WP-Safety

WPDevHub Link Manager Security & Risk Analysis

wordpress.org/plugins/wpdevhub-dlm

Create and Track custom link forwarders with a minimized URL off your own website.

0 active installs v2.7 PHP + WP 4.0+ Updated Dec 16, 2019
links-link-management
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPDevHub Link Manager Safe to Use in 2026?

Generally Safe

Score 85/100

WPDevHub Link Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "wpdevhub-dlm" plugin v2.7 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce checks and capability checks, indicating an awareness of basic security principles. The absence of known CVEs and historical vulnerabilities is a strong indicator of a well-maintained codebase. However, significant concerns arise from the static and taint analysis.

The presence of the `unserialize` function is a major red flag. If the data being unserialized is not strictly controlled and validated, it can lead to arbitrary object deserialization vulnerabilities, which can be critical. Coupled with a taint analysis flow showing an unsanitized path of high severity, this combination points to a potentially exploitable vulnerability. The low percentage of properly escaped output (9%) also suggests a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted directly without proper sanitization.

While the plugin has no recorded vulnerabilities, the identified code signals and taint analysis results suggest potential weaknesses that could lead to future issues. The overall risk is elevated due to the high-severity taint flow combined with the dangerous `unserialize` function and the lack of proper output escaping. Addressing these specific code-level concerns is crucial for improving the plugin's security.

Key Concerns

  • High severity unsanitized path flow
  • Dangerous unserialize function used
  • Low percentage of properly escaped output
Vulnerabilities
None known

WPDevHub Link Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WPDevHub Link Manager Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
22 prepared
Unescaped Output
20
2 escaped
Nonce Checks
1
Capability Checks
2
File Operations
4
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializereturn unserialize(base64_decode($object));classes\core\class.DSCF_DLM_StandardObjectRecord.php:64

SQL Query Safety

100% prepared22 total queries

Output Escaping

9% escaped22 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<inc.settings-base> (pages\inc.settings-base.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPDevHub Link Manager Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionwidget_comments_argsclasses\core\class.DSCF_DLM_StandardCustomPostType.php:34
filtercomment_feed_whereclasses\core\class.DSCF_DLM_StandardCustomPostType.php:35
actionadmin_enqueue_scriptsclasses\core\class.DSCF_DLM_StandardMain.php:66
actionwp_enqueue_scriptsclasses\core\class.DSCF_DLM_StandardMain.php:67
actionadmin_menuclasses\core\class.DSCF_DLM_StandardMain.php:68
actionwp_enqueue_scriptsclasses\core\class.DSCF_DLM_StandardMain.php:187
filterthe_contentclasses\core\class.DSCF_DLM_StandardMain.php:390
filterthe_excerptclasses\core\class.DSCF_DLM_StandardMain.php:391
filterget_the_excerptclasses\core\class.DSCF_DLM_StandardMain.php:392
filterget_the_archive_titleclasses\core\class.DSCF_DLM_StandardMain.php:393
actionsave_postclasses\core\class.DSCF_DLM_StandardMetaBox.php:28
filterthe_contentclasses\core\class.DSCF_DLM_StandardMetaBox.php:32
actioninitinc\inc.setup.php:92
filterdo_parse_requestinc\inc.setup.php:93
actionloop_endinc\inc.setup.php:94
filterthe_permalinkinc\inc.setup.php:99
actioninitindex.php:24
Maintenance & Trust

WPDevHub Link Manager Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedDec 16, 2019
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

WPDevHub Link Manager Alternatives

No alternatives data available yet.

Developer Profile

WPDevHub Link Manager Developer Profile

benhallbenhall

5 plugins · 40 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPDevHub Link Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpdevhub-dlm/assets/js/wpdevhub-dlm-public.js/wp-content/plugins/wpdevhub-dlm/assets/js/wpdevhub-dlm-admin.js/wp-content/plugins/wpdevhub-dlm/assets/css/wpdevhub-dlm-public.css/wp-content/plugins/wpdevhub-dlm/assets/css/wpdevhub-dlm-admin.css
Script Paths
/wp-content/plugins/wpdevhub-dlm/assets/js/wpdevhub-dlm-public.js/wp-content/plugins/wpdevhub-dlm/assets/js/wpdevhub-dlm-admin.js
Version Parameters
wpdevhub-dlm/assets/js/wpdevhub-dlm-public.js?ver=wpdevhub-dlm/assets/js/wpdevhub-dlm-admin.js?ver=wpdevhub-dlm/assets/css/wpdevhub-dlm-public.css?ver=wpdevhub-dlm/assets/css/wpdevhub-dlm-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
wpdevhub-dlm-link-managerwpdevhub-dlm-admin
HTML Comments
<!-- WPDevHub Link Manager Plugin -->
Data Attributes
data-wpdevhub-dlm-iddata-wpdevhub-dlm-slug
JS Globals
wpdevhubDlmAdminwpdevhubDlmPublic
REST Endpoints
/wp-json/wpdevhub-dlm/v1/link
Shortcode Output
[wpdevhub_dlm]
FAQ

Frequently Asked Questions about WPDevHub Link Manager