Does rng-shrotlink have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is rng-shrotlink compatible with WordPress 5.1.22?

According to WordPress.org data, rng-shrotlink 1.0 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is rng-shrotlink updated?

rng-shrotlink was last updated on May 8, 2019. Frequent updates are generally a positive security signal.

What is rng-shrotlink's security score?

rng-shrotlink has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

rng-shrotlink Security & Risk Analysis

wordpress.org/plugins/rng-shortlink

rng-shortlink creates a short link for posts and any post types you want and shows reports from clicking count in the admin panel.

10 active installs v1.0 PHP + WP 4.0+ Updated May 8, 2019

rngshort-linksmall-linkurlurl-shortener

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is rng-shrotlink Safe to Use in 2026?

Generally Safe

Score 85/100

rng-shrotlink has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The rng-shortlink v1.0 plugin presents a concerning security posture primarily due to its unprotected entry points and insecure handling of data. The static analysis reveals a significant attack surface with 3 out of 4 entry points lacking authentication checks, exposing them to unauthorized access and potential exploitation. Furthermore, the presence of the dangerous `unserialize` function combined with two identified taint flows with unsanitized paths, classified as high severity, indicates a strong possibility of remote code execution or privilege escalation vulnerabilities. The lack of nonce checks on AJAX handlers further exacerbates this risk.

While the plugin boasts a clean vulnerability history with no known CVEs, this does not negate the immediate risks identified in the code. The absence of historical vulnerabilities might be due to the plugin's obscurity or a lack of thorough auditing rather than inherent security. The poor output escaping (only 10% properly escaped) also poses a risk of cross-site scripting (XSS) vulnerabilities. In conclusion, despite a clean CVE record, the plugin has critical security weaknesses that require immediate attention, particularly concerning its unprotected AJAX handlers and data sanitization.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized taint flows
Dangerous function: unserialize
SQL queries without prepared statements
Low output escaping percentage
Missing nonce checks

Vulnerabilities

None known

rng-shrotlink Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

rng-shrotlink Release Timeline

v1.0Current

Code Analysis

Analyzed Mar 16, 2026

rng-shrotlink Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn (!empty($clicked_posts)) ? unserialize($clicked_posts) : false;includes\class.controller.shortlink.php:95

SQL Query Safety

0% prepared1 total queries

Output Escaping

10% escaped39 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

get_cookie (includes\class.controller.shortlink.php:93)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

rng-shrotlink Attack Surface

Entry Points4

Unprotected3

AJAX Handlers 3

authwp_ajax_click_view_paginateincludes\class.controller.clicked.php:50

authwp_ajax_click_view_nextincludes\class.controller.clicked.php:51

authwp_ajax_click_view_previncludes\class.controller.clicked.php:52

Shortcodes 1

[rngshl_shortlink] includes\class.controller.shortlink.php:14

WordPress Hooks 13

actionadmin_menuincludes\class.controller.clicked.php:48

actionadmin_enqueue_scriptsincludes\class.controller.clicked.php:49

actionadmin_initincludes\class.controller.settings.php:11

actionadmin_menuincludes\class.controller.settings.php:12

actionadmin_noticesincludes\class.controller.settings.php:13

actionadmin_initincludes\class.controller.settings.php:14

actionadd_meta_boxesincludes\class.controller.shortlink.php:8

actioninitincludes\class.controller.shortlink.php:10

actionadmin_noticesincludes\class.controller.shortlink.php:11

actionupdate_option_permalink_structureincludes\class.controller.shortlink.php:12

actiontemplate_redirectincludes\class.controller.shortlink.php:13

actionplugins_loadedincludes\class.init.php:27

actionadmin_enqueue_scriptsincludes\class.init.php:28

Maintenance & Trust

rng-shrotlink Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedMay 8, 2019

PHP min version

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

rng-shrotlink Alternatives

URL Shortify – Simple and Easy URL Shortener

url-shortify

URL Shortify helps you beautify, manage, share & cloak any links on or off your WordPress website. Create links using your domain name!

10K 9 CVEs

Linkit expiration links

linkit-expiration-links

100

Linkit is a smart link shortener and expiration plugin for WordPress. Create custom short URLs, track clicks, and control access with time- or click-b …

10 No CVEs

Hi.Fan URL Shortener

hifan

100

Automatically create short, branded URLs for your WordPress posts and pages with Hi.Fan URL Shortener.

0 No CVEs

Linkkit

linkkit

100

Automatically create and manage Linkkit short links when you publish WordPress posts and pages.

0 No CVEs

Short Links for M8C — لینک کوتاه

short-links-for-m8c

100

Create short links from WordPress using the M8C link shortener service (m8c.ir). Not affiliated with M8C; for use with the M8C API.

0 No CVEs

Developer Profile

rng-shrotlink Developer Profile

Abolfazl Sabagh

4 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect rng-shrotlink

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rng-shortlink/admin/assets/css/style.css/wp-content/plugins/rng-shortlink/admin/assets/js/script.js

Script Paths

/wp-content/plugins/rng-shortlink/admin/assets/js/script.js

Version Parameters

rng-shortlink/admin/assets/css/style.css?ver=rng-shortlink/admin/assets/js/script.js?ver=

HTML / DOM Fingerprints

Shortcode Output

rngshl_shortlink

FAQ

rng-shrotlink Security & Risk Analysis

Is rng-shrotlink Safe to Use in 2026?

Generally Safe

Key Concerns

rng-shrotlink Security Vulnerabilities

rng-shrotlink Release Timeline

rng-shrotlink Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

rng-shrotlink Attack Surface

AJAX Handlers 3

Shortcodes 1

rng-shrotlink Maintenance & Trust

Maintenance Signals

Community Trust

rng-shrotlink Alternatives

URL Shortify – Simple and Easy URL Shortener

Linkit expiration links

Hi.Fan URL Shortener

Linkkit

Short Links for M8C — لینک کوتاه

rng-shrotlink Developer Profile

How We Detect rng-shrotlink

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about rng-shrotlink