WP-Safety

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Security & Risk Analysis

wordpress.org/plugins/betterlinks

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K active installs v2.4.7 PHP 7.4+ WP 5.0+ Updated Feb 26, 2026
affiliate-linkscloakinglink-shortenerredirectsshort-links
98
A · Safe
CVEs total3
Unpatched0
Last CVENov 1, 2024
Plugin page Download
Safety Verdict

Is BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Safe to Use in 2026?

Generally Safe

Score 98/100

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Nov 1, 2024Updated 1mo ago
Risk Assessment

The 'betterlinks' v2.4.7 plugin exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, several concerning aspects warrant attention. The presence of 5 AJAX handlers without authentication checks significantly expands the attack surface and represents a direct vulnerability. Furthermore, the taint analysis reveals 4 high-severity flows with unsanitized paths, indicating potential for injection or data compromise if input is not handled rigorously. The plugin's vulnerability history, despite having no currently unpatched CVEs, shows a pattern of SQL Injection, Improper Authorization, and Cross-site Scripting vulnerabilities. This suggests a recurring need for careful input validation and authorization enforcement within the plugin's codebase. The recent past vulnerability also highlights the ongoing need for vigilance. Overall, the plugin has strengths in its robust SQL and output handling, but the identified unauthenticated entry points and critical taint flows are significant weaknesses that require immediate remediation.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Unsanitized paths in taint flows
  • Use of unserialize function
Vulnerabilities
3

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-51672medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection

Nov 1, 2024 Patched in 2.1.8 (6d)
CVE-2023-45104medium · 6.5Improper Authorization

BetterLinks <= 1.6.0 - Improper Authorization to Data Import and Export

Oct 18, 2023 Patched in 1.6.1 (97d)
CVE-2021-24812medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BetterLinks – Shorten, Track and Manage any URL <= 1.2.5 - Stored Cross-Site Scripting

Oct 20, 2021 Patched in 1.2.6 (825d)
Code Analysis
Analyzed Mar 16, 2026

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Code Analysis

Dangerous Functions
5
Raw SQL Queries
28
212 prepared
Unescaped Output
39
356 escaped
Nonce Checks
77
Capability Checks
86
File Operations
26
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$item->param_struct = unserialize( $item->param_struct );includes\Helper.php:277
unserialize$custom_tracking_scripts = unserialize( $custom_tracking_scripts );includes\Helper.php:282
unserialize$auto_link_keywords = unserialize( $item['auto_link_keywords'] );includes\Tools\Migration\BLImportCSV.php:53
unserialize$response['param_struct'] = unserialize($response['param_struct']);includes\Traits\Links.php:129
unserialize$arg['param_struct'] = unserialize($arg['param_struct']);includes\Traits\Links.php:171

SQL Query Safety

88% prepared240 total queries

Output Escaping

90% escaped395 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

19 flows7 with unsanitized paths
send_data (includes\Admin\WPDev\PluginUsageTracker.php:434)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Attack Surface

Entry Points77
Unprotected5

AJAX Handlers 77

authwp_ajax_betterlinks/admin/search_clicks_dataincludes\Admin\Ajax.php:20
authwp_ajax_betterlinks/admin/links_reorderincludes\Admin\Ajax.php:21
authwp_ajax_betterlinks/admin/links_move_reorderincludes\Admin\Ajax.php:22
authwp_ajax_betterlinks/admin/get_links_by_short_urlincludes\Admin\Ajax.php:23
authwp_ajax_betterlinks/admin/get_links_by_permalinkincludes\Admin\Ajax.php:24
authwp_ajax_betterlinks/admin/get_cat_by_link_idincludes\Admin\Ajax.php:25
authwp_ajax_betterlinks/admin/get_betterlink_categoriesincludes\Admin\Ajax.php:26
authwp_ajax_betterlinks/admin/get_betterlink_tagsincludes\Admin\Ajax.php:27
authwp_ajax_betterlinks/admin/create_betterlink_categoryincludes\Admin\Ajax.php:28
authwp_ajax_betterlinks/admin/get_autolink_create_settingsincludes\Admin\Ajax.php:29
authwp_ajax_betterlinks/admin/write_json_linksincludes\Admin\Ajax.php:30
authwp_ajax_betterlinks/admin/write_json_clicksincludes\Admin\Ajax.php:31
authwp_ajax_betterlinks/admin/analyticsincludes\Admin\Ajax.php:32
authwp_ajax_betterlinks/admin/short_url_unique_checkerincludes\Admin\Ajax.php:33
authwp_ajax_betterlinks/admin/cat_slug_unique_checkerincludes\Admin\Ajax.php:34
authwp_ajax_betterlinks/admin/reset_analyticsincludes\Admin\Ajax.php:35
authwp_ajax_betterlinks/admin/get_clicks_countincludes\Admin\Ajax.php:36
authwp_ajax_betterlinks/admin/backfill_country_dataincludes\Admin\Ajax.php:37
authwp_ajax_betterlinks/admin/clear_analytics_cacheincludes\Admin\Ajax.php:38
authwp_ajax_betterlinks/admin/get_prettylinks_dataincludes\Admin\Ajax.php:40
authwp_ajax_betterlinks/admin/run_prettylinks_migrationincludes\Admin\Ajax.php:41
authwp_ajax_betterlinks/admin/migration_prettylinks_notice_hideincludes\Admin\Ajax.php:42
authwp_ajax_betterlinks/admin/deactive_prettylinksincludes\Admin\Ajax.php:43
authwp_ajax_betterlinks/admin/get_simple301redirects_dataincludes\Admin\Ajax.php:45
authwp_ajax_betterlinks/admin/run_simple301redirects_migrationincludes\Admin\Ajax.php:46
authwp_ajax_betterlinks/admin/migration_simple301redirects_notice_hideincludes\Admin\Ajax.php:47
authwp_ajax_betterlinks/admin/deactive_simple301redirectsincludes\Admin\Ajax.php:48
authwp_ajax_betterlinks/admin/get_thirstyaffiliates_dataincludes\Admin\Ajax.php:50
authwp_ajax_betterlinks/admin/run_thirstyaffiliates_migrationincludes\Admin\Ajax.php:51
authwp_ajax_betterlinks/admin/deactive_thirstyaffiliatesincludes\Admin\Ajax.php:52
authwp_ajax_betterlinks/admin/get_all_linksincludes\Admin\Ajax.php:54
authwp_ajax_betterlinks/admin/create_linkincludes\Admin\Ajax.php:55
authwp_ajax_betterlinks/admin/update_linkincludes\Admin\Ajax.php:56
authwp_ajax_betterlinks/admin/handle_favoriteincludes\Admin\Ajax.php:57
authwp_ajax_betterlinks/admin/delete_linkincludes\Admin\Ajax.php:58
authwp_ajax_betterlinks/admin/get_settingsincludes\Admin\Ajax.php:59
authwp_ajax_betterlinks/admin/update_settingsincludes\Admin\Ajax.php:60
authwp_ajax_betterlinks/admin/get_termsincludes\Admin\Ajax.php:61
authwp_ajax_betterlinks/admin/create_new_termincludes\Admin\Ajax.php:62
authwp_ajax_betterlinks/admin/update_termincludes\Admin\Ajax.php:63
authwp_ajax_betterlinks/admin/delete_termincludes\Admin\Ajax.php:64
authwp_ajax_betterlinks/admin/fetch_analyticsincludes\Admin\Ajax.php:65
authwp_ajax_betterlinks/admin/get_post_typesincludes\Admin\Ajax.php:68
authwp_ajax_betterlinks/admin/get_post_tagsincludes\Admin\Ajax.php:69
authwp_ajax_betterlinks/admin/get_post_categoriesincludes\Admin\Ajax.php:70
authwp_ajax_betterlinks/admin/set_affiliate_link_disclosure_postincludes\Admin\Ajax.php:73
authwp_ajax_betterlinks/admin/get_affiliate_link_disclosure_postincludes\Admin\Ajax.php:74
authwp_ajax_betterlinks/admin/set_affiliate_link_disclosure_textincludes\Admin\Ajax.php:75
authwp_ajax_betterlinks/admin/get_affiliate_link_disclosure_textincludes\Admin\Ajax.php:76
authwp_ajax_betterlinks/admin/get_auto_create_links_settingsincludes\Admin\Ajax.php:79
authwp_ajax_betterlinks/admin/get_external_analyticsincludes\Admin\Ajax.php:81
authwp_ajax_betterlinks__admin_fetch_analytics_graphincludes\Admin\Ajax.php:84
authwp_ajax_betterlinks__admin_menu_noticeincludes\Admin\Ajax.php:87
authwp_ajax_betterlinks__admin_dashboard_noticeincludes\Admin\Ajax.php:88
authwp_ajax_betterlinks_dismiss_black_friday_noticeincludes\Admin\Ajax.php:89
authwp_ajax_betterlinks__fetch_target_urlincludes\Admin\Ajax.php:91
authwp_ajax_betterlinks__check_fbs_linkincludes\Admin\Ajax.php:94
authwp_ajax_betterlinks__create_fbs_linkincludes\Admin\Ajax.php:95
authwp_ajax_betterlinks__update_fbs_linkincludes\Admin\Ajax.php:96
authwp_ajax_betterlinks__client_consentincludes\Admin\Ajax.php:99
authwp_ajax_betterlinks__complete_setupincludes\Admin\Ajax.php:100
noprivwp_ajax_betterlinks__js_analytics_trackingincludes\Admin\Ajax.php:102
authwp_ajax_betterlinks__js_analytics_trackingincludes\Admin\Ajax.php:103
authwp_ajax_betterlinks/admin/update_click_countryincludes\Admin\Ajax.php:106
authwp_ajax_betterlinks/admin/update_clicks_country_by_ipincludes\Admin\Ajax.php:107
authwp_ajax_betterlinks/admin/apply_utm_template_to_linksincludes\Admin\Ajax.php:110
authwp_ajax_betterlinks/admin/get_links_by_categoriesincludes\Admin\Ajax.php:111
authwp_ajax_betterlinks/admin/get_utm_status_countsincludes\Admin\Ajax.php:112
authwp_ajax_betterlinks/admin/get_post_types_with_taxonomiesincludes\Admin\ShortLinkGenerator.php:24
authwp_ajax_betterlinks/admin/get_posts_countincludes\Admin\ShortLinkGenerator.php:25
authwp_ajax_betterlinks/admin/start_bulk_generationincludes\Admin\ShortLinkGenerator.php:26
authwp_ajax_betterlinks/admin/get_generation_progressincludes\Admin\ShortLinkGenerator.php:27
authwp_ajax_betterlinks/admin/pause_bulk_generationincludes\Admin\ShortLinkGenerator.php:28
authwp_ajax_betterlinks/admin/resume_bulk_generationincludes\Admin\ShortLinkGenerator.php:29
authwp_ajax_betterlinks/admin/cancel_bulk_generationincludes\Admin\ShortLinkGenerator.php:30
authwp_ajax_betterlinks/admin/download_generation_reportincludes\Admin\ShortLinkGenerator.php:31
authwp_ajax_betterlinks/tools/get_import_infoincludes\Tools\Import.php:9
WordPress Hooks 69
actionplugins_loadedbetterlinks.php:39
actionbetterlinks_loadedbetterlinks.php:40
actionadmin_initbetterlinks.php:41
actionadmin_initbetterlinks.php:42
actionadmin_initbetterlinks.php:43
actionwp_enqueue_scriptsbetterlinks.php:45
actionadmin_enqueue_scriptsincludes\Admin\Assets.php:11
actionenqueue_block_editor_assetsincludes\Admin\Assets.php:12
filterfluent_boards/asset_listed_slugsincludes\Admin\Assets.php:13
actionwp_print_scriptsincludes\Admin\Assets.php:26
actionadmin_menuincludes\Admin\Menu.php:14
actionadd_meta_boxesincludes\Admin\Metabox.php:11
actionadd_meta_boxesincludes\Admin\Metabox.php:12
actionadmin_noticesincludes\Admin\Notice\PrettyLinks.php:27
actionadmin_noticesincludes\Admin\Notice\PrettyLinks.php:29
actionadmin_print_footer_scriptsincludes\Admin\Notice\PrettyLinks.php:31
actionadmin_noticesincludes\Admin\Notice\PrettyLinks.php:38
actionadmin_print_footer_scriptsincludes\Admin\Notice\PrettyLinks.php:40
actionadmin_noticesincludes\Admin\Notice\Simple301.php:17
actionadmin_print_footer_scriptsincludes\Admin\Notice\Simple301.php:18
actionadmin_noticesincludes\Admin\Notice\Simple301.php:23
actionadmin_print_footer_scriptsincludes\Admin\Notice\Simple301.php:25
actionadmin_noticesincludes\Admin\Notice\ThirstyAffiliates.php:19
actionadmin_print_footer_scriptsincludes\Admin\Notice\ThirstyAffiliates.php:20
actionadmin_noticesincludes\Admin\Notice\ThirstyAffiliates.php:25
actionadmin_print_footer_scriptsincludes\Admin\Notice\ThirstyAffiliates.php:27
actionin_admin_headerincludes\Admin\Notice.php:39
actionbtl_compatibity_noticesincludes\Admin\Notice.php:40
actionadmin_footerincludes\Admin\Notice.php:42
actionadmin_noticesincludes\Admin\Notice.php:198
actionadmin_noticesincludes\Admin\Notice.php:201
actionadmin_print_footer_scriptsincludes\Admin\WPDev\PluginUsageTracker.php:162
actionadmin_print_footer_scripts-plugins.phpincludes\Admin\WPDev\PluginUsageTracker.php:163
actionadmin_print_styles-plugins.phpincludes\Admin\WPDev\PluginUsageTracker.php:164
actioninitincludes\Admin\WPDev\WPDevNotice.php:115
actioninitincludes\Admin\WPDev\WPDevNotice.php:117
actionadmin_noticesincludes\Admin\WPDev\WPDevNotice.php:214
actionadmin_noticesincludes\Admin\WPDev\WPDevNotice.php:217
actionadmin_initincludes\Admin.php:25
filterBetterLinks/Admin/skip_no_conflictincludes\Admin.php:26
actionadmin_head-toplevel_page_betterlinksincludes\Admin.php:28
actionadmin_head-toplevel_page_betterlinks-analyticsincludes\Admin.php:29
actionadmin_head-toplevel_page_betterlinks-settingsincludes\Admin.php:30
actionbetterlinks/admin/after_import_dataincludes\Admin.php:31
actionrest_api_initincludes\API\AIBulkLinks.php:18
actionrest_api_initincludes\API\Clicks.php:15
actionrest_api_initincludes\API\Geolocation.php:20
actionrest_api_initincludes\API\Links.php:16
actionrest_api_initincludes\API\Settings.php:16
actionrest_api_initincludes\API\Terms.php:19
filterjwt_auth_whitelistincludes\API.php:16
filterrest_urlincludes\API.php:17
filtercron_schedulesincludes\Cron.php:11
actionbetterlinks/write_json_linksincludes\Cron.php:12
actionbetterlinks/analyticsincludes\Cron.php:17
actionbetterlinks/pre_before_redirectincludes\Elementor.php:20
actionelementor/editor/after_enqueue_scriptsincludes\Elementor.php:23
actionelementor/documents/register_controlsincludes\Elementor.php:24
actionelementor/editor/after_saveincludes\Elementor.php:25
filterelementor/document/save/dataincludes\Elementor.php:26
filterthe_contentincludes\Frontend\LinkChecker.php:17
actionfluent_boards/task_deletedincludes\Integration\FluentBoards.php:13
actionfluent_boards/board_task_archivedincludes\Integration\FluentBoards.php:14
filterbetterlinks__intlfbs_filter_category_from_dashboardincludes\Integration\FluentBoards.php:15
actioninitincludes\Link.php:10
actionbetterlinks_quick_link_creationincludes\Link.php:11
actionbetterlinks_prevent_unwanted_cleincludes\Link.php:12
actionadmin_initincludes\Tools\Export.php:7
actionadmin_initincludes\Tools\Import.php:8

Scheduled Events 3

betterlinks/analytics
betterlinks/write_json_links
betterlinks/analytics
Maintenance & Trust

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads731K

Community Trust

Rating96/100
Number of ratings83
Active installs20K
Alternatives

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Alternatives

URL Shortify – Simple and Easy URL Shortener

URL Shortify – Simple and Easy URL Shortener

url-shortify

A
92

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs
LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

LinkCentral – URL shortener, Custom Links & Affiliate Link Shortener with Link Tracking

linkcentral

A
100

The easiest URL shortener, short links manager, and link tracking plugin. Fast and optimised for better short links, redirects and affiliate links.

300 No CVEs
CleanLinks

CleanLinks

cleanlinks

A
100

Create branded short links, manage redirects, cloak affiliate URLs, and export links via CSV – all from your WordPress dashboard.

0 No CVEs
Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

simple-301-redirects

A
97

Simple 301 Redirects provides an easy method of redirecting requests to another page on your site or elsewhere on the web.

100K 7 CVEs
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
Developer Profile

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
163 days
View full developer profile
Detection Fingerprints

How We Detect BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/betterlinks/assets/css/betterlinks-admin.css/wp-content/plugins/betterlinks/assets/css/betterlinks-frontend.css/wp-content/plugins/betterlinks/assets/css/betterlinks-main.css/wp-content/plugins/betterlinks/assets/js/betterlinks-admin.js/wp-content/plugins/betterlinks/assets/js/betterlinks-frontend.js/wp-content/plugins/betterlinks/assets/js/betterlinks-main.js/wp-content/plugins/betterlinks/assets/js/modules/qrcode.js
Generator Patterns
BetterLinks
Script Paths
/wp-content/plugins/betterlinks/assets/js/betterlinks-admin.js/wp-content/plugins/betterlinks/assets/js/betterlinks-frontend.js/wp-content/plugins/betterlinks/assets/js/betterlinks-main.js
Version Parameters
betterlinks/assets/css/betterlinks-admin.css?ver=betterlinks/assets/css/betterlinks-frontend.css?ver=betterlinks/assets/css/betterlinks-main.css?ver=betterlinks/assets/js/betterlinks-admin.js?ver=betterlinks/assets/js/betterlinks-frontend.js?ver=betterlinks/assets/js/betterlinks-main.js?ver=betterlinks/assets/js/modules/qrcode.js?ver=

HTML / DOM Fingerprints

CSS Classes
betterlinks-admin-wrapbetterlinks-frontend-wrapbetterlinks-slug-inputbetterlinks-input-groupbetterlinks-form-controlbetterlinks-btnbetterlinks-btn-primarybetterlinks-btn-secondary+11 more
HTML Comments
BetterLinks Link Slug Input StartBetterLinks Link Slug Input EndBetterLinks Admin Wrap StartBetterLinks Admin Wrap End+2 more
Data Attributes
data-betterlinks-iddata-betterlinks-slugdata-betterlinks-urldata-betterlinks-targetdata-betterlinks-reldata-betterlinks-sponsored+6 more
JS Globals
BetterLinksbetterlinks_admin_paramsbetterlinks_frontend_paramsbetterlinks_vars
REST Endpoints
/wp-json/betterlinks/v1/links/wp-json/betterlinks/v1/settings/wp-json/betterlinks/v1/categories/wp-json/betterlinks/v1/tags/wp-json/betterlinks/v1/redirect/wp-json/betterlinks/v1/track/wp-json/betterlinks/v1/heatmap/wp-json/betterlinks/v1/analytics
Shortcode Output
[betterlinks][betterlinks_redirect][betterlinks_tracking]
FAQ

Frequently Asked Questions about BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager