[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fP0DSMICYGeZGKxWZm3RQ-47lbAXd7N5uVyCFDqLXJlI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":37,"fingerprints":99},"url-smasher","URL Smasher","3.10","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Automatically – and without any effort on your part – shortens URLs in posts, pages, and comments using goo.gl. Does not require any special shortcodes, buttons, or anything – just enable it, and URLs are smashed when the post\u002Fpage\u002Fcomment is saved. Just use your Google API Key (it’s free) and off you go!\u003C\u002Fp>\n","Automatically shortens URLs in posts, pages, and comments using goo.gl.",10,2779,100,1,"2024-04-10T22:25:00.000Z","6.5.8","4.0.1","",[20],"url-shortener-automatic-goo-gl","http:\u002F\u002Fcellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furl-smasher.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T10:38:15.035Z",[],{"attackSurface":38,"codeSignals":64,"taintFlows":86,"riskAssessment":87,"analyzedAt":98},{"hooks":39,"ajaxHandlers":60,"restRoutes":61,"shortcodes":62,"cronEvents":63,"entryPointCount":24,"unprotectedCount":24},[40,46,50,56],{"type":41,"name":42,"callback":43,"file":44,"line":45},"action","admin_menu","url_smasher_options_add_plugin_page","url-smasher.php",61,{"type":41,"name":47,"callback":48,"file":44,"line":49},"admin_init","url_smasher_options_page_init",62,{"type":51,"name":52,"callback":53,"priority":54,"file":44,"line":55},"filter","preprocess_comment","urlsmasher_comment",99,279,{"type":51,"name":57,"callback":58,"priority":54,"file":44,"line":59},"wp_insert_post_data","urlsmasher_post",283,[],[],[],[],{"dangerousFunctions":65,"sqlUsage":66,"outputEscaping":68,"fileOperations":24,"externalRequests":14,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":85},[],{"prepared":24,"raw":24,"locations":67},[],{"escaped":69,"rawEcho":70,"locations":71},2,6,[72,75,77,79,81,83],{"file":44,"line":73,"context":74},226,"raw output",{"file":44,"line":76,"context":74},260,{"file":44,"line":78,"context":74},410,{"file":44,"line":80,"context":74},411,{"file":44,"line":82,"context":74},490,{"file":44,"line":84,"context":74},517,[],[],{"summary":88,"deductions":89},"The \"url-smasher\" v3.10 plugin exhibits a generally strong security posture with no known vulnerabilities in its history and a clean static analysis report regarding dangerous functions, SQL queries, and taint flows. The absence of AJAX handlers, REST API routes, shortcodes, and cron events, particularly those without authentication or permission checks, significantly limits its attack surface. However, a notable concern is the low percentage of properly escaped output (25%), indicating a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without adequate sanitization. While the plugin makes external HTTP requests, the lack of specific details makes it difficult to assess the risk associated with this without further analysis. The absence of nonce and capability checks, while not directly tied to exposed entry points in this version, represents a missed opportunity for defense-in-depth, especially if functionality is added in future updates.",[90,93,96],{"reason":91,"points":92},"Low percentage of properly escaped output",8,{"reason":94,"points":95},"Missing nonce checks",3,{"reason":97,"points":95},"Missing capability checks","2026-03-17T00:13:52.470Z",{"wat":100,"direct":107},{"assetPaths":101,"generatorPatterns":103,"scriptPaths":104,"versionParams":105},[102],"\u002Fwp-content\u002Fplugins\u002Furl-smasher\u002Fcss\u002Furlsmasher_settings.css",[],[],[106],"url-smasher\u002Fcss\u002Furlsmasher_settings.css?ver=",{"cssClasses":108,"htmlComments":111,"htmlAttributes":112,"restEndpoints":116,"jsGlobals":117,"shortcodeOutput":118},[109,110],"urlsmasher_options","urlsmasher_sidebar",[],[113,114,115],"name=\"url_smasher_options[url_smasher_bitly_token]\"","name=\"url_smasher_options[url_smasher_enable_content]\"","name=\"url_smasher_options[url_smasher_enable_comment]\"",[],[],[]]