WP-Safety

rng-shrotlink Security & Risk Analysis

wordpress.org/plugins/rng-shortlink

rng-shortlink creates a short link for posts and any post types you want and shows reports from clicking count in the admin panel.

10 active installs v1.0 PHP + WP 4.0+ Updated Unknown
rngshort-linksmall-linkurlurl-shortener
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is rng-shrotlink Safe to Use in 2026?

Generally Safe

Score 100/100

rng-shrotlink has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The rng-shortlink v1.0 plugin presents a concerning security posture primarily due to its unprotected entry points and insecure handling of data. The static analysis reveals a significant attack surface with 3 out of 4 entry points lacking authentication checks, exposing them to unauthorized access and potential exploitation. Furthermore, the presence of the dangerous `unserialize` function combined with two identified taint flows with unsanitized paths, classified as high severity, indicates a strong possibility of remote code execution or privilege escalation vulnerabilities. The lack of nonce checks on AJAX handlers further exacerbates this risk.

While the plugin boasts a clean vulnerability history with no known CVEs, this does not negate the immediate risks identified in the code. The absence of historical vulnerabilities might be due to the plugin's obscurity or a lack of thorough auditing rather than inherent security. The poor output escaping (only 10% properly escaped) also poses a risk of cross-site scripting (XSS) vulnerabilities. In conclusion, despite a clean CVE record, the plugin has critical security weaknesses that require immediate attention, particularly concerning its unprotected AJAX handlers and data sanitization.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Dangerous function: unserialize
  • SQL queries without prepared statements
  • Low output escaping percentage
  • Missing nonce checks
Vulnerabilities
None known

rng-shrotlink Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

rng-shrotlink Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
0 prepared
Unescaped Output
35
4 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserializereturn (!empty($clicked_posts)) ? unserialize($clicked_posts) : false;includes\class.controller.shortlink.php:95

SQL Query Safety

0% prepared1 total queries

Output Escaping

10% escaped39 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
get_cookie (includes\class.controller.shortlink.php:93)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

rng-shrotlink Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_click_view_paginateincludes\class.controller.clicked.php:50
authwp_ajax_click_view_nextincludes\class.controller.clicked.php:51
authwp_ajax_click_view_previncludes\class.controller.clicked.php:52

Shortcodes 1

[rngshl_shortlink] includes\class.controller.shortlink.php:14
WordPress Hooks 13
actionadmin_menuincludes\class.controller.clicked.php:48
actionadmin_enqueue_scriptsincludes\class.controller.clicked.php:49
actionadmin_initincludes\class.controller.settings.php:11
actionadmin_menuincludes\class.controller.settings.php:12
actionadmin_noticesincludes\class.controller.settings.php:13
actionadmin_initincludes\class.controller.settings.php:14
actionadd_meta_boxesincludes\class.controller.shortlink.php:8
actioninitincludes\class.controller.shortlink.php:10
actionadmin_noticesincludes\class.controller.shortlink.php:11
actionupdate_option_permalink_structureincludes\class.controller.shortlink.php:12
actiontemplate_redirectincludes\class.controller.shortlink.php:13
actionplugins_loadedincludes\class.init.php:27
actionadmin_enqueue_scriptsincludes\class.init.php:28
Maintenance & Trust

rng-shrotlink Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22
Last updatedUnknown
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

rng-shrotlink Alternatives

URL Shortify – Simple and Easy URL Shortener

URL Shortify – Simple and Easy URL Shortener

url-shortify

A
92

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs
Short Links for M8C — لینک کوتاه

Short Links for M8C — لینک کوتاه

short-links-for-m8c

A
100

Create short links from WordPress using the M8C link shortener service (m8c.ir). Not affiliated with M8C; for use with the M8C API.

0 No CVEs
URL Shortener by Shortez.

URL Shortener by Shortez.

shortez-url-shortener

A
85

What is Shortez?

0 No CVEs
URL Shortener by ShortUrlsEZ.

URL Shortener by ShortUrlsEZ.

shorturls

A
85

What is ShortUrlsEZ?

0 No CVEs
Link Shortner

Link Shortner

link-shortener

A
100

Link Shortner allows you to easily create clean, branded short permalink links for your posts custom URL.

900 No CVEs
Developer Profile

rng-shrotlink Developer Profile

Abolfazl Sabagh

2 plugins · 40 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect rng-shrotlink

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rng-shortlink/admin/assets/css/style.css/wp-content/plugins/rng-shortlink/admin/assets/js/script.js
Script Paths
/wp-content/plugins/rng-shortlink/admin/assets/js/script.js
Version Parameters
rng-shortlink/admin/assets/css/style.css?ver=rng-shortlink/admin/assets/js/script.js?ver=

HTML / DOM Fingerprints

Shortcode Output
rngshl_shortlink
FAQ

Frequently Asked Questions about rng-shrotlink