actionadmin_enqueue_scriptsincludes\class-wp-mylinks.php:169
actionadmin_enqueue_scriptsincludes\class-wp-mylinks.php:170
actionwp_enqueue_scriptsincludes\class-wp-mylinks.php:185
actionwp_enqueue_scriptsincludes\class-wp-mylinks.php:186
actioncmb2_admin_initincludes\cmb2\example-functions.php:105
actioncmb2_admin_initincludes\cmb2\example-functions.php:470
actioncmb2_admin_initincludes\cmb2\example-functions.php:500
actioncmb2_admin_initincludes\cmb2\example-functions.php:564
actioncmb2_admin_initincludes\cmb2\example-functions.php:633
actioncmb2_admin_initincludes\cmb2\example-functions.php:674
actioncmb2_initincludes\cmb2\example-functions.php:777
actioncmb2_save_options-page_fieldsincludes\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onincludes\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_topincludes\cmb2\includes\CMB2_Hookup.php:118
actionedit_form_before_permalinkincludes\cmb2\includes\CMB2_Hookup.php:122
actionedit_form_after_titleincludes\cmb2\includes\CMB2_Hookup.php:126
actionedit_form_after_editorincludes\cmb2\includes\CMB2_Hookup.php:130
actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:134
actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:137
actionadd_attachmentincludes\cmb2\includes\CMB2_Hookup.php:138
actionedit_attachmentincludes\cmb2\includes\CMB2_Hookup.php:139
actionsave_postincludes\cmb2\includes\CMB2_Hookup.php:140
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:147
actionadd_meta_boxes_commentincludes\cmb2\includes\CMB2_Hookup.php:155
actionedit_commentincludes\cmb2\includes\CMB2_Hookup.php:156
filtermanage_edit-comments_columnsincludes\cmb2\includes\CMB2_Hookup.php:159
actionmanage_comments_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:160
filtermanage_edit-comments_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:161
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:162
actionshow_user_profileincludes\cmb2\includes\CMB2_Hookup.php:171
actionedit_user_profileincludes\cmb2\includes\CMB2_Hookup.php:172
actionuser_new_formincludes\cmb2\includes\CMB2_Hookup.php:173
actionpersonal_options_updateincludes\cmb2\includes\CMB2_Hookup.php:175
actionedit_user_profile_updateincludes\cmb2\includes\CMB2_Hookup.php:176
actionuser_registerincludes\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_columnsincludes\cmb2\includes\CMB2_Hookup.php:180
filtermanage_users_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:181
filtermanage_users_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:182
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:183
actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:229
actioncreated_termincludes\cmb2\includes\CMB2_Hookup.php:233
actionedited_termsincludes\cmb2\includes\CMB2_Hookup.php:234
actiondelete_termincludes\cmb2\includes\CMB2_Hookup.php:235
filterwp_prepare_attachment_for_jsincludes\cmb2\includes\CMB2_Hookup_Field.php:54
actionadmin_enqueue_scriptsincludes\cmb2\includes\CMB2_Hookup_Field.php:71
actioncmb2_do_oembedincludes\cmb2\includes\helper-functions.php:131
filteris_protected_metaincludes\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitincludes\cmb2\init.php:131
filtersingle_templatewp-mylinks.php:69
actioninitwp-mylinks.php:90
actioninitwp-mylinks.php:99
filterplugin_action_linkswp-mylinks.php:171
actionadmin_head-options-reading.phpwp-mylinks.php:216
actionpre_get_postswp-mylinks.php:217
filterget_pageswp-mylinks.php:220
actionpre_get_postswp-mylinks.php:242
filtertemplate_includewp-mylinks.php:248
filtercmb2_render_row_cbwp-mylinks.php:347
actionwp_print_scriptswp-mylinks.php:394
actionwp_print_styleswp-mylinks.php:395
Maintenance & Trust

WP MyLinks Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 26, 2024
PHP min version7.4
Downloads25K

Community Trust

Rating78/100
Number of ratings13
Active installs1K
Alternatives

WP MyLinks Alternatives

WP Bio Links

WP Bio Links

wp-bio-links

A
85

Direct your visitors where you need they to go. Add unlimited links to your profile using your own domain, powered by WordPress.

70 No CVEs
Taklink

Taklink

taklink

A
85

Takl.ink is a tools to make a bio link with multiple links. You can use TakL.ink as Instagram bio link or other social networks like Telegram, Faceboo &hellip;

10 No CVEs
Biol.me – Multiple bio links

Biol.me – Multiple bio links

biol-me

A
85

Biol.me is a tools to make a bio link with multiple links. You can use your bio link as Instagram bio link or other social networks like Telegram, Fac &hellip;

0 No CVEs
Link in Bio Creator – Social

Link in Bio Creator – Social

social-lite

A
100

Build link in bio pages directly on your site. Customizable, accessible and SEO-friendly.

2K No CVEs
WP About Author

WP About Author

wp-about-author

A
99

Easily display customizable author bios below your posts

600 1 CVE
Developer Profile

WP MyLinks Developer Profile

Walter Pinem

4 plugins · 41K total installs

82
trust score
Avg Security Score
92/100
Avg Patch Time
73 days
View full developer profile
Detection Fingerprints

How We Detect WP MyLinks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-mylinks/public/css/style.css/wp-content/plugins/wp-mylinks/public/js/main.js/wp-content/plugins/wp-mylinks/admin/js/admin.js/wp-content/plugins/wp-mylinks/admin/css/admin.css
Script Paths
/wp-content/plugins/wp-mylinks/public/js/main.js/wp-content/plugins/wp-mylinks/admin/js/admin.js
Version Parameters
wp-mylinks/public/css/style.css?ver=wp-mylinks/public/js/main.js?ver=wp-mylinks/admin/js/admin.js?ver=wp-mylinks/admin/css/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
mylinks-sectionmylinks-wrappermylinks-social-iconsmylinks-link-itemmylinks-qr-code-container
HTML Comments
<!-- WP MyLinks Plugin --><!-- MyLinks template --><!-- MyLinks QR Code -->
Data Attributes
data-mylinks-id
JS Globals
wpMylinksAdminmylinks
REST Endpoints
/wp-json/wp-mylinks/v1/links
FAQ

Frequently Asked Questions about WP MyLinks