[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRwApsvhFl6w1awCvS9QLutI1ZoU9Mh1xeKFSz5aRy3s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":56,"fingerprints":541},"google-shortlink","Shortlink by BestWebSoft","1.6.2","bestweblayout","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestweblayout\u002F","\u003Cp>Shortlink plugin is a useful tool to get short links from Google URL Shortener service without leaving your WordPress website. Generate short links by direct input and\u002For automatically. Replace all external links on your website with short links, restore or delete them from database, and manage statistic.\u003C\u002Fp>\n\u003Cp>Install, activate, and save your time!\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FSZIWLm8mmdU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-shortlink-by-bestwebsoft\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Firebase Dynamic Links API\u003C\u002Fli>\n\u003Cli>Automatically generate short links\u003C\u002Fli>\n\u003Cli>Generate short links by direct output\u003C\u002Fli>\n\u003Cli>Add unlimited number of fields for direct links input\u003C\u002Fli>\n\u003Cli>View list of links with additional info:\n\u003Cul>\n\u003Cli>Page URL\u003C\u002Fli>\n\u003Cli>Short link\u003C\u002Fli>\n\u003Cli>Number of total clicks\u003C\u002Fli>\n\u003Cli>Articles that contain link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Manage your links manually with the following options:\n\u003Cul>\n\u003Cli>Replace\u003C\u002Fli>\n\u003Cli>Restore\u003C\u002Fli>\n\u003Cli>Delete\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Manage all external links automatically:\n\u003Cul>\n\u003Cli>Scan website for new links\u003C\u002Fli>\n\u003Cli>Replace\u003C\u002Fli>\n\u003Cli>Restore\u003C\u002Fli>\n\u003Cli>Restore all links and clear database\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fshortlink\u002Fshortlink-user-guide\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-purchase-a-wordpress-plugin\u002Fhow-to-purchase-wordpress-plugin-from-bestwebsoft\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help — \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"https:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=ed72e881dcfb65a3487b083775c694c1\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003C\u002Ful>\n","Replace external WordPress website links with Google shortlinks and track click stats.",80,20836,76,6,"2025-06-10T10:45:00.000Z","6.3.8","5.6","",[20,21,22,23,4],"add-link-shortener","firebase-dynamic-plugin","firebase-links","firebase-plugin","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-shortlink\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-shortlink.1.6.2.zip",100,1,0,"2017-04-12 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"WF-281c49d3-078a-4fdc-9720-dac6b3a32892-google-shortlink","shortlink-by-bestwebsoft-reflected-cross-site-scripting","Shortlink by BestWebSoft \u003C 1.5.3 - Reflected Cross-Site Scripting","The Shortlink by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘category’ parameter in versions before 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C1.5.3","1.5.3","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F281c49d3-078a-4fdc-9720-dac6b3a32892?source=api-prod",2477,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},32,16570,98,1944,78,"2026-04-04T16:46:28.633Z",[],{"attackSurface":57,"codeSignals":161,"taintFlows":344,"riskAssessment":529,"analyzedAt":540},{"hooks":58,"ajaxHandlers":138,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":160,"unprotectedCount":28},[59,66,70,74,79,83,87,91,96,101,106,110,113,116,120,124,127,131,135],{"type":60,"name":61,"callback":62,"priority":63,"file":64,"line":65},"filter","load_textdomain_mofile","bws_get_mofile",10,"bws_menu\\bws_functions.php",37,{"type":60,"name":67,"callback":68,"file":64,"line":69},"mce_external_plugins","bws_add_buttons",1081,{"type":60,"name":71,"callback":72,"file":64,"line":73},"mce_buttons","bws_register_buttons",1082,{"type":75,"name":76,"callback":77,"file":64,"line":78},"action","admin_init","bws_plugins_admin_init",1357,{"type":75,"name":80,"callback":81,"file":64,"line":82},"admin_enqueue_scripts","bws_admin_enqueue_scripts",1358,{"type":75,"name":84,"callback":85,"file":64,"line":86},"admin_head","bws_plugins_admin_head",1359,{"type":75,"name":88,"callback":89,"file":64,"line":90},"admin_footer","bws_plugins_admin_footer",1360,{"type":75,"name":92,"callback":93,"priority":94,"file":64,"line":95},"admin_notices","bws_admin_notices",30,1362,{"type":75,"name":97,"callback":98,"priority":99,"file":64,"line":100},"wp_enqueue_scripts","bws_enqueue_custom_code_css_js",20,1364,{"type":75,"name":102,"callback":103,"file":104,"line":105},"admin_menu","gglshrtlnk_menu","google-shortlink.php",1775,{"type":75,"name":107,"callback":108,"file":104,"line":109},"init","gglshrtlnk_init",1777,{"type":75,"name":107,"callback":111,"file":104,"line":112},"gglshrtlnk_session_start",1778,{"type":75,"name":76,"callback":114,"file":104,"line":115},"gglshrtlnk_admin_init",1779,{"type":75,"name":117,"callback":118,"file":104,"line":119},"plugins_loaded","gglshrtlnk_plugins_loaded",1780,{"type":75,"name":121,"callback":122,"file":104,"line":123},"admin_post_gglshrtlnk_oauth","gglshrtlnk_oauth",1784,{"type":75,"name":80,"callback":125,"file":104,"line":126},"gglshrtlnk_script_style",1786,{"type":60,"name":128,"callback":129,"priority":63,"file":104,"line":130},"plugin_action_links","gglshrtlnk_action_links",1792,{"type":60,"name":132,"callback":133,"priority":63,"file":104,"line":134},"plugin_row_meta","gglshrtlnk_links",1793,{"type":75,"name":92,"callback":136,"file":104,"line":137},"gglshrtlnk_admin_notices",1795,[139,145,149,153],{"action":140,"nopriv":141,"callback":140,"hasNonce":142,"hasCapCheck":141,"file":143,"line":144},"bws_submit_request_feature_action",false,true,"bws_menu\\class-bws-settings.php",1452,{"action":146,"nopriv":141,"callback":146,"hasNonce":142,"hasCapCheck":141,"file":147,"line":148},"bws_submit_uninstall_reason_action","bws_menu\\deactivation-form.php",432,{"action":150,"nopriv":141,"callback":151,"hasNonce":142,"hasCapCheck":141,"file":104,"line":152},"additional_opt","gglshrtlnk_ajax_additional_opt_callback",1788,{"action":154,"nopriv":141,"callback":155,"hasNonce":142,"hasCapCheck":141,"file":104,"line":156},"total_clicks","gglshrtlnk_ajax_total_clicks_callback",1790,[],[],[],4,{"dangerousFunctions":162,"sqlUsage":181,"outputEscaping":243,"fileOperations":338,"externalRequests":63,"nonceChecks":49,"capabilityChecks":339,"bundledLibraries":340},[163,167,170,172,175,178],{"fn":164,"file":104,"line":165,"context":166},"unserialize",593,"$gglshrtlnk_post_ids = array_filter( unserialize( $gglshrtlnk_row_to_action['post_ids'] ) );",{"fn":164,"file":104,"line":168,"context":169},629,"$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row_to_action['post_ids'] );",{"fn":164,"file":104,"line":171,"context":169},652,{"fn":164,"file":104,"line":173,"context":174},819,"if ( 'added_by_direct' != $gglshrtlnk_row['post_ids'] && @unserialize( $gglshrtlnk_row['post_ids'] )",{"fn":164,"file":104,"line":176,"context":177},820,"$gglshrtlnk_post_ids        = unserialize( $gglshrtlnk_row['post_ids'] );",{"fn":164,"file":104,"line":179,"context":180},889,"$gglshrtlnk_post_ids = unserialize( $gglshrtlnk_row['post_ids'] );",{"prepared":182,"raw":183,"locations":184},26,27,[185,188,191,194,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241],{"file":64,"line":186,"context":187},1334,"$wpdb->get_col() with variable interpolation",{"file":104,"line":189,"context":190},189,"$wpdb->get_var() with variable interpolation",{"file":104,"line":192,"context":193},195,"$wpdb->query() with variable interpolation",{"file":104,"line":195,"context":196},297,"$wpdb->get_results() with variable interpolation",{"file":104,"line":198,"context":196},299,{"file":104,"line":200,"context":193},319,{"file":104,"line":202,"context":193},321,{"file":104,"line":204,"context":196},354,{"file":104,"line":206,"context":196},601,{"file":104,"line":208,"context":196},631,{"file":104,"line":210,"context":196},654,{"file":104,"line":212,"context":196},796,{"file":104,"line":214,"context":196},807,{"file":104,"line":216,"context":196},823,{"file":104,"line":218,"context":196},863,{"file":104,"line":220,"context":196},875,{"file":104,"line":222,"context":196},892,{"file":104,"line":224,"context":196},1036,{"file":104,"line":226,"context":190},1244,{"file":104,"line":228,"context":190},1246,{"file":104,"line":230,"context":190},1400,{"file":104,"line":232,"context":190},1402,{"file":104,"line":234,"context":187},1751,{"file":104,"line":236,"context":193},1755,{"file":104,"line":238,"context":193},1756,{"file":104,"line":240,"context":193},1761,{"file":104,"line":242,"context":193},1762,{"escaped":244,"rawEcho":245,"locations":246},438,45,[247,250,252,254,256,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,290,292,294,296,298,300,302,304,306,308,310,311,313,314,316,318,320,321,323,325,328,330,332,334,336],{"file":64,"line":248,"context":249},155,"raw output",{"file":64,"line":251,"context":249},174,{"file":64,"line":253,"context":249},176,{"file":64,"line":255,"context":249},201,{"file":257,"line":258,"context":249},"bws_menu\\bws_menu.php",542,{"file":257,"line":260,"context":249},617,{"file":257,"line":262,"context":249},621,{"file":257,"line":264,"context":249},624,{"file":257,"line":266,"context":249},707,{"file":143,"line":268,"context":249},548,{"file":143,"line":270,"context":249},574,{"file":143,"line":272,"context":249},606,{"file":143,"line":274,"context":249},614,{"file":143,"line":276,"context":249},899,{"file":143,"line":278,"context":249},908,{"file":143,"line":280,"context":249},1189,{"file":143,"line":282,"context":249},1191,{"file":143,"line":284,"context":249},1193,{"file":143,"line":286,"context":249},1196,{"file":288,"line":289,"context":249},"bws_menu\\deprecated.php",129,{"file":104,"line":291,"context":249},245,{"file":104,"line":293,"context":249},248,{"file":104,"line":295,"context":249},254,{"file":104,"line":297,"context":249},257,{"file":104,"line":299,"context":249},535,{"file":104,"line":301,"context":249},966,{"file":104,"line":303,"context":249},974,{"file":104,"line":305,"context":249},1031,{"file":104,"line":307,"context":249},1091,{"file":104,"line":309,"context":249},1116,{"file":104,"line":309,"context":249},{"file":104,"line":312,"context":249},1117,{"file":104,"line":312,"context":249},{"file":104,"line":315,"context":249},1126,{"file":104,"line":317,"context":249},1341,{"file":104,"line":319,"context":249},1349,{"file":104,"line":90,"context":249},{"file":104,"line":322,"context":249},1409,{"file":104,"line":324,"context":249},1412,{"file":326,"line":327,"context":249},"includes\\class-gglshrtlnk-settings.php",116,{"file":326,"line":329,"context":249},132,{"file":326,"line":331,"context":249},147,{"file":326,"line":333,"context":249},153,{"file":326,"line":335,"context":249},159,{"file":326,"line":337,"context":249},173,2,3,[341],{"name":342,"version":37,"knownCves":343},"Guzzle",[],[345,375,398,412,422,430,440,448,461,487,498],{"entryPoint":346,"graph":347,"unsanitizedCount":338,"severity":40},"gglshrtlnk_ajax_total_clicks_callback (google-shortlink.php:229)",{"nodes":348,"edges":371},[349,354,359,362,366],{"id":350,"type":351,"label":352,"file":104,"line":353},"n0","source","$_POST (x2)",243,{"id":355,"type":356,"label":357,"file":104,"line":293,"wp_function":358},"n1","sink","echo() [XSS]","echo",{"id":360,"type":351,"label":361,"file":104,"line":353},"n2","$_POST['gglshrtlnk_short_to_count'] (x2)",{"id":363,"type":364,"label":365,"file":104,"line":353},"n3","transform","→ gglshrtlnk_count()",{"id":367,"type":356,"label":368,"file":104,"line":369,"wp_function":370},"n4","wp_remote_get() [SSRF]",1600,"wp_remote_get",[372,373,374],{"from":350,"to":355,"sanitized":142},{"from":360,"to":363,"sanitized":141},{"from":363,"to":367,"sanitized":141},{"entryPoint":376,"graph":377,"unsanitizedCount":28,"severity":397},"bws_add_menu_render (bws_menu\\bws_menu.php:12)",{"nodes":378,"edges":393},[379,381,383,385,387,390],{"id":350,"type":351,"label":380,"file":257,"line":99},"$_GET (x14)",{"id":355,"type":356,"label":357,"file":257,"line":382,"wp_function":358},342,{"id":360,"type":351,"label":352,"file":257,"line":384},93,{"id":363,"type":356,"label":357,"file":257,"line":386,"wp_function":358},384,{"id":367,"type":351,"label":388,"file":257,"line":389},"$_REQUEST (x2)",268,{"id":391,"type":356,"label":357,"file":257,"line":392,"wp_function":358},"n5",425,[394,395,396],{"from":350,"to":355,"sanitized":142},{"from":360,"to":363,"sanitized":142},{"from":367,"to":391,"sanitized":142},"low",{"entryPoint":399,"graph":400,"unsanitizedCount":28,"severity":397},"\u003Cbws_menu> (bws_menu\\bws_menu.php:0)",{"nodes":401,"edges":408},[402,403,404,405,406,407],{"id":350,"type":351,"label":380,"file":257,"line":99},{"id":355,"type":356,"label":357,"file":257,"line":382,"wp_function":358},{"id":360,"type":351,"label":352,"file":257,"line":384},{"id":363,"type":356,"label":357,"file":257,"line":386,"wp_function":358},{"id":367,"type":351,"label":388,"file":257,"line":389},{"id":391,"type":356,"label":357,"file":257,"line":392,"wp_function":358},[409,410,411],{"from":350,"to":355,"sanitized":142},{"from":360,"to":363,"sanitized":142},{"from":367,"to":391,"sanitized":142},{"entryPoint":413,"graph":414,"unsanitizedCount":28,"severity":397},"display_tabs (bws_menu\\class-bws-settings.php:285)",{"nodes":415,"edges":420},[416,419],{"id":350,"type":351,"label":417,"file":143,"line":418},"$_REQUEST['bws_active_tab']",295,{"id":355,"type":356,"label":357,"file":143,"line":418,"wp_function":358},[421],{"from":350,"to":355,"sanitized":142},{"entryPoint":423,"graph":424,"unsanitizedCount":28,"severity":397},"\u003Cclass-bws-settings> (bws_menu\\class-bws-settings.php:0)",{"nodes":425,"edges":428},[426,427],{"id":350,"type":351,"label":417,"file":143,"line":418},{"id":355,"type":356,"label":357,"file":143,"line":418,"wp_function":358},[429],{"from":350,"to":355,"sanitized":142},{"entryPoint":431,"graph":432,"unsanitizedCount":28,"severity":397},"bws_go_pro_tab_show (bws_menu\\deprecated.php:225)",{"nodes":433,"edges":438},[434,436],{"id":350,"type":351,"label":352,"file":288,"line":435},227,{"id":355,"type":356,"label":357,"file":288,"line":437,"wp_function":358},267,[439],{"from":350,"to":355,"sanitized":142},{"entryPoint":441,"graph":442,"unsanitizedCount":28,"severity":397},"\u003Cdeprecated> (bws_menu\\deprecated.php:0)",{"nodes":443,"edges":446},[444,445],{"id":350,"type":351,"label":352,"file":288,"line":435},{"id":355,"type":356,"label":357,"file":288,"line":437,"wp_function":358},[447],{"from":350,"to":355,"sanitized":142},{"entryPoint":449,"graph":450,"unsanitizedCount":160,"severity":460},"gglshrtlnk_table_data (google-shortlink.php:778)",{"nodes":451,"edges":458},[452,455],{"id":350,"type":351,"label":453,"file":104,"line":454},"$_POST (x4)",793,{"id":355,"type":356,"label":456,"file":104,"line":212,"wp_function":457},"get_results() [SQLi]","get_results",[459],{"from":350,"to":355,"sanitized":141},"high",{"entryPoint":462,"graph":463,"unsanitizedCount":27,"severity":460},"gglshrtlnk_create_link (google-shortlink.php:931)",{"nodes":464,"edges":482},[465,467,468,471,472,475,477],{"id":350,"type":351,"label":466,"file":104,"line":305},"$_POST[$gglshrtlnk_input]",{"id":355,"type":356,"label":357,"file":104,"line":305,"wp_function":358},{"id":360,"type":351,"label":469,"file":104,"line":470},"$_POST",988,{"id":363,"type":356,"label":357,"file":104,"line":315,"wp_function":358},{"id":367,"type":351,"label":473,"file":104,"line":474},"$_GET['link']",943,{"id":391,"type":364,"label":476,"file":104,"line":474},"→ gglshrtlnk_actions()",{"id":478,"type":356,"label":479,"file":104,"line":480,"wp_function":481},"n6","get_row() [SQLi]",561,"get_row",[483,484,485,486],{"from":350,"to":355,"sanitized":142},{"from":360,"to":363,"sanitized":142},{"from":367,"to":391,"sanitized":141},{"from":391,"to":478,"sanitized":141},{"entryPoint":488,"graph":489,"unsanitizedCount":27,"severity":460},"gglshrtlnk_page (google-shortlink.php:1282)",{"nodes":490,"edges":495},[491,493,494],{"id":350,"type":351,"label":473,"file":104,"line":492},1294,{"id":355,"type":364,"label":476,"file":104,"line":492},{"id":360,"type":356,"label":479,"file":104,"line":480,"wp_function":481},[496,497],{"from":350,"to":355,"sanitized":141},{"from":355,"to":360,"sanitized":141},{"entryPoint":499,"graph":500,"unsanitizedCount":160,"severity":460},"\u003Cgoogle-shortlink> (google-shortlink.php:0)",{"nodes":501,"edges":521},[502,504,505,506,507,508,509,510,512,514,517,519],{"id":350,"type":351,"label":503,"file":104,"line":353},"$_POST (x3)",{"id":355,"type":356,"label":357,"file":104,"line":293,"wp_function":358},{"id":360,"type":351,"label":453,"file":104,"line":454},{"id":363,"type":356,"label":456,"file":104,"line":212,"wp_function":457},{"id":367,"type":351,"label":466,"file":104,"line":305},{"id":391,"type":356,"label":357,"file":104,"line":305,"wp_function":358},{"id":478,"type":351,"label":361,"file":104,"line":353},{"id":511,"type":364,"label":365,"file":104,"line":353},"n7",{"id":513,"type":356,"label":368,"file":104,"line":369,"wp_function":370},"n8",{"id":515,"type":351,"label":516,"file":104,"line":474},"n9","$_GET['link'] (x2)",{"id":518,"type":364,"label":476,"file":104,"line":474},"n10",{"id":520,"type":356,"label":479,"file":104,"line":480,"wp_function":481},"n11",[522,523,524,525,526,527,528],{"from":350,"to":355,"sanitized":142},{"from":360,"to":363,"sanitized":142},{"from":367,"to":391,"sanitized":142},{"from":478,"to":511,"sanitized":141},{"from":511,"to":513,"sanitized":141},{"from":515,"to":518,"sanitized":141},{"from":518,"to":520,"sanitized":141},{"summary":530,"deductions":531},"The 'google-shortlink' plugin v1.6.2 exhibits a mixed security posture.  While it demonstrates good practices with a significant majority of SQL queries using prepared statements and a high percentage of properly escaped output, several concerning signals are present.  The static analysis reveals the use of the dangerous `unserialize` function, which can be a significant security risk if not handled with extreme care and strict input validation.  Furthermore, the taint analysis indicates four high-severity flows with unsanitized paths, suggesting potential vulnerabilities that could be exploited if malicious input reaches these points.  The plugin's vulnerability history, while showing no currently unpatched CVEs, has a past medium-severity Cross-Site Scripting (XSS) vulnerability. This historical pattern, combined with the high-severity taint flows, suggests a latent risk that requires attention, even if recent activity has been clean.",[532,535,537],{"reason":533,"points":534},"High severity unsanitized taint flows",15,{"reason":536,"points":63},"Use of dangerous unserialize function",{"reason":538,"points":539},"Past medium severity XSS vulnerability",5,"2026-03-16T21:24:07.385Z",{"wat":542,"direct":553},{"assetPaths":543,"generatorPatterns":547,"scriptPaths":548,"versionParams":549},[544,545,546],"\u002Fwp-content\u002Fplugins\u002Fgoogle-shortlink\u002Fcss\u002Fadmin_page.css","\u002Fwp-content\u002Fplugins\u002Fgoogle-shortlink\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fgoogle-shortlink\u002Fjs\u002Fscript.js",[],[546],[550,551,552],"google-shortlink\u002Fcss\u002Fadmin_page.css?ver=","google-shortlink\u002Fcss\u002Fstyle.css?ver=","google-shortlink\u002Fjs\u002Fscript.js?ver=",{"cssClasses":554,"htmlComments":555,"htmlAttributes":560,"restEndpoints":561,"jsGlobals":562,"shortcodeOutput":564},[],[556,557,558,559],"© Copyright 2021  BestWebSoft  ( https:\u002F\u002Fsupport.bestwebsoft.com )"," This program is free software; you can redistribute it and\u002For modify\n\tit under the terms of the GNU General Public License, version 3, as\n\tpublished by the Free Software Foundation."," This program is distributed in the hope that it will be useful,\n\tbut WITHOUT ANY WARRANTY; without even the implied warranty of\n\tMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n\tGNU General Public License for more details."," You should have received a copy of the GNU General Public License\n\talong with this program; if not, write to the Free Software\n\tFoundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA",[],[],[563],"gglshrtlnk_vars",[]]