[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVOnjD7vZrHJV1ydOtbBWPD8doMEVs6R7CszoPFeYNRE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":126,"fingerprints":340},"twittrup","Twittrup","1.1","marco_b","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarco_b\u002F","\u003Cp>This plugin updates your twitter status with the latest post that you’ve made.  It also has the option of including a link back to your post so people can easily click on it to view the post.\u003Cbr \u002F>\nThe link provided in the tweet can be shorted via a service of your choice: tinyurl.com, is.gd, bit.ly or snurl.com\u003C\u002Fp>\n\u003Cp>If you wan to stay up with me, you can \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fmarcobischoff\" rel=\"nofollow ugc\">follow me\u003C\u002Fa>.\u003Cbr \u002F>\nEnjoy!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>With this version it is possible to update more than one twitter account.\u003C\u002Fp>\n\u003Cp>Still missing is the following:\u003Cbr \u002F>\now.ly as shortener service\u003Cbr \u002F>\nReact on posts which are written for the future\u003C\u002Fp>\n","Updates Twitter when you create a new blog post utilizing an shortener service of your choice.",10,3530,0,"2009-07-22T08:25:00.000Z","2.8.1","2.7","",[19,20,21,22,23],"microblogging","redirect","twitter","updater","url-shortener","http:\u002F\u002Fplugins.wirtschaftsinformatiker.cc\u002Fwordpress\u002Ftwittrup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftwittrup.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":31,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":33,"trust_score":35,"computed_at":36},"Simone Marcon",3,30,90,87,"2026-04-05T09:53:35.340Z",[38,59,77,93,110],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wpneon-gocodes","WPNeon GoCodes 2","1.0","WPDean","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdean-1\u002F","\u003Cp>Have you ever had to give someone a shortened version of a URL? Maybe you’re a podcaster, and you can’t say “visit mydomain.com\u002F2008\u002F01\u002F03\u002Fmy-post-with-a-long-url\u002F for more info.”\u003Cbr \u002F>\nWouldn’t it be useful if you could just say “go to mydomain.com\u002Fgo\u002Fmycoolpost\u002F ?” Sure, you \u003Cem>could\u003C\u002Fem> use a service like tinyurl.com, but that’s still not too great if you need the URL for a podcast. It’s still awkward to read-out “tinyurl.com\u002F27asr9,” isn’t it? It’s less professional too.\u003Cbr \u002F>\nGoCodes let’s you create shortcut URLs to anywhere on the internet, right from your WordPress Admin.\u003Cbr \u002F>\nThe plugin is also useful for masking affiliate program URLs.\u003C\u002Fp>\n\u003Ch3>Upgrading\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate plugin\u003C\u002Fli>\n\u003Cli>Upload updated files\u003C\u002Fli>\n\u003Cli>Reactivate plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Origin\u003C\u002Fh3>\n\u003Cp>We are proud that original base of this plugin is a fork of GoCodes by redwall_hp (Not available for download and Supported currently).\u003Cbr \u002F>\nWe worked on the plugin before before releasing it is “WPNeon GoCodes2”, stripped down some code to make it a simple & lightweight.\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Ch4>WP Super Cache\u003C\u002Fh4>\n\u003Cp>There seems to be a conflict with the WP Super Cache plugin where a redirect will only work once before the cache is cleared. There are a couple of workarounds:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add “index.php” on a new line in the “Rejected URLs” field of the WP Super Cache options page. yourdomain.com\u002F will be cached still, but \u002Findex.php won’t.\u003C\u002Fli>\n\u003Cli>Frederick of frederickding.com put together another method. Add this line to your .htaccess file above the WP Super Cache line: “RewriteCond %{QUERY_STRING} !.\u003Cem>gocode=.\u003C\u002Fem>” It should look something like this:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>RewriteCond %{QUERY_STRING} !.\u003Cem>gocode=.\u003C\u002Fem>\u003Cbr \u002F>\nRewriteRule ^(.*) \u002Fwp-content\u002Fcache\u002Fsupercache\u002F%{HTTP_HOST}\u002F$1\u002Findex.html [L]\u003C\u002Fp>\n","Based on the original GoCodes plugin, \"WPNeon GoCodes 2\" is a revamnped URL redirection\u002Fshortener plugin. Great for podcasting and redirecti &hellip;",60,2027,"2018-11-09T08:39:00.000Z","4.9.29","4.9","5.2.4",[53,54,55,56,23],"301","redirection","tinyurl","url","http:\u002F\u002Fwpneon.com\u002Fgocodes-wordpress-redirection-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpneon-gocodes.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":17,"short_description":65,"active_installs":11,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":73,"download_link":74,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":76},"rss-stream","RSS Stream","1.0.3","Ricardo Gonzalez","https:\u002F\u002Fprofiles.wordpress.org\u002Frickgc\u002F","RSS Stream displays your social feeds in a lifestream way.",14504,"2.3.3","2",[70,19,71,72,21],"lifestream","rss","social","http:\u002F\u002Frick.jinlabs.com\u002Fcode\u002Frss-stream","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-stream.zip",100,"2026-03-15T10:48:56.248Z",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":17,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":91,"download_link":92,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"shortcode-shorturl","Short URL Generator","1.1.1","jhm","https:\u002F\u002Fprofiles.wordpress.org\u002Fjhm\u002F","\u003Cp>With this Plugin you \u003Cstrong>optimize your workflow\u003C\u002Fstrong> as it enables you to auto-generate a shortened URL to your blog posts. So neither you nor your readers have to do it. These Short URLs are particular useful for twitter and alike as these services limit the messages of their users to a certain amount of characters – which leads to the situation that their users are forced to have an eye on what exactly they want to write. And by providing a very short URL it’s easier for them to spread the word on your blog article as they have more characters left for personal remarks.\u003C\u002Fp>\n\u003Cp>Compared to other solutions \u003Cstrong>this plugin caches the generated shortened URL\u003C\u002Fstrong> – this makes it faster. If the permalink of the article changes, a new Short URL will be automatically generated. It also allows you to choose your favorite from a couple of Short URL Providers and lets you insert the shortened URL via a handy shortcode.\u003C\u002Fp>\n\u003Ch4>Usage:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Place \u003Ccode>[shorturl]\u003C\u002Fcode> in your article where you want to display the shortened url.\u003C\u002Fli>\n\u003Cli>Add optional info with parameters (see below)\u003C\u002Fli>\n\u003Cli>If you don’t like shortcodes you can use the complete auto mode – that way the shortened URL gets always auto-added at the end of your articles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic generation of a Short URL to the blog post.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caches the Short URL\u003C\u002Fstrong> – So it’s only generated once.\u003C\u002Fli>\n\u003Cli>Offers 6 different URL Shorteners to choose from (bit.ly, tr.im, is.gd, u.nu, snurl.com, tinyurl.com).\u003C\u002Fli>\n\u003Cli>Provides optional parameters to further increase workflow.\u003C\u002Fli>\n\u003Cli>Can add self-defined labels in front (or around) the URL(s).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Options:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Possible values are “1” for active and “0” for disabled\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>txt => Will add a label in front of the URL(s) (default: 0).\u003C\u002Fli>\n\u003Cli>full => The permalink will also be displayed (default: 0).\u003C\u002Fli>\n\u003Cli>link => Displays the URL(s) as HTML link (default: 0).\u003C\u002Fli>\n\u003Cli>short => Displays the Short URL (default: 1).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional info\u003C\u002Fh4>\n\u003Cp>For more information, examples, questions and previews – please have a look on the \u003Ca href=\"http:\u002F\u002Fhjacob.com\u002Fblog\u002F2009\u002F06\u002Fshort_url_shortcode_wordpress\u002F\" title=\"Short URL Plugin for WordPress - Original post by Hendrik Jacob\" rel=\"nofollow ugc\">plugins website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There is also a \u003Ca href=\"http:\u002F\u002Fhjacob.com\u002Fblog\u002F2009\u002F06\u002Fshort_url_shortcode_wordpress_german\u002F\" title=\"Short URL Plugin für WordPress - Original Artikel von Hendrik Jacob\" rel=\"nofollow ugc\">german version of the plugins page\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin automatically generates a Short URL for your article. You can choose your favorite provider and get multiple options.",5054,"2009-07-19T16:03:00.000Z","2.5",[89,90,21,23],"short-url","shortcode","http:\u002F\u002Fhjacob.com\u002Fblog\u002F2009\u002F06\u002Fshort_url_shortcode_wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-shorturl.zip",{"slug":94,"name":95,"version":80,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":13,"downloaded":100,"rating":13,"num_ratings":13,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":108,"download_link":109,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"shorterm","URL Short tool by Shorterm – Simple, Fast & Private","dimitrisevis","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimitrisevis\u002F","\u003Cp>\u003Cstrong>Looking for a reliable URL Shortener?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>URL Shortener by Shorterm\u003C\u002Fstrong> is the lightweight solution to create, manage, and track short URLs directly from your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Unlike complex plugins, Shorterm focuses on speed and privacy. It allows you to use your own domain for short links (e.g., \u003Ccode>yoursite.com\u002Fmy-link\u003C\u002Fcode>), giving you 100% control and ownership.\u003C\u002Fp>\n\u003Ch3>✨ Why is this the best URL Shortener?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Performance:\u003C\u002Fstrong> Zero bloat. It won’t slow down your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy:\u003C\u002Fstrong> Your data stays on your server. No third-party dependencies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customization:\u003C\u002Fstrong> Create branded links with your own slugs for free.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🟢 Free Features (Included)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Slugs:\u003C\u002Fstrong> Create branded links like \u003Ccode>yoursite.com\u002Fmy-promo\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant URL Shortener:\u003C\u002Fstrong> Generate random or custom short links instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link Manager:\u003C\u002Fstrong> View and delete all your short URLs in one clean dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Affiliate Cloaking:\u003C\u002Fstrong> Mask long affiliate links to look professional.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Redirects:\u003C\u002Fstrong> Uses 301 redirects to protect your ranking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Click Counter:\u003C\u002Fstrong> See total clicks for every link.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Shorterm PRO (Advanced Features)\u003C\u002Fh3>\n\u003Cp>Upgrade to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fshorterm.eu\u002F\" rel=\"nofollow ugc\">Shorterm Pro\u003C\u002Fa>\u003C\u002Fstrong> for powerful marketing tools:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Advanced Analytics:\u003C\u002Fstrong> Track Referrers, Browsers, Locations, and Devices.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Excel Export:\u003C\u002Fstrong> Download click data for analysis.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Password Protection:\u003C\u002Fstrong> Secure access to specific links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link Expiration:\u003C\u002Fstrong> Auto-expire links after a date or click limit.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Filtering:\u003C\u002Fstrong> Search and filter links by date or performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>View the Live Demo:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fshorterm.eu\u002F\" rel=\"nofollow ugc\">Try Shorterm Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>💡 Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Affiliates:\u003C\u002Fstrong> Turn \u003Ccode>amazon.com\u002Fref=12345\u003C\u002Fcode> into \u003Ccode>yoursite.com\u002Famazon\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Media:\u003C\u002Fstrong> Share clean, trackable links in your bio.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Marketing:\u003C\u002Fstrong> Track how many people click your email offers.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lightweight WordPress URL Shortener. Create custom slugs, cloak affiliate links & track clicks without slowing down your site.",320,"2026-02-03T09:18:00.000Z","6.9.4","5.0","7.4",[106,107,20,89,23],"affiliate-links","custom-slug","https:\u002F\u002Fshorterm.eu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshorterm.1.1.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":13,"downloaded":118,"rating":13,"num_ratings":13,"last_updated":119,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":120,"homepage":124,"download_link":125,"security_score":75,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"url-shortener-by-melk","URL Shortener by Melk","1.0.0","melksedeque","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelksedeque\u002F","\u003Cp>\u003Cstrong>URL Shortener by Melk\u003C\u002Fstrong> is a lightweight and efficient WordPress plugin that allows you to automatically generate short URLs for your posts, pages, categories, tags, and Custom Post Types. Ideal for sharing on social media and marketing materials.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Generation:\u003C\u002Fstrong> Automatically creates short URLs when publishing new posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Support:\u003C\u002Fstrong> Works with Posts, Pages, Categories, Tags, and Custom Post Types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick Copy:\u003C\u002Fstrong> “Copy” button directly in the post\u002Fterm listing in the admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Generation:\u003C\u002Fstrong> Tool to generate short URLs for old content with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance:\u003C\u002Fstrong> Fast redirection using native WordPress rewrite rules (no heavy queries).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure:\u003C\u002Fstrong> Validated and secure code, following WordPress best practices.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Namespace: \u003Ccode>Melk\\\\UrlShortenerByMelk\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Unique prefix: all functions, options, meta keys and hooks use the \u003Ccode>urlshbym_\u003C\u002Fcode> prefix, following the WordPress Plugin Handbook recommendations to avoid naming collisions.\u003C\u002Fli>\n\u003Cli>Options stored in the database:\n\u003Cul>\n\u003Cli>\u003Ccode>urlshbym_enabled_post_types\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>urlshbym_enabled_taxonomies\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Meta keys:\n\u003Cul>\n\u003Cli>\u003Ccode>_urlshbym_short_code\u003C\u002Fcode> on posts\u003C\u002Fli>\n\u003Cli>\u003Ccode>_urlshbym_short_code\u003C\u002Fcode> on terms (taxonomies)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Database table: \u003Ccode>{$wpdb->prefix}urlshbym_short_urls\u003C\u002Fcode> is created on activation to store the mapping between short codes and objects.\u003C\u002Fli>\n\u003Cli>Main hook:\n\u003Cul>\n\u003Cli>\u003Ccode>urlshbym_short_url_clicked\u003C\u002Fcode> — fired whenever a short URL is accessed, receiving the short code and the internal record ID.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Rewrite rules: short URLs are handled through a rewrite rule that maps patterns like \u003Ccode>\u002Fabc12\u003C\u002Fcode> to \u003Ccode>index.php?urlshbym_short=abc12\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create short URLs for your WordPress posts, pages, categories, tags, and custom post types automatically.",91,"2026-01-26T16:37:00.000Z",[121,54,122,123,23],"permalink","seo","shortlink","https:\u002F\u002Fgithub.com\u002FMelksedeque\u002Fplugin-url-shortener-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furl-shortener-by-melk.1.0.0.zip",{"attackSurface":127,"codeSignals":144,"taintFlows":250,"riskAssessment":327,"analyzedAt":339},{"hooks":128,"ajaxHandlers":140,"restRoutes":141,"shortcodes":142,"cronEvents":143,"entryPointCount":13,"unprotectedCount":13},[129,136],{"type":130,"name":131,"callback":132,"priority":133,"file":134,"line":135},"action","publish_post","twittrup_tweet_save",5,"twittrup.php",180,{"type":130,"name":137,"callback":138,"file":134,"line":139},"admin_menu","twittrup_admin_init",186,[],[],[],[],{"dangerousFunctions":145,"sqlUsage":146,"outputEscaping":148,"fileOperations":133,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":249},[],{"prepared":13,"raw":13,"locations":147},[],{"escaped":13,"rawEcho":149,"locations":150},51,[151,154,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,223,225,227,229,231,233,235,237,238,240,241,243,244,246,247],{"file":134,"line":152,"context":153},37,"raw output",{"file":155,"line":156,"context":153},"twittrup_updater_manage.php",149,{"file":155,"line":158,"context":153},207,{"file":155,"line":160,"context":153},217,{"file":155,"line":162,"context":153},221,{"file":155,"line":164,"context":153},282,{"file":155,"line":166,"context":153},287,{"file":155,"line":168,"context":153},290,{"file":155,"line":170,"context":153},293,{"file":155,"line":172,"context":153},294,{"file":155,"line":174,"context":153},297,{"file":155,"line":176,"context":153},302,{"file":155,"line":178,"context":153},305,{"file":155,"line":180,"context":153},308,{"file":155,"line":182,"context":153},309,{"file":155,"line":184,"context":153},312,{"file":155,"line":186,"context":153},317,{"file":155,"line":100,"context":153},{"file":155,"line":189,"context":153},323,{"file":155,"line":191,"context":153},324,{"file":155,"line":193,"context":153},327,{"file":155,"line":195,"context":153},332,{"file":155,"line":197,"context":153},335,{"file":155,"line":199,"context":153},338,{"file":155,"line":201,"context":153},339,{"file":155,"line":203,"context":153},342,{"file":155,"line":205,"context":153},347,{"file":155,"line":207,"context":153},350,{"file":155,"line":209,"context":153},353,{"file":155,"line":211,"context":153},354,{"file":155,"line":213,"context":153},357,{"file":155,"line":215,"context":153},366,{"file":155,"line":217,"context":153},369,{"file":155,"line":219,"context":153},372,{"file":155,"line":221,"context":153},373,{"file":155,"line":221,"context":153},{"file":155,"line":224,"context":153},374,{"file":155,"line":226,"context":153},375,{"file":155,"line":228,"context":153},376,{"file":155,"line":230,"context":153},377,{"file":155,"line":232,"context":153},385,{"file":155,"line":234,"context":153},394,{"file":155,"line":236,"context":153},396,{"file":155,"line":236,"context":153},{"file":155,"line":239,"context":153},397,{"file":155,"line":239,"context":153},{"file":155,"line":242,"context":153},400,{"file":155,"line":242,"context":153},{"file":155,"line":245,"context":153},401,{"file":155,"line":245,"context":153},{"file":155,"line":248,"context":153},406,[],[251,271],{"entryPoint":252,"graph":253,"unsanitizedCount":269,"severity":270},"twittrup_saveaccount (twittrup_updater_manage.php:132)",{"nodes":254,"edges":266},[255,260],{"id":256,"type":257,"label":258,"file":155,"line":259},"n0","source","$_POST (x2)",138,{"id":261,"type":262,"label":263,"file":155,"line":264,"wp_function":265},"n1","sink","update_option() [Settings Manipulation]",145,"update_option",[267],{"from":256,"to":261,"sanitized":268},false,2,"low",{"entryPoint":272,"graph":273,"unsanitizedCount":11,"severity":270},"\u003Ctwittrup_updater_manage> (twittrup_updater_manage.php:0)",{"nodes":274,"edges":318},[275,278,279,283,285,289,291,294,296,300,302,306,308,310,312,314],{"id":256,"type":257,"label":276,"file":155,"line":277},"$_POST['twittrup-draft-created-text']",82,{"id":261,"type":262,"label":263,"file":155,"line":277,"wp_function":265},{"id":280,"type":257,"label":281,"file":155,"line":282},"n2","$_POST['twittrup-draft-edit-text']",88,{"id":284,"type":262,"label":263,"file":155,"line":282,"wp_function":265},"n3",{"id":286,"type":257,"label":287,"file":155,"line":288},"n4","$_POST['twittrup-draft-publish-text']",94,{"id":290,"type":262,"label":263,"file":155,"line":288,"wp_function":265},"n5",{"id":292,"type":257,"label":293,"file":155,"line":75},"n6","$_POST['twittrup-post-created-text']",{"id":295,"type":262,"label":263,"file":155,"line":75,"wp_function":265},"n7",{"id":297,"type":257,"label":298,"file":155,"line":299},"n8","$_POST['twittrup-post-edit-text']",106,{"id":301,"type":262,"label":263,"file":155,"line":299,"wp_function":265},"n9",{"id":303,"type":257,"label":304,"file":155,"line":305},"n10","$_POST['twittrup-service']",113,{"id":307,"type":262,"label":263,"file":155,"line":305,"wp_function":265},"n11",{"id":309,"type":257,"label":258,"file":155,"line":259},"n12",{"id":311,"type":262,"label":263,"file":155,"line":264,"wp_function":265},"n13",{"id":313,"type":257,"label":258,"file":155,"line":259},"n14",{"id":315,"type":262,"label":316,"file":155,"line":239,"wp_function":317},"n15","echo() [XSS]","echo",[319,320,321,322,323,324,325,326],{"from":256,"to":261,"sanitized":268},{"from":280,"to":284,"sanitized":268},{"from":286,"to":290,"sanitized":268},{"from":292,"to":295,"sanitized":268},{"from":297,"to":301,"sanitized":268},{"from":303,"to":307,"sanitized":268},{"from":309,"to":311,"sanitized":268},{"from":313,"to":315,"sanitized":268},{"summary":328,"deductions":329},"The twittrup plugin v1.1 exhibits a mixed security posture. On the positive side, there are no known CVEs, no dangerous functions are used, and all SQL queries utilize prepared statements, indicating good practices in these areas. The plugin also does not make external HTTP requests or bundle any libraries, reducing potential attack vectors.  However, significant concerns arise from the static code analysis. The fact that 0% of outputs are properly escaped is a critical weakness, as it leaves the plugin highly susceptible to cross-site scripting (XSS) vulnerabilities. Furthermore, two taint analysis flows were found with unsanitized paths, indicating potential for path traversal or similar vulnerabilities, though the severity was not explicitly flagged as critical or high. The absence of nonce and capability checks on any potential entry points, despite the analysis showing zero entry points, is noted as a structural absence of common security measures that could become a concern if the attack surface were to expand in future versions or if the analysis missed certain interaction points.\n\nGiven the lack of historical vulnerabilities, it's difficult to draw definitive conclusions from past patterns. However, the current static analysis reveals critical areas for improvement, particularly concerning output escaping and the handling of unsanitized paths. While the plugin doesn't currently appear to have exploitable vulnerabilities due to its limited attack surface and lack of historical issues, the identified code-level weaknesses present a tangible risk, especially for XSS. Therefore, while not critically flawed in all aspects, the plugin requires immediate attention to its output sanitization and path handling to achieve a robust security profile.",[330,333,335,337],{"reason":331,"points":332},"All outputs are unescaped",20,{"reason":334,"points":11},"Taint flows with unsanitized paths",{"reason":336,"points":133},"No nonce checks",{"reason":338,"points":133},"No capability checks","2026-03-17T01:32:49.910Z",{"wat":341,"direct":346},{"assetPaths":342,"generatorPatterns":343,"scriptPaths":344,"versionParams":345},[],[],[],[],{"cssClasses":347,"htmlComments":348,"htmlAttributes":349,"restEndpoints":351,"jsGlobals":352,"shortcodeOutput":354},[],[],[350],"data-twittrup-id",[],[353],"twittrup_settings",[355],"[twittrup_display_latest_tweets]"]