WP-Safety

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Security & Risk Analysis

wordpress.org/plugins/tinypress

Create custom links for your posts. These links are brandable, trackable, and can have custom view permissions.

100 active installs v1.3.0 PHP + WP 4.6+ Updated Mar 2, 2026
custom-urlslink-shortenerlink-trackingredirectsshortlinks
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Safe to Use in 2026?

Generally Safe

Score 100/100

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "tinypress" v1.3.0 plugin exhibits a generally good security posture with strong adherence to prepared statements for SQL queries and a high percentage of properly escaped output. The plugin also makes good use of nonce and capability checks for most of its entry points. The lack of known vulnerabilities in its history further contributes to a positive security impression.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This directly exposes a potential entry point for malicious actors. Additionally, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this specific analysis, represent a latent risk of path traversal or arbitrary file access vulnerabilities that could be exploited under certain conditions.

Overall, while the plugin demonstrates a commitment to secure coding practices, the identified unprotected AJAX handler and unsanitized path flows are areas that require immediate attention. The vulnerability history suggests a mature and likely well-maintained codebase, but these specific findings introduce exploitable surface. Addressing these points would significantly bolster the plugin's security.

Key Concerns

  • AJAX handler without auth checks
  • Flows with unsanitized paths (taint analysis)
Vulnerabilities
None known

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
17 prepared
Unescaped Output
225
590 escaped
Nonce Checks
17
Capability Checks
9
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

94% prepared18 total queries

Output Escaping

72% escaped815 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
manage_permanent_dismissible (includes\wp-dev-kit\classes\class-client.php:89)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Attack Surface

Entry Points9
Unprotected1

AJAX Handlers 9

authwp_ajax_tinypress_validate_post_typeincludes\classes\class-autolist-ajax.php:17
authwp_ajax_tinypress_save_autolist_configincludes\classes\class-autolist-ajax.php:18
authwp_ajax_tinypress_get_post_typesincludes\classes\class-autolist-ajax.php:19
authwp_ajax_tinypress_popup_create_urlincludes\classes\class-hooks.php:33
authwp_ajax_wpdk_settings-get-iconsincludes\wp-dev-kit\settings\functions\actions.php:53
authwp_ajax_wpdk_settings-exportincludes\wp-dev-kit\settings\functions\actions.php:91
authwp_ajax_wpdk_settings-importincludes\wp-dev-kit\settings\functions\actions.php:128
authwp_ajax_wpdk_settings-resetincludes\wp-dev-kit\settings\functions\actions.php:156
authwp_ajax_wpdk_settings-chosenincludes\wp-dev-kit\settings\functions\actions.php:196
WordPress Hooks 73
actionadmin_enqueue_scriptsincludes\classes\class-autolist-ajax.php:20
actiontransition_post_statusincludes\classes\class-autolist.php:25
actiontinypress_before_redirect_trackincludes\classes\class-autolist.php:26
actionupdated_post_metaincludes\classes\class-autolist.php:27
actionsave_post_tinypress_linkincludes\classes\class-autolist.php:28
actionupdated_post_metaincludes\classes\class-autolist.php:282
filtermanage_tinypress_link_posts_columnsincludes\classes\class-columns-link.php:16
actionmanage_tinypress_link_posts_custom_columnincludes\classes\class-columns-link.php:17
filterpost_row_actionsincludes\classes\class-columns-link.php:18
actioninitincludes\classes\class-hooks.php:26
actionadmin_menuincludes\classes\class-hooks.php:27
filterpost_updated_messagesincludes\classes\class-hooks.php:28
actionadmin_bar_menuincludes\classes\class-hooks.php:31
actionadmin_footerincludes\classes\class-hooks.php:32
actionadd_meta_boxesincludes\classes\class-meta-boxes.php:37
actionWPDK_Settings/meta_section/analyticsincludes\classes\class-meta-boxes.php:38
actiontemplate_redirectincludes\classes\class-redirection.php:24
actionpre_get_postsincludes\classes\class-redirection.php:25
actionadmin_initincludes\classes\class-reviews.php:52
actioninitincludes\classes\class-settings.php:21
filterpb_settings_tinypress_settings_saveincludes\classes\class-settings.php:22
actionpb_settings_options_beforeincludes\classes\class-settings.php:23
actionpb_settings_options_afterincludes\classes\class-settings.php:24
actionadmin_initincludes\wp-dev-kit\classes\class-client.php:60
actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\abstract.class.php:21
actionadmin_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:105
actionadmin_bar_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:106
actionnetwork_admin_menuincludes\wp-dev-kit\settings\classes\admin-options.class.php:110
filteradmin_footer_textincludes\wp-dev-kit\settings\classes\admin-options.class.php:487
actionadd_meta_boxes_commentincludes\wp-dev-kit\settings\classes\comment-options.class.php:40
actionedit_commentincludes\wp-dev-kit\settings\classes\comment-options.class.php:41
actioncustomize_registerincludes\wp-dev-kit\settings\classes\customize-options.class.php:43
actioncustomize_save_afterincludes\wp-dev-kit\settings\classes\customize-options.class.php:44
actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\customize-options.class.php:48
actionadd_meta_boxesincludes\wp-dev-kit\settings\classes\metabox-options.class.php:54
actionsave_postincludes\wp-dev-kit\settings\classes\metabox-options.class.php:55
actionedit_attachmentincludes\wp-dev-kit\settings\classes\metabox-options.class.php:56
actionwp_nav_menu_item_custom_fieldsincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:32
actionwp_update_nav_menu_itemincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:33
filterwp_edit_nav_menu_walkerincludes\wp-dev-kit\settings\classes\nav-menu-options.class.php:35
actionadmin_initincludes\wp-dev-kit\settings\classes\profile-options.class.php:32
actionshow_user_profileincludes\wp-dev-kit\settings\classes\profile-options.class.php:44
actionedit_user_profileincludes\wp-dev-kit\settings\classes\profile-options.class.php:45
actionpersonal_options_updateincludes\wp-dev-kit\settings\classes\profile-options.class.php:47
actionedit_user_profile_updateincludes\wp-dev-kit\settings\classes\profile-options.class.php:48
actioninitincludes\wp-dev-kit\settings\classes\setup.class.php:72
actionafter_setup_themeincludes\wp-dev-kit\settings\classes\setup.class.php:74
actioninitincludes\wp-dev-kit\settings\classes\setup.class.php:75
actionswitch_themeincludes\wp-dev-kit\settings\classes\setup.class.php:76
actionadmin_enqueue_scriptsincludes\wp-dev-kit\settings\classes\setup.class.php:77
actionwp_enqueue_scriptsincludes\wp-dev-kit\settings\classes\setup.class.php:78
actionwp_headincludes\wp-dev-kit\settings\classes\setup.class.php:79
filteradmin_body_classincludes\wp-dev-kit\settings\classes\setup.class.php:80
actionadmin_footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:49
actioncustomize_controls_print_footer_scriptsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:50
actionelementor/editor/before_enqueue_scriptsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:61
actionelementor/editor/footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:62
actionelementor/editor/footerincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:63
actionenqueue_block_editor_assetsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:311
actionmedia_buttonsincludes\wp-dev-kit\settings\classes\shortcode-options.class.php:315
actionadmin_initincludes\wp-dev-kit\settings\classes\taxonomy-options.class.php:43
actionadmin_footerincludes\wp-dev-kit\settings\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptsincludes\wp-dev-kit\settings\fields\icon\icon.php:42
actionadmin_print_footer_scriptsincludes\wp-dev-kit\settings\fields\link\link.php:65
actionprint_default_editor_scriptsincludes\wp-dev-kit\settings\fields\wp_editor\wp_editor.php:64
actioninittinypress.php:53
actioninittinypress.php:54
actioninittinypress.php:55
filteradmin_footer_texttinypress.php:56
filtertinypress_show_footertinypress.php:57
actioninittinypress.php:188
actioninittinypress.php:193
actionadmin_enqueue_scriptstinypress.php:232
Maintenance & Trust

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 2, 2026
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Alternatives

WP 301 Redirects by WPBranch

WP 301 Redirects by WPBranch

redirects-for-wp

A
85

WP 301 Redirects is easy to use, and provides an easy method for redirecting requests to another page on your site or elsewhere on the web.

0 No CVEs
Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

simple-301-redirects

A
97

Simple 301 Redirects provides an easy method of redirecting requests to another page on your site or elsewhere on the web.

100K 7 CVEs
ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

ThirstyAffiliates – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin

thirstyaffiliates

A
95

🔗 Affiliate link management & cloaker tool. Easily manage, shrink and track your affiliate links in WordPress. 🔥

30K 5 CVEs
BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

A
98

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs
Linker – URL shortener & track outbound link clicks

Linker – URL shortener & track outbound link clicks

linker

A
92

Track Outbound Link Clicks Easily: Shorten & track your site links by using your own domain name. e.g. "your-domain.com/go/link"

2K 1 CVE
Developer Profile

PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts Developer Profile

PublishPress

11 plugins · 272K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
321 days
View full developer profile
Detection Fingerprints

How We Detect PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tinypress/assets/admin/js/apexcharts.js/wp-content/plugins/tinypress/assets/admin/js/qrcode.min.js/wp-content/plugins/tinypress/assets/admin/js/scripts.js/wp-content/plugins/tinypress/assets/admin/css/style.css/wp-content/plugins/tinypress/assets/hint.min.css
Script Paths
/assets/admin/js/apexcharts.js/assets/admin/js/qrcode.min.js/assets/admin/js/scripts.js
Version Parameters
tinypress/assets/admin/js/scripts.js?ver=tinypress/assets/admin/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
tinypress-autolist-toggle
Data Attributes
data-tinypress-autolist-settings
JS Globals
tinypress
FAQ

Frequently Asked Questions about PublishPress Shortlinks – Custom URLs for Posts and External Links – Share Previews for Draft Posts