Rewrite Flush Button Security & Risk Analysis

wordpress.org/plugins/rewrite-flush-button

Adds a "Flush Rewrite Rules" button to WP-Admin > Settings > Permalinks.

100 active installs v1.0 PHP + WP 3.1+ Updated Jun 10, 2013
adminflushpermalinkrewritetroubleshooting
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Rewrite Flush Button Safe to Use in 2026?

Generally Safe

Score 85/100

Rewrite Flush Button has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The "rewrite-flush-button" plugin version 1.0 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and 100% proper output escaping are excellent indicators of secure coding practices. Furthermore, the presence of a nonce check on its single AJAX handler, coupled with zero recorded CVEs, suggests a low immediate risk. However, the lack of capability checks on the AJAX handler is a notable concern. While the nonce check provides some protection, an attacker who can bypass the nonce or exploit a separate vulnerability to submit a request could potentially trigger the AJAX action without proper authorization. The plugin's clean vulnerability history is a positive sign, but it doesn't negate the need for robust authorization checks.

Key Concerns

  • AJAX handler without capability check
Vulnerabilities
None known

Rewrite Flush Button Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Rewrite Flush Button Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

Rewrite Flush Button Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
0 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0
Attack Surface

Rewrite Flush Button Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_flush_rewrite_rulesrewrite-flush-button.php:54
WordPress Hooks 2
actionadmin_initrewrite-flush-button.php:52
actionadmin_enqueue_scriptsrewrite-flush-button.php:53
Maintenance & Trust

Rewrite Flush Button Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJun 10, 2013
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Developer Profile

Rewrite Flush Button Developer Profile

Shaun Scovil

4 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rewrite Flush Button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rewrite-flush-button/js/rewrite-flush-button.js
Script Paths
/wp-content/plugins/rewrite-flush-button/js/rewrite-flush-button.js
Version Parameters
rewrite-flush-button/js/rewrite-flush-button.js?ver=

HTML / DOM Fingerprints

Data Attributes
id="rfb_060613"value="Flush Rewrite Rules"
JS Globals
RFB.action_idRFB.button_idRFB.desc_idRFB.nonceRFB.success_msgRFB.error_msg
FAQ

Frequently Asked Questions about Rewrite Flush Button