Does Tiny URL have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tiny URL compatible with WordPress 3.5.2?

According to WordPress.org data, Tiny URL 1.3.4 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Tiny URL updated?

Tiny URL was last updated on Mar 18, 2013. Frequent updates are generally a positive security signal.

What is Tiny URL's security score?

Tiny URL has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tiny URL Security & Risk Analysis

wordpress.org/plugins/tiny-url

Show a Tiny URL for all of your blog posts and optionally for pages

10 active installs v1.3.4 PHP + WP 3.0+ Updated Mar 18, 2013

short-linkshort-urlshorturltiny-urltinyurl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tiny URL Safe to Use in 2026?

Generally Safe

Score 85/100

Tiny URL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "tiny-url" plugin v1.3.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, critical taint flows, raw SQL queries, and a zero-volume attack surface from entry points like AJAX, REST API, and shortcodes are all positive indicators. The plugin also correctly utilizes prepared statements for any database interactions it might have, and avoids making external HTTP requests, further reducing potential attack vectors.

However, a significant concern arises from the complete lack of output escaping. With 6 total outputs analyzed and 0% properly escaped, this presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any data rendered by the plugin without proper escaping could be exploited by an attacker to inject malicious scripts. Furthermore, the absence of nonce and capability checks across all identified entry points is a critical oversight, leaving the plugin susceptible to unauthorized actions and privilege escalation if any of these entry points were to be discovered or become active in future versions. The presence of file operations without any explicit mention of sanitization also warrants caution.

Key Concerns

All plugin outputs are unescaped
No nonce checks on any entry points
No capability checks on any entry points
File operations without sanitization checks

Vulnerabilities

None known

Tiny URL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tiny URL Release Timeline

v1.3.4Current

v1.3.3

v1.3.2

v1.3.1

v1.3

v1.2.1

v1.2

v1.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Tiny URL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped6 total outputs

Attack Surface

Tiny URL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

filterthe_contenttiny-url.php:66

actionwp_footertiny-url.php:83

actionwp_enqueue_scriptstiny-url.php:92

actionwp_headtiny-url.php:105

actionadmin_inittiny-url.php:110

actionadmin_menutiny-url.php:111

filterplugin_action_linkstiny-url.php:112

filterplugin_row_metatiny-url.php:272

Maintenance & Trust

Tiny URL Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedMar 18, 2013

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Tiny URL Alternatives

WP Pocket URLs

wp-pocket-urls

WP Pocket URLs gives you the ability to automatically or manually shorten any external link from your website and keep track clicks on each link.

70 2 CVEs

Short URL FE

short-url-fe

Show a Short URL for all of your blog posts and optionally for pages

0 No CVEs

Add Shortlink to Posts

add-shortlink-to-posts

Adds a link to the shortlink for each post below the content.

30 No CVEs

DanP Bitly URLs

danp-bitly-urls

Generate Bitly short links for posts and pages every time you first publish. Already have posts? You can generate a link for all posts and pages too.

0 No CVEs

URL Shortener by Shortez.

shortez-url-shortener

What is Shortez?

0 No CVEs

Developer Profile

Tiny URL Developer Profile

Prasanna SP

7 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tiny URL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tiny-url/js/ZeroClipboard.js/wp-content/plugins/tiny-url/js/ZeroClipboardMain.js

Script Paths

/wp-content/plugins/tiny-url/js/ZeroClipboard.js/wp-content/plugins/tiny-url/js/ZeroClipboardMain.js

HTML / DOM Fingerprints

CSS Classes

tiny-url-button

Data Attributes

data-clipboard-text

JS Globals

ZeroClipboard

Shortcode Output

<p class="tiny-url" id="tiny-url"><strong><input type="text" id="tinyurl" onclick="TinyURLSelectAll('tinyurl');"<button type="button" id="tiny-url-button" class="tiny-url-button" data-clipboard-text="

FAQ

Tiny URL Security & Risk Analysis

Is Tiny URL Safe to Use in 2026?

Generally Safe

Key Concerns

Tiny URL Security Vulnerabilities

Tiny URL Release Timeline

Tiny URL Code Analysis

Output Escaping

Tiny URL Attack Surface

Tiny URL Maintenance & Trust

Maintenance Signals

Community Trust

Tiny URL Alternatives

WP Pocket URLs

Short URL FE

Add Shortlink to Posts

DanP Bitly URLs

URL Shortener by Shortez.

Tiny URL Developer Profile

How We Detect Tiny URL

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Tiny URL