Does WP-Partner have any unpatched vulnerabilities?

No. All known vulnerabilities in WP-Partner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP-Partner compatible with WordPress 3.0.5?

According to WordPress.org data, WP-Partner 1.2.1 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is WP-Partner updated?

WP-Partner was last updated on Aug 22, 2010. Frequent updates are generally a positive security signal.

What is WP-Partner's security score?

WP-Partner has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP-Partner Security & Risk Analysis

wordpress.org/plugins/wp-partner

The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.

10 active installs v1.2.1 PHP + WP 2.8+ Updated Aug 22, 2010

librarylinklistpage

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP-Partner Safe to Use in 2026?

Generally Safe

Score 85/100

WP-Partner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "wp-partner" plugin v1.2.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and includes both nonce and capability checks, which are fundamental security mechanisms. The absence of known vulnerabilities in its history also suggests a relatively stable and well-maintained codebase.

However, a significant concern arises from the static analysis, specifically the "Output escaping" metric. With 0% of the 23 identified outputs properly escaped, this indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed without proper sanitization could be manipulated by attackers to inject malicious scripts. Furthermore, the taint analysis reveals two "flows with unsanitized paths" classified as high severity. While not explicitly defined as vulnerabilities, these flows represent potential pathways for malicious data to be processed in an insecure manner, which could be exploited in conjunction with the lack of output escaping.

In conclusion, while the plugin benefits from secure database interaction and basic authorization checks, the widespread lack of output escaping and the presence of high-severity unsanitized data flows are critical security weaknesses. These issues significantly increase the risk of XSS and other injection-related attacks. Addressing these output escaping and taint flow concerns should be the highest priority to improve the plugin's overall security.

Key Concerns

All outputs are unescaped
Two high severity unsanitized taint flows

Vulnerabilities

None known

WP-Partner Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WP-Partner Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

0% escaped23 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

on_save_changes (wp-partner.php:80)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP-Partner Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[wp-partner] wp-partner.php:41

[wp-partner_rform] wp-partner.php:42

WordPress Hooks 6

actionadmin_menuwp-partner.php:36

actionwp_headwp-partner.php:37

actionadmin_initwp-partner.php:38

actionwp_dashboard_setupwp-partner.php:40

actionadmin_post_save_wp_partner_generalwp-partner.php:44

filterscreen_layout_columnswp-partner.php:46

Maintenance & Trust

WP-Partner Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedAug 22, 2010

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP-Partner Alternatives

Link Library

link-library

The purpose of this plugin is to add the ability to output a list of link categories and a complete list of links with notes and descriptions.

10K 1 unpatched

VK Link Target Controller

vk-link-target-controller

100

Redirect your visitors to another page than the post content when they click on the post title.

30K No CVEs

List Children

list-children

Use an HTML comment to list links of the current page's children or siblings.

100 1 CVE

Delink Pages

delink-pages

This plugin will allow you to specify certain pages to not be linked when wp_list_pages() is used in a theme.

10 No CVEs

WP Sitemap Page

wp-sitemap-page

100

Add a sitemap on any of your page using the simple shortcode [wp_sitemap_page]. Improve the SEO and navigation of your website.

300K 1 CVE

Developer Profile

WP-Partner Developer Profile

mantus667

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP-Partner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-partner/stylesheet.css

Version Parameters

wp-partner/stylesheet.css?ver=wp-partner-plugin

HTML / DOM Fingerprints

Shortcode Output

[wp-partner][wp-partner_rform]

FAQ