Does URL Shortener have any unpatched vulnerabilities?

No. All known vulnerabilities in URL Shortener have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is URL Shortener compatible with WordPress 3.1.4?

According to WordPress.org data, URL Shortener 4.0.2 has been tested up to WordPress 3.1.4. Check the plugin's changelog for the latest compatibility information.

How often is URL Shortener updated?

URL Shortener was last updated on Feb 14, 2015. Frequent updates are generally a positive security signal.

What is URL Shortener's security score?

URL Shortener has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

URL Shortener Security & Risk Analysis

wordpress.org/plugins/url-shortener

This plugin allows you to generate shortlinks for post/pages using URL Shorteners (e.g. Bit.ly, Su.pr, YOURLS, Goo.gl and many others).

100 active installs v4.0.2 PHP + WP 2.7+ Updated Feb 14, 2015

short-urlshortenshortlinkurlurl-shortener

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is URL Shortener Safe to Use in 2026?

Generally Safe

Score 85/100

URL Shortener has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "url-shortener" plugin v4.0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of known CVEs and a clean vulnerability history suggest a well-maintained codebase. The plugin demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, while also utilizing prepared statements for its SQL queries and implementing nonce checks. However, a significant concern arises from the complete lack of output escaping on all identified output points. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is rendered directly in the browser without proper sanitization. Additionally, the presence of AJAX handlers and shortcodes, while limited in number and with some security checks, still represents potential entry points that could be exploited if underlying vulnerabilities related to input validation or output escaping are present.

Key Concerns

All outputs are unescaped
No capability checks on entry points

Vulnerabilities

None known

URL Shortener Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

URL Shortener Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<url-shortener> (url-shortener.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

URL Shortener Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_urlshortener_acturl-shortener.php:153

Shortcodes 1

[shortlink] url-shortener.php:164

WordPress Hooks 14

actionwp_headurl-shortener.php:114

actionwpurl-shortener.php:115

filterget_sample_permalink_htmlurl-shortener.php:120

filterget_shortlinkurl-shortener.php:132

actionfuture_to_publishurl-shortener.php:137

actionadmin_menuurl-shortener.php:141

filterpost_row_actionsurl-shortener.php:145

filterpage_row_actionsurl-shortener.php:146

actionadmin_headurl-shortener.php:147

actionload-edit.phpurl-shortener.php:148

actionload-edit-pages.phpurl-shortener.php:149

filtertemplate_redirecturl-shortener.php:158

filterthe_contenturl-shortener.php:168

filterthe_contenturl-shortener.php:171

Maintenance & Trust

URL Shortener Maintenance & Trust

Maintenance Signals

WordPress version tested3.1.4

Last updatedFeb 14, 2015

PHP min version

Downloads30K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

URL Shortener Alternatives

Link Shortner

link-shortener

100

Link Shortner allows you to easily create clean, branded short permalink links for your posts custom URL.

900 No CVEs

Bitly URL Shortener

codehaveli-bitly-url-shortener

Bitly URL Shortener uses the functionality of Bitly API to generate Bitly short link without leaving your WordPress site.

600 1 CVE

Shorter Links

shorter-links

Override the default WordPress "shortlink" URL with one that has a custom text in it. You can also set a different base URL.

100 No CVEs

Bit.ly Shortlinks Multisite (Uses OAuth 2 API)

bitly-shortlinks-multisite

100

This plugin replaces the default WordPress shortlinks with Bit.ly shortlinks for your single site or multisite WordPress network.

10 No CVEs

Bitly URL Generator

bitly-url-generator

Automatically creates a bit.ly url for each of your posts when they get published.

10 No CVEs

Developer Profile

URL Shortener Developer Profile

Gerald Yeo

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect URL Shortener

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/url-shortener/css/url-shortener.css/wp-content/plugins/url-shortener/js/url-shortener.js

Script Paths

/wp-content/plugins/url-shortener/js/url-shortener.js

Version Parameters

url-shortener/css/url-shortener.css?ver=url-shortener/js/url-shortener.js?ver=

HTML / DOM Fingerprints

CSS Classes

fts_shortlink

Data Attributes

data-fts-shortlink-id

JS Globals

fts_shorturl_ajax_object

Shortcode Output

[shortlink]

FAQ