Does Shortlink by BestWebSoft have any unpatched vulnerabilities?

No. All known vulnerabilities in Shortlink by BestWebSoft have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Shortlink by BestWebSoft compatible with WordPress 6.3.8?

According to WordPress.org data, Shortlink by BestWebSoft 1.6.2 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

How often is Shortlink by BestWebSoft updated?

Shortlink by BestWebSoft was last updated on Jun 10, 2025. Frequent updates are generally a positive security signal.

What is Shortlink by BestWebSoft's security score?

Shortlink by BestWebSoft has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shortlink by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/google-shortlink

Replace external WordPress website links with Google shortlinks and track click stats.

80 active installs v1.6.2 PHP + WP 5.6+ Updated Jun 10, 2025

add-link-shortenerfirebase-dynamic-pluginfirebase-linksfirebase-plugingoogle-shortlink

A · Safe

CVEs total1

Unpatched0

Last CVEApr 12, 2017

Plugin page Download

Safety Verdict

Is Shortlink by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 100/100

Shortlink by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 12, 2017Updated 9mo ago

Risk Assessment

The 'google-shortlink' plugin v1.6.2 exhibits a mixed security posture. While it demonstrates good practices with a significant majority of SQL queries using prepared statements and a high percentage of properly escaped output, several concerning signals are present. The static analysis reveals the use of the dangerous `unserialize` function, which can be a significant security risk if not handled with extreme care and strict input validation. Furthermore, the taint analysis indicates four high-severity flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited if malicious input reaches these points. The plugin's vulnerability history, while showing no currently unpatched CVEs, has a past medium-severity Cross-Site Scripting (XSS) vulnerability. This historical pattern, combined with the high-severity taint flows, suggests a latent risk that requires attention, even if recent activity has been clean.

Key Concerns

High severity unsanitized taint flows
Use of dangerous unserialize function
Past medium severity XSS vulnerability

Vulnerabilities

Shortlink by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017

2017

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-281c49d3-078a-4fdc-9720-dac6b3a32892-google-shortlinkmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shortlink by BestWebSoft < 1.5.3 - Reflected Cross-Site Scripting

Apr 12, 2017 Patched in 1.5.3 (2477d)

Code Analysis

Analyzed Mar 16, 2026

Shortlink by BestWebSoft Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

438 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$gglshrtlnk_post_ids = array_filter( unserialize( $gglshrtlnk_row_to_action['post_ids'] ) );google-shortlink.php:593

unserialize$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row_to_action['post_ids'] );google-shortlink.php:629

unserialize$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row_to_action['post_ids'] );google-shortlink.php:652

unserializeif ( 'added_by_direct' != $gglshrtlnk_row['post_ids'] && @unserialize( $gglshrtlnk_row['post_ids'] )google-shortlink.php:819

unserialize$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row['post_ids'] );google-shortlink.php:820

unserialize$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row['post_ids'] );google-shortlink.php:889

Bundled Libraries

Guzzle

SQL Query Safety

49% prepared53 total queries

Output Escaping

91% escaped483 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths

gglshrtlnk_ajax_total_clicks_callback (google-shortlink.php:229)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Shortlink by BestWebSoft Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1452

authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:432

authwp_ajax_additional_optgoogle-shortlink.php:1788

authwp_ajax_total_clicksgoogle-shortlink.php:1790

WordPress Hooks 19

filterload_textdomain_mofilebws_menu\bws_functions.php:37

filtermce_external_pluginsbws_menu\bws_functions.php:1081

filtermce_buttonsbws_menu\bws_functions.php:1082

actionadmin_initbws_menu\bws_functions.php:1357

actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1358

actionadmin_headbws_menu\bws_functions.php:1359

actionadmin_footerbws_menu\bws_functions.php:1360

actionadmin_noticesbws_menu\bws_functions.php:1362

actionwp_enqueue_scriptsbws_menu\bws_functions.php:1364

actionadmin_menugoogle-shortlink.php:1775

actioninitgoogle-shortlink.php:1777

actioninitgoogle-shortlink.php:1778

actionadmin_initgoogle-shortlink.php:1779

actionplugins_loadedgoogle-shortlink.php:1780

actionadmin_post_gglshrtlnk_oauthgoogle-shortlink.php:1784

actionadmin_enqueue_scriptsgoogle-shortlink.php:1786

filterplugin_action_linksgoogle-shortlink.php:1792

filterplugin_row_metagoogle-shortlink.php:1793

actionadmin_noticesgoogle-shortlink.php:1795

Maintenance & Trust

Shortlink by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedJun 10, 2025

PHP min version

Downloads21K

Community Trust

Rating76/100

Number of ratings6

Active installs80

Alternatives

Shortlink by BestWebSoft Alternatives

No alternatives data available yet.

Developer Profile

Shortlink by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

1944 days

View full developer profile

Detection Fingerprints

How We Detect Shortlink by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/google-shortlink/css/admin_page.css/wp-content/plugins/google-shortlink/css/style.css/wp-content/plugins/google-shortlink/js/script.js

Script Paths

/wp-content/plugins/google-shortlink/js/script.js

Version Parameters

google-shortlink/css/admin_page.css?ver=google-shortlink/css/style.css?ver=google-shortlink/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

 This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License, version 3, as
	published by the Free Software Foundation.

 This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

JS Globals

gglshrtlnk_vars

FAQ

Shortlink by BestWebSoft Security & Risk Analysis

Is Shortlink by BestWebSoft Safe to Use in 2026?

Generally Safe

Key Concerns

Shortlink by BestWebSoft Security Vulnerabilities

CVEs by Year

Severity Breakdown

Shortlink by BestWebSoft Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Shortlink by BestWebSoft Attack Surface

AJAX Handlers 4

Shortlink by BestWebSoft Maintenance & Trust

Maintenance Signals

Community Trust

Shortlink by BestWebSoft Alternatives

Shortlink by BestWebSoft Developer Profile

How We Detect Shortlink by BestWebSoft

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Shortlink by BestWebSoft