[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJuTD4Qmz1BNTf_oIjbPyZmM9_DLibiFilYxtbWwjWFc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":58,"fingerprints":242},"wp-better-permalinks","WP Better Permalinks","4.2.1","Mateusz Gbiorczyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fmateuszgbiorczyk\u002F","\u003Cp>Set custom friendly permalinks structure: \u003Cstrong>Custom Post Type > Taxonomy > Post\u003C\u002Fstrong> and \u003Cstrong>Custom Post Type > Taxonomy\u003C\u002Fstrong> instead of default WordPress structure.\u003C\u002Fp>\n\u003Cp>Default permalinks structure in WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Post Type > Post\u003C\u002Fli>\n\u003Cli>Taxonomy > Single Term\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Friendly permalinks structure pattern available using this plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Post Type > Single Term \u003Cem>(or Term tree)\u003C\u002Fem> > Post\u003C\u002Fli>\n\u003Cli>Custom Post Type > Post \u003Cem>(when no term is selected)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Custom Post Type > Single Term \u003Cem>(or Term tree)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin allows you to set your own structure with a few clicks. Everything works automatically, no need to add any additional code.\u003C\u002Fp>\n\u003Ch4>Please also read the FAQ below. Thank you for being with us!\u003C\u002Fh4>\n","Set custom friendly permalinks structure: Custom Post Type > Taxonomy > Post and Custom Post Type > Taxonomy instead of default WordPress structure.",1000,32891,98,26,"2025-12-08T20:05:00.000Z","6.9.4","5.0","7.0",[20,21,22,23,24],"custom-post-type-permalinks","friendly-permalinks","permalinks-structure","permalinks-tree","taxonomy-term-permalinks","https:\u002F\u002Fmattplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-better-permalinks.4.2.1.zip",99,1,0,"2019-06-27 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2019-15835","wp-better-permalinks-cross-site-request-forgery","WP Better Permalinks \u003C 3.0.5 - Cross-Site Request Forgery","The wp-better-permalinks plugin before 3.0.5 for WordPress has CSRF.",null,"\u003C3.0.5","3.0.5","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff8ccf307-3bb8-45c5-91da-7d0f46e96694?source=api-prod",1671,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"mateuszgbiorczyk",3,541000,97,962,77,"2026-04-04T03:51:06.326Z",[],{"attackSurface":59,"codeSignals":159,"taintFlows":229,"riskAssessment":230,"analyzedAt":241},{"hooks":60,"ajaxHandlers":151,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":28,"unprotectedCount":28},[61,67,70,75,80,84,88,92,96,100,104,108,111,115,119,124,127,132,136,139,142,144,148],{"type":62,"name":63,"callback":64,"file":65,"line":66},"filter","admin_enqueue_scripts","loadStyles","app\\Admin\\Assets.php",9,{"type":62,"name":63,"callback":68,"file":65,"line":69},"loadScripts",10,{"type":62,"name":71,"callback":72,"file":73,"line":74},"wbp_notice_url","showNoticeUrl","app\\Admin\\Notice.php",11,{"type":76,"name":77,"callback":78,"file":73,"line":79},"action","admin_notices","showAdminNotice",12,{"type":62,"name":81,"callback":82,"priority":69,"file":83,"line":74},"wbp_post_term","getTermForPost","app\\Posttype\\Cache.php",{"type":76,"name":85,"callback":86,"priority":87,"file":83,"line":79},"save_post","clearPostTermCache",100,{"type":76,"name":89,"callback":90,"priority":87,"file":91,"line":66},"post_type_link","replaceLink","app\\Posttype\\Link.php",{"type":62,"name":93,"callback":94,"priority":69,"file":95,"line":66},"register_post_type_args","updatePosttypeArgs","app\\Posttype\\Register.php",{"type":76,"name":97,"callback":98,"priority":69,"file":99,"line":66},"generate_rewrite_rules","generateRewriteRules","app\\Posttype\\Rewrites.php",{"type":62,"name":101,"callback":102,"priority":69,"file":103,"line":66},"wbp_term_primary","getPrimaryTermForPost","app\\Posttype\\Yoast.php",{"type":62,"name":105,"callback":106,"priority":69,"file":107,"line":74},"wbp_config","getConfig","app\\Settings\\Config.php",{"type":62,"name":109,"callback":110,"priority":69,"file":107,"line":79},"wbp_rewrites","getRewrites",{"type":62,"name":112,"callback":113,"file":114,"line":66},"wbp_posttypes","getPostTypes","app\\Settings\\Options.php",{"type":76,"name":116,"callback":117,"file":118,"line":66},"admin_menu","addSettingsPage","app\\Settings\\Page.php",{"type":76,"name":120,"callback":121,"file":122,"line":123},"admin_init","refreshRedirects","app\\Settings\\Refresh.php",13,{"type":76,"name":120,"callback":125,"file":126,"line":74},"initSaving","app\\Settings\\Save.php",{"type":76,"name":128,"callback":129,"priority":69,"file":130,"line":131},"pre_delete_term","loadTermChildren","app\\Taxonomy\\Actions.php",18,{"type":76,"name":133,"callback":134,"file":135,"line":66},"init","loadActions","app\\Taxonomy\\Init.php",{"type":62,"name":137,"callback":90,"priority":87,"file":138,"line":66},"term_link","app\\Taxonomy\\Link.php",{"type":62,"name":140,"callback":141,"priority":69,"file":138,"line":69},"wbp_term_link","getTermLink",{"type":62,"name":137,"callback":90,"priority":87,"file":138,"line":143},30,{"type":62,"name":145,"callback":146,"priority":69,"file":147,"line":66},"register_taxonomy_args","updateTaxonomyArgs","app\\Taxonomy\\Register.php",{"type":76,"name":97,"callback":98,"priority":149,"file":150,"line":66},20,"app\\Taxonomy\\Rewrites.php",[152],{"action":153,"nopriv":154,"callback":155,"hasNonce":154,"hasCapCheck":154,"file":73,"line":123},"wbp_notice",false,"hideAdminNotice",[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":29,"externalRequests":29,"nonceChecks":227,"capabilityChecks":29,"bundledLibraries":228},[],{"prepared":28,"raw":29,"locations":162},[],{"escaped":29,"rawEcho":164,"locations":165},39,[166,169,171,173,175,176,178,180,183,185,186,187,189,190,192,194,195,197,198,200,201,202,203,205,207,208,209,211,213,214,215,217,218,219,220,221,222,224,226],{"file":167,"line":28,"context":168},"resources\\components\\notices\\thanks.php","raw output",{"file":167,"line":170,"context":168},4,{"file":167,"line":172,"context":168},7,{"file":167,"line":174,"context":168},16,{"file":167,"line":149,"context":168},{"file":167,"line":177,"context":168},24,{"file":167,"line":179,"context":168},28,{"file":181,"line":182,"context":168},"resources\\components\\settings\\post-types.php",5,{"file":181,"line":184,"context":168},8,{"file":181,"line":174,"context":168},{"file":181,"line":131,"context":168},{"file":181,"line":188,"context":168},22,{"file":181,"line":188,"context":168},{"file":181,"line":191,"context":168},25,{"file":193,"line":51,"context":168},"resources\\components\\widgets\\about.php",{"file":193,"line":172,"context":168},{"file":193,"line":196,"context":168},15,{"file":193,"line":131,"context":168},{"file":193,"line":199,"context":168},19,{"file":193,"line":188,"context":168},{"file":193,"line":191,"context":168},{"file":193,"line":14,"context":168},{"file":193,"line":204,"context":168},27,{"file":206,"line":51,"context":168},"resources\\components\\widgets\\donate.php",{"file":206,"line":172,"context":168},{"file":206,"line":74,"context":168},{"file":210,"line":172,"context":168},"resources\\components\\widgets\\settings.php",{"file":210,"line":212,"context":168},14,{"file":210,"line":199,"context":168},{"file":210,"line":188,"context":168},{"file":216,"line":51,"context":168},"resources\\components\\widgets\\support.php",{"file":216,"line":172,"context":168},{"file":216,"line":69,"context":168},{"file":216,"line":149,"context":168},{"file":216,"line":177,"context":168},{"file":216,"line":179,"context":168},{"file":223,"line":170,"context":168},"resources\\views\\settings.php",{"file":223,"line":225,"context":168},6,{"file":223,"line":69,"context":168},2,[],[],{"summary":231,"deductions":232},"The \"wp-better-permalinks\" plugin version 4.2.1 presents a mixed security posture. On the positive side, the code analysis shows a commitment to secure database interactions with all SQL queries using prepared statements and a lack of dangerous functions or file operations. The absence of critical or high severity taint flows and external HTTP requests is also reassuring.\n\nHowever, significant concerns arise from the attack surface and output escaping. The plugin exposes a single AJAX handler that lacks authentication checks, creating a direct entry point for unauthorized actions. Furthermore, a concerning 0% of its 39 output operations are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, while not showing currently unpatched issues, reveals a past high-severity CSRF vulnerability. This pattern suggests a tendency for vulnerabilities related to input validation and authorization, which is unfortunately echoed in the current static analysis findings.\n\nIn conclusion, while the plugin demonstrates good practices in database security and avoids known dangerous code patterns, the unprotected AJAX endpoint and widespread output escaping flaws are critical weaknesses. These issues significantly outweigh the positive aspects and demand immediate attention. The historical CSRF vulnerability further underscores the need for robust input validation and authorization checks.",[233,235,237,239],{"reason":234,"points":69},"Unprotected AJAX handler",{"reason":236,"points":196},"No output escaping",{"reason":238,"points":196},"Past high severity vulnerability",{"reason":240,"points":69},"No capability checks on AJAX","2026-03-16T18:53:46.139Z",{"wat":243,"direct":252},{"assetPaths":244,"generatorPatterns":247,"scriptPaths":248,"versionParams":249},[245,246],"\u002Fwp-content\u002Fplugins\u002Fwp-better-permalinks\u002Fpublic\u002Fbuild\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fwp-better-permalinks\u002Fpublic\u002Fbuild\u002Fjs\u002Fscripts.js",[],[246],[250,251],"wp-better-permalinks\u002Fpublic\u002Fbuild\u002Fcss\u002Fstyles.css?ver=","wp-better-permalinks\u002Fpublic\u002Fbuild\u002Fjs\u002Fscripts.js?ver=",{"cssClasses":253,"htmlComments":254,"htmlAttributes":255,"restEndpoints":256,"jsGlobals":257,"shortcodeOutput":258},[],[],[],[],[],[]]