[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDgAvmEWv17Dn1Ko--LhEANz9wx8b-nTyWGnkmhOFIGs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":144,"fingerprints":224},"rebrandly-domain-redirect","Rebrandly Redirect","1.0.0","Rebrandly","https:\u002F\u002Fprofiles.wordpress.org\u002Frebrandly\u002F","\u003Cp>By installing this plugin and configuring it to connect with your Rebrandly account,\u003Cbr \u002F>\nyou will be able to create branded links using the same domain as of your WordPress website\u002Fapp.\u003C\u002Fp>\n\u003Cp>Unlock the opportunity for your team to freely create branded links via Rebrandly,\u003Cbr \u002F>\nwhile still safely serving your own content from your WordPress application.\u003C\u002Fp>\n\u003Cp>Here are a few steps necessary to use this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin in your WordPress\u003C\u002Fli>\n\u003Cli>Connect the domain to Rebrandly as Alias Domain, and take note of the autogenerated value for the alias\u003C\u002Fli>\n\u003Cli>Set the alias name in the Admin menu (Settings > Rebrandly) and Save your settings\u003C\u002Fli>\n\u003C\u002Fol>\n","Connect your WordPress application with Rebrandly and create branded links re-using the same domain name",100,2911,0,"2022-10-06T11:39:00.000Z","5.9.13","3.0.1","7.0",[19,20,21,22,23],"aliasing","branded","domain","rebrandly","redirect","https:\u002F\u002Fgithub.com\u002Frebrandly\u002Fwordpress-plugin-rebrandly-redirect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frebrandly-domain-redirect.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":22,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-05T02:09:41.086Z",[36,58,80,104,124],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":26,"vuln_count":31,"unpatched_count":13,"last_vuln_date":57,"fetched_at":28},"multiple-domain","Multiple Domain","1.0.7","Javik","https:\u002F\u002Fprofiles.wordpress.org\u002Fsirjavik\u002F","\u003Cp>Important: This plugin has a new maintainer. So the plugin will now be active developed again, and it’s now part of \u003Ca href=\"https:\u002F\u002Fgoinput.de\" rel=\"nofollow ugc\">goINPUT\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Multiple Domain allows you having more than one domain in a single WordPress installation. This plugin doesn’t support\u003Cbr \u002F>\nmore than one theme or advanced customizations for each domain. It’s only intended to enable constant navigation under\u003Cbr \u002F>\nmany domains. For a more complex setup, there is\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FCreate_A_Network\" rel=\"nofollow ugc\">WordPress Multisite (MU)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>When there is more than one domain set in your host, all links and resources will point to the default domain. This is\u003Cbr \u002F>\nthe default WordPress behavior. With Multiple Domain installed and properly configured, it’ll update all link on the\u003Cbr \u002F>\nfly. This way, the user navigation will be end-to-end under the same domain.\u003C\u002Fp>\n\u003Cp>You can also set an optional base URL. If you want only a set of URL’s available under a given domain, you can use this\u003Cbr \u002F>\nrestriction.\u003C\u002Fp>\n\u003Cp>Additionally, a language can be set for each domain. The language will be used to add \u003Ccode>\u003Clink>\u003C\u002Fcode> tags with \u003Ccode>hreflang\u003C\u002Fcode>\u003Cbr \u002F>\nattribute to document head. This is for SEO purposes.\u003C\u002Fp>\n","This plugin allows you to have multiple domains in a single Wordpress installation and enables custom redirects for each domain.",10000,143727,96,28,"2021-04-11T19:07:00.000Z","5.7.15","4.0","",[53,54,23],"domains","multiple","https:\u002F\u002Fgithub.com\u002Fstraube\u002Fmultiple-domain","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-domain.1.0.7.zip","2020-01-25 00:00:00",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":51,"tags":73,"homepage":78,"download_link":79,"security_score":11,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"multiple-domain-mapping-on-single-site","Multiple Domain Mapping on Single Site","1.1.1","matthias.wagner","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatthiaswagner\u002F","\u003Ch4>What does this plugin do?\u003C\u002Fh4>\n\u003Cp>This lightweight plugin maps domains to specific URIs in your blog or website. It allows you to add as many mappings, e.g. for landingpages, as you want.\u003Cbr \u002F>\nJust let the domains point to your WordPress installation (see the installation tab for details) and decide which URI the plugin should map them to.\u003C\u002Fp>\n\u003Ch4>What is this plugin for?\u003C\u002Fh4>\n\u003Cp>The main purpose of the plugin is to have specific domains show the content of specific pages from a bigger website. This is especially needed for marketing and SEO purposes (landingpages). Think of a site-structure like\u003C\u002Fp>\n\u003Cul>\n\u003Cli>www.mainsite.com\u003C\u002Fli>\n\u003Cli>www.mainsite.com\u002FproductA\u003C\u002Fli>\n\u003Cli>www.mainsite.com\u002FproductB\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With the plugin you can use an additional domain like www.productA.com to point to your site’s www.mainsite.com\u002FproductA.\u003Cbr \u002F>\nIt is \u003Cstrong>not a redirection\u003C\u002Fstrong>, instead the additional domain will display the content from the specified page (the additional domain will be visible in the browsers address bar).\u003C\u002Fp>\n\u003Ch4>What is this plugin not for?\u003C\u002Fh4>\n\u003Cp>It is not our goal to mirror complete websites to additional domains. You can try to do this, but keep the aspects of duplicate content in mind. In the help section of the installed plugin we provide links to other plugins who may be better at this task.\u003C\u002Fp>\n\u003Ch4>Which Pages, Post Types, … does the plugin support?\u003C\u002Fh4>\n\u003Cp>The plugin lets you define URIs to map to, so it works for pages, posts, custom post types, archives and so on. The plugin also changes hyperlink destination of the links inside your website. For example: navigation, pagination, archive links and so on. (Note: This only works if your theme and other link-generating plugins use standard WordPress functions like get_permalink).\u003C\u002Fp>\n\u003Cp>So you will not have to select posts to map to your domains, but instead enter URIs. See the screenshots for examples.\u003C\u002Fp>\n\u003Ch4>Is it hard to set up?\u003C\u002Fh4>\n\u003Cp>The plugin requires additional steps in setting up your domains and hosting environment (see the installation-tab for details). If you are not familiar with these settings, it can happen that you have troubles with reaching your website. Therefore you should only set up the plugin in a testing environment if you are not sure if you can deal with these external settings.\u003C\u002Fp>\n\u003Cp>We give our best to support you, but if you have troubles with correct DNS records and hosting environment settings, you should talk to your hosting provider or your web developer first.\u003C\u002Fp>\n\u003Ch4>Troubles?\u003C\u002Fh4>\n\u003Cp>Please see installation-tab, FAQ and the already answered support threads for more information or if you have troubles setting up the plugin.\u003C\u002Fp>\n\u003Ch4>PREMIUM\u003C\u002Fh4>\n\u003Cp>We have partnered with the plugin “Domain Mapping System” to be able to provide plugins for different use cases. Since they offer a paid version, they will also be able to provide you professional support. You want to benefit from special deals and coupons for the other plugin? \u003Ca href=\"https:\u002F\u002Fwww.falkemedia.at\u002Fmultiple-domain-mapping-on-single-site-premium\u002F\" rel=\"nofollow ugc\">Find more information here.\u003C\u002Fa>\u003C\u002Fp>\n","Show content of specific posts, pages, ... within their own, additional domains. Useful for SEO: different domains for landingpages.",6000,113499,92,47,"2025-04-16T12:50:00.000Z","6.8.5","4.5",[74,75,76,77,23],"domainmapping","landingpage","mapping","multidomain","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultiple-domain-mapping-on-single-site\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultiple-domain-mapping-on-single-site.1.1.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":11,"num_ratings":90,"last_updated":91,"tested_up_to":71,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":31,"last_vuln_date":103,"fetched_at":28},"content-mask","Content Mask","1.8.5.3","Alex","https:\u002F\u002Fprofiles.wordpress.org\u002Falexdemchak\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fxhynk.com\u002Fcontent-mask\u002F\" rel=\"nofollow ugc\">Read More & View Demos Here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Embed Any Content†‡ Into Your WordPress Website\u003C\u002Fh4>\n\u003Cp>Content Mask allows you to embed any external content onto your own WordPress Pages, Posts, and Custom Post Types. The end result is fairly similar to setting up a \u003Ca href=\"http:\u002F\u002Fwww.networksolutions.com\u002Fsupport\u002Fwhat-is-web-forwarding-and-masking\u002F\" rel=\"nofollow ugc\">Domain Mask\u003C\u002Fa>, but the content is embedded into the front end of your website and is fully contained inside your WordPress permalink ecosystem.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cem>Example\u003C\u002Fem>: If you built a landing page on \u003Ccode>landing-page-builder.com\u002Fyour-landing-page\u002F\u003C\u002Fcode>, you can simply create a new Page on your website at \u003Ccode>your-site.com\u002Flanding-page\u002F\u003C\u002Fcode> and paste in the URL of your landing page. The Content Mask plugin will then download and cache of copy of your landing page directly on your website, so any visitors that come to \u003Ccode>your-site.com\u002Flanding-page\u002F\u003C\u002Fcode> will see the landing page you built. This allows you to keep all of your links integrated into your WordPress Website.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>† Do not use Content Mask to embed any content that you do not own or do not otherwise have license to share, embed, frame, or distribute.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Simple 2-Step UI\u003C\u002Fh4>\n\u003Cp>With a simple 2-Step UI, you can embed any external content into your website without any complicated URL Forwarding, DNS Records, or \u003Ccode>.htaccess\u003C\u002Fcode> rules to mess with.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Just enable the Content Mask on any Page, Post, or Custom Post type by clicking on the check mark.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Then put in the URL that contains the content you want to embed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>It’s that simple!\u003C\u002Fp>\n\u003Ch4>Powerful Embedding and Redirect Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Using the Download method (default) will fetch the content from the Content Mask URL, cache it on your website, and replace the current page request with that content. By default, this cache lasts 4 hours – but it can be changed anywhere from “Never Cache” all the way up to “Cache for 4 Weeks”. Caching prevents the need for additional requests that slow down your site.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Using the Iframe method will replace the current page request with a full width\u002Fheight, frameless iframe containing the host URL. This method is ideal if the URL you want to embed won’t serve scripts, styles, or images to other URLs or IP Addresses. If you use the Download Method, and links or images look broken, you can try the Iframe method instead.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Using the Redirect (301) method will simply redirect the visitor to the host URL.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Simple Integrated Vistor Tracking\u003C\u002Fh4>\n\u003Cp>In the Content Mask admin panel, you can enable tracking for Content Masked pages. This will allow you to see how many visitors are viewing these links. This is ideal for when you need to track acquisition, such as on a Landing Page.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>[Views] shows how many times that Content Mask page has been viewed by anybody (even logged in users)\u003C\u002Fli>\n\u003Cli>[Non-User] shows how many times it’s been viewed by visitors that are \u003Cem>not\u003C\u002Fem> logged in to the website.\u003C\u002Fli>\n\u003Cli>[Unique] shows how many times it’s been viewed by unique IP addresses. Note: IP addresses are one-way hashed and are not identifiable in any way.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Creating a Content Masked Page\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_H7IWFwmVfo?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Using the Content Mask Admin Panel\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5hEBMKSLHxI?version=3&rel=0&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Notes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Do \u003Cem>NOT\u003C\u002Fem> use Content Mask on any content you aren’t explicitly authorized to share or use. Please confirm you’re allowed to utilize and embed the content before embedding any particular URL.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Content embedded using the Download method is cached using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTransients_API\" rel=\"nofollow ugc\">WordPress Transients API\u003C\u002Fa> for 4 hours by default. If the content on the external URL is updated and you would like a fresh copy, you may just click the “Update” button on the Page, Post, or Custom Post Type to refresh the transient, or click the “Refresh” link in the Content Mask Admin panel. You may also change the cache expiration timer per page anywhere from “Never” to “4 weeks”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You may use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftransients-manager\u002F\" rel=\"ugc\">Transients Manager\u003C\u002Fa> plugin to manage transients stored with the Download method. All Content Mask related transients contain the prefix “content_mask-” plus a stripped version of the Content Mask URL, such as “content_mask-httpxhynkcom”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>‡ Your site may be prevented from processing page requests for \u003Cem>any\u003C\u002Fem> reason; Reasons include, but are not limited to: masking unauthorized content, at the request of the masked URL site owner, masking hateful content, masking illegal content, circumventing IP bans, etc. A dual one-way encrypted hash of your masking URL may be used to check for infraction. No identifying information will be used for this check, and no information is saved other than as a transient to prevent unnecessary duplicate checks per site\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fxhynk.com\u002Fcontent-mask\u002F\" rel=\"nofollow ugc\">Read More About Content Mask\u003C\u002Fa>\u003C\u002Fp>\n","Embed any external content on a Page, Post, or Custom Post Type without the need to use complicated domain forwarding or domain masks.",1000,45427,9,"2025-10-16T16:15:00.000Z","4.7","5.4",[95,96,97,98,23],"domain-mask","embed","link","mask","http:\u002F\u002Fxhynk.com\u002Fcontent-mask\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-mask.1.8.5.3.zip",73,3,"2025-09-22 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":114,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":51,"tags":119,"homepage":122,"download_link":123,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"geographical-redirect","Geo Redirect","3.3.1","Artem Platonov","https:\u002F\u002Fprofiles.wordpress.org\u002Fladrower\u002F","\u003Cp>Just add the country from selectbox and fill in preferable options.\u003Cbr \u002F>\nYou can specify URL parameters for switching language or domain.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Explanation\u003C\u002Fem>\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>You have a multilingual blog and want your visitors to be directed to the correct language according to their geographical location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You have specific domains or subdomains for different versions of your site and want your visitors to be directed to the right domain accoring to their geographical location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to redirect your visitors or switch language according to their country.",400,34398,90,13,"2016-11-07T16:25:00.000Z","3.5.2","3.0",[120,77,121],"geo-redirect","multilanguage","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fgeographical-redirect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeographical-redirect.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":118,"requires_php":51,"tags":138,"homepage":142,"download_link":143,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"force-domain-redirect","Force Domain Redirect","0.3","Nimbus Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fnimusdigital\u002F","\u003Cp>Redirects http:\u002F\u002Fsomedomain.tld to http:\u002F\u002Fsomeotherdomain.tld\u003C\u002Fp>\n\u003Cp>Assuming you have 2 or more domains in use for a single WordPress site. This plugin forces the use of only one no matter which is entered in the address bar.\u003C\u002Fp>\n\u003Cp>If, for some reason, your host won’t automatically redirect from one domain to another, then this plugin will do it. It checks the URL used to access the site and does a 301 redirect if incorrect.\u003C\u002Fp>\n\u003Cp>In theory htaccess should do this, but in my case it didn’t. Perhaps because I am using domain aliases (or CNAMEs) and I wanted to insure that the main one was always in use, even when accessed using old links.\u003C\u002Fp>\n","Forces your Wordpress site to load on the domain registered in the WP admin.",200,6604,80,4,"2022-01-20T12:20:00.000Z","5.8.13",[139,21,23,140,141],"301","uri","url","http:\u002F\u002Fnimbus.agency","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-domain-redirect.zip",{"attackSurface":145,"codeSignals":176,"taintFlows":183,"riskAssessment":212,"analyzedAt":223},{"hooks":146,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":13,"unprotectedCount":13},[147,153,156,158,161,164,167,169],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","plugins_loaded","anonymous","includes\\class-rebrandly-domain-redirect.php",142,{"type":148,"name":154,"callback":150,"file":151,"line":155},"admin_enqueue_scripts",157,{"type":148,"name":154,"callback":150,"file":151,"line":157},158,{"type":148,"name":159,"callback":150,"file":151,"line":160},"admin_menu",159,{"type":148,"name":162,"callback":150,"file":151,"line":163},"admin_init",160,{"type":148,"name":165,"callback":150,"file":151,"line":166},"wp_enqueue_scripts",174,{"type":148,"name":165,"callback":150,"file":151,"line":168},175,{"type":148,"name":170,"callback":150,"file":151,"line":171},"template_redirect",176,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":182},[],{"prepared":13,"raw":13,"locations":179},[],{"escaped":31,"rawEcho":13,"locations":181},[],[],[184,204],{"entryPoint":185,"graph":186,"unsanitizedCount":31,"severity":203},"rebrandly_aliasing_fallback (public\\class-rebrandly-domain-redirect-public.php:103)",{"nodes":187,"edges":200},[188,194],{"id":189,"type":190,"label":191,"file":192,"line":193},"n0","source","$_SERVER","public\\class-rebrandly-domain-redirect-public.php",120,{"id":195,"type":196,"label":197,"file":192,"line":198,"wp_function":199},"n1","sink","wp_redirect() [Open Redirect]",123,"wp_redirect",[201],{"from":189,"to":195,"sanitized":202},false,"medium",{"entryPoint":205,"graph":206,"unsanitizedCount":31,"severity":203},"\u003Cclass-rebrandly-domain-redirect-public> (public\\class-rebrandly-domain-redirect-public.php:0)",{"nodes":207,"edges":210},[208,209],{"id":189,"type":190,"label":191,"file":192,"line":193},{"id":195,"type":196,"label":197,"file":192,"line":198,"wp_function":199},[211],{"from":189,"to":195,"sanitized":202},{"summary":213,"deductions":214},"The rebrandly-domain-redirect plugin v1.0.0 exhibits a generally good security posture based on the static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events with any form of attack surface significantly reduces the potential for external exploitation.  Furthermore, the code demonstrates strong development practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a commitment to preventing common web vulnerabilities like SQL injection and cross-site scripting.  The lack of file operations and external HTTP requests also minimizes risks associated with filesystem manipulation and compromised external dependencies.\n\nHowever, a notable concern arises from the taint analysis, which reveals two flows with unsanitized paths. While these flows are not categorized as critical or high severity, unsanitized paths can still lead to unintended behavior or expose sensitive information if not handled with extreme care. The plugin's vulnerability history is completely clean, with no recorded CVEs, which is a positive sign. This, combined with the strong adherence to secure coding practices in the static analysis, suggests a well-developed plugin. Nevertheless, the presence of unsanitized paths warrants attention, and while the absence of an attack surface is a strength, the lack of capability checks and nonce checks on any potential (though absent) entry points could become a concern if the plugin were to evolve and introduce such features without proper security controls.  Overall, the plugin is securely built with very limited exposure, but the identified taint flows should be reviewed.",[215,218,221],{"reason":216,"points":217},"Flows with unsanitized paths",8,{"reason":219,"points":220},"No capability checks on entry points",5,{"reason":222,"points":220},"No nonce checks on entry points","2026-03-16T20:49:49.856Z",{"wat":225,"direct":235},{"assetPaths":226,"generatorPatterns":229,"scriptPaths":230,"versionParams":232},[227,228],"\u002Fwp-content\u002Fplugins\u002Frebrandly-domain-redirect\u002Fcss\u002Frebrandly-domain-redirect-admin.css","\u002Fwp-content\u002Fplugins\u002Frebrandly-domain-redirect\u002Fjs\u002Frebrandly-domain-redirect-admin.js",[],[231],"plugin_dir_url( __FILE__ ) . 'js\u002Frebrandly-domain-redirect-admin.js'",[233,234],"rebrandly-domain-redirect-admin.css?ver=","rebrandly-domain-redirect-admin.js?ver=",{"cssClasses":236,"htmlComments":237,"htmlAttributes":238,"restEndpoints":239,"jsGlobals":240,"shortcodeOutput":241},[],[],[],[],[],[]]