[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkElMXW7hOUWKSK9LRw1MOzq30xdRMuehOx9Qt-fj0h8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":88,"crawl_stats":38,"alternatives":92,"analysis":188,"fingerprints":370},"wp-bitly","Bitly's WordPress Plugin","2.8.1","bitlydeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fbitlydeveloper\u002F","\u003Cp>Love WordPress? Love Bitly? After installing this plugin, you’ll be able to shorten a link and view clicks right from WordPress. Your new links will be saved to Bitly for reference and deeper analysis.\u003C\u002Fp>\n\u003Cp>\u003Cem>To do that, you must have a Bitly account to use the plugin. Your account is where you store, edit, and view metrics for your links. Register at bitly.com.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>No matter the type of site you own (from a personal blog to an ecommerce store and everything in between) Bitly makes it easy to create shorter links and keep an eye on your clicks. Whether you share your links on social, SMS, or email, a short link is easier to manage and remember.\u003C\u002Fp>\n","Create short links to your content with Bitly’s WordPress Plugin.",2000,142865,84,23,"2026-03-10T15:14:00.000Z","6.7.5","5.0","",[20,21,22,23,24],"bitly","custom-domain","shortener","shortlink","url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-bitly\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-bitly.2.8.1.zip",74,4,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[33,47,62,76],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-58231","bitly-authenticated-contributor-stored-cross-site-scripting","Bitly \u003C= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Bitly plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.7.4","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:35:31",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F219770af-d01e-4ebb-acf5-b4a647a0e16e?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":53,"severity":40,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-12616","bitlys-wordpress-plugin-missing-authorization-to-authenticated-subscriber-settings-update","Bitly's WordPress Plugin \u003C= 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Settings Update","The Bitly&#039;s WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings.","\u003C=2.7.3","2.7.4",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-01-08 00:00:00","2025-04-17 13:10:01",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb1312c34-45c6-41e5-b6fc-a45ac2c8a0ca?source=api-prod",100,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":40,"cvss_score":69,"cvss_vector":70,"vuln_type":56,"published_date":71,"updated_date":72,"references":73,"days_to_patch":75},"CVE-2024-43209","bitlys-wordpress-plugin-missing-authorization","Bitly's WordPress Plugin \u003C= 2.7.2 - Missing Authorization","The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.7.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.","\u003C=2.7.2","2.7.3",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","2024-08-09 00:00:00","2024-11-04 21:44:09",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F74160271-b27d-49fe-9550-e3949ecad048?source=api-prod",88,{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":38,"affected_versions":81,"patched_in_version":82,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":83,"updated_date":84,"references":85,"days_to_patch":87},"CVE-2023-5577","bitlys-wordpress-plugin-authenticated-contributor-stored-cross-site-scripting-via-shortcode","Bitly's WordPress Plugin \u003C= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.7.1","2.7.2","2023-11-06 00:00:00","2024-05-28 21:28:50",[86],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F31522e54-f260-46d0-8d57-2d46af7d3450?source=api-prod",205,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":89,"trust_score":90,"computed_at":91},131,61,"2026-04-04T07:27:25.821Z",[93,114,129,150,171],{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":27,"num_ratings":103,"last_updated":18,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":110,"download_link":111,"security_score":61,"vuln_count":112,"unpatched_count":112,"last_vuln_date":38,"fetched_at":113},"bitly-shortlinks-multisite","Bit.ly Shortlinks Multisite (Uses OAuth 2 API)","1.2","Denis Lam","https:\u002F\u002Fprofiles.wordpress.org\u002Fspiffyd\u002F","\u003Cp>WordPress generates shortlinks for your posts and pages. By default it uses the \u003Ccode>?p=\u003C\u002Fcode> with the post ID added to it, but if you have a rather long domain name this isn’t very useful. If you use \u003Ca href=\"http:\u002F\u002Fbit.ly\" rel=\"nofollow ugc\">Bit.ly\u003C\u002Fa>, this plugin will help you replace the shortlink WordPress generates with a proper Bit.ly shortlink.\u003C\u002Fp>\n\u003Cp>This plugin uses the latest Bit.ly OAuth 2 draft specification API instead of its deprecated V3 API and enables you to use generic access token to automatically enable Bit.ly shortlinks in your entire multisite network without the need for each site user to have to tinker with any settings or authentication configurations.\u003C\u002Fp>\n","This plugin replaces the default WordPress shortlinks with Bit.ly shortlinks for your single site or multisite WordPress network.",10,3149,3,"3.5.2","3.0",[20,107,23,108,109],"multisite","shortlinks","url-shortener","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbitly-shortlinks-multisite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitly-shortlinks-multisite.1.2.zip",0,"2026-03-15T10:48:56.248Z",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":101,"downloaded":122,"rating":61,"num_ratings":29,"last_updated":123,"tested_up_to":104,"requires_at_least":124,"requires_php":18,"tags":125,"homepage":18,"download_link":127,"security_score":128,"vuln_count":112,"unpatched_count":112,"last_vuln_date":38,"fetched_at":31},"bitly-url-generator","Bitly URL Generator","1.0","micahwave","https:\u002F\u002Fprofiles.wordpress.org\u002Fmicahwave\u002F","\u003Cp>Automatically creates a \u003Ca href=\"http:\u002F\u002Fbit.ly\" rel=\"nofollow ugc\">bit.ly\u003C\u002Fa> url for each of your posts when they get published. To display the shortened url, simple use \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwp_get_shortlink\" rel=\"nofollow ugc\">wp_get_shortlink\u003C\u002Fa> in your template file.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Automatically creates a bit.ly url for each of your posts when they get published.",3362,"2012-12-19T13:41:00.000Z","3.3",[126,20,23,24,109],"bit-ly","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbitly-url-generator.zip",85,{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":148,"download_link":149,"security_score":61,"vuln_count":112,"unpatched_count":112,"last_vuln_date":38,"fetched_at":31},"link-shortener","Link Shortner","1.1","Dipakkumar Parmar","https:\u002F\u002Fprofiles.wordpress.org\u002Fdipakparmar443\u002F","\u003Cp>Link Shortner helps you generate short links and share any URL on or off your WordPress website.\u003Cbr \u002F>\nWith this plugin, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create short links for posts.\u003C\u002Fli>\n\u003Cli>Share short links on social media, emails, or anywhere online.\u003C\u002Fli>\n\u003Cli>Quickly regenerate links with one click from your WordPress admin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re managing content, marketing campaigns, or just want neat and professional URLs, Link Shortner makes it simple and effective.\u003C\u002Fp>\n","Link Shortner allows you to easily create clean, branded short permalink links for your posts custom URL.",900,11021,90,11,"2025-08-31T10:13:00.000Z","6.8.5","5.6",[145,146,147,108,109],"links","post","shorten-url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flink-shortener\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flink-shortener.1.1.zip",{"slug":151,"name":152,"version":153,"author":154,"author_profile":155,"description":156,"short_description":157,"active_installs":158,"downloaded":159,"rating":61,"num_ratings":160,"last_updated":161,"tested_up_to":162,"requires_at_least":143,"requires_php":163,"tags":164,"homepage":167,"download_link":168,"security_score":169,"vuln_count":29,"unpatched_count":112,"last_vuln_date":170,"fetched_at":31},"codehaveli-bitly-url-shortener","Bitly URL Shortener","1.5.1","Codehaveli","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodehaveli\u002F","\u003Cp>\u003Cstrong>Bitly URL Shortener\u003C\u002Fstrong> (Previously Codehaveli Bitly URL Shortener) uses the functionality of Bitly API to generate bitly short link automatically from your WordPress dashboard when you publish new post.\u003C\u002Fp>\n\u003Cp>Bitly URL Shortener allows you to connect your WordPress Website to the Bitly API via access token and Group GUID.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Generate Bitly link automatically when publishing posts without leaving your site.\u003C\u002Fli>\n\u003Cli>Share Bitly link from your Post List and Post Edit page with social share buttons.\u003C\u002Fli>\n\u003Cli>Gutenberg block for displaying social share icons (Facebook, LinkedIn, X\u002FTwitter, Telegram, WhatsApp).\u003C\u002Fli>\n\u003Cli>Support for Custom Post Types with option to choose from your list of post types.\u003C\u002Fli>\n\u003Cli>Support for Custom Bitly Domain (for paid Bitly plans).\u003C\u002Fli>\n\u003Cli>Generate Bitly link of your old posts with just one click from post list.\u003C\u002Fli>\n\u003Cli>WP-CLI support for bulk generating short links via command line.\u003C\u002Fli>\n\u003Cli>REST API endpoints for programmatic access to short URL generation.\u003C\u002Fli>\n\u003Cli>Post column in admin showing generated short URLs.\u003C\u002Fli>\n\u003Cli>Metabox in post edit page for quick access to short URL and share options.\u003C\u002Fli>\n\u003Cli>Optimized code with modern PHP 7.4+ features and proper error handling.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Terms of Use\u003C\u002Fh3>\n\u003Cp>This is not an official plugin of \u003Ca href=\"https:\u002F\u002Fbitly.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbitly.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin only connects your \u003Ca href=\"https:\u002F\u002Fbitly.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbitly.com\u003C\u002Fa> account to your WordPress site.\u003C\u002Fp>\n\u003Cp>Please read \u003Ca href=\"https:\u002F\u002Fbitly.com\u002Fpages\u002Fprivacy\" rel=\"nofollow ugc\">privacy\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbitly.com\u002Fpages\u002Fterms-of-service\" rel=\"nofollow ugc\">terms of service\u003C\u002Fa> of \u003Ca href=\"https:\u002F\u002Fbitly.com\" rel=\"nofollow ugc\">Bitly\u003C\u002Fa> before using this plugin.\u003C\u002Fp>\n\u003Ch3>Bug reports\u003C\u002Fh3>\n\u003Cp>Bug reports for Bitly URL Shortener are welcomed in our Bitly URL Shortener \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Froyrakesh\u002Fcodehaveli-bitly-url-shortener\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that are not properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003Ch3>Further Reading\u003C\u002Fh3>\n\u003Cp>For more info on Bitly and Codehaveli, check out the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codehaveli.com\u002F\" rel=\"nofollow ugc\">Codehaveli\u003C\u002Fa> official homepage\u003C\u002Fli>\n\u003Cli>Read “How to generate Bitly OAuth access token?” from \u003Ca href=\"https:\u002F\u002Fwww.codehaveli.com\u002Fhow-to-generate-bitly-oauth-access-token\u002F\" rel=\"nofollow ugc\">Codehaveli Blog\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Bitly \u003Ca href=\"https:\u002F\u002Fbitly.is\u002F2XxT9BN\" rel=\"nofollow ugc\">API Documentation\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Follow Codehaveli on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcodehaveli\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fcodehaveli\u002F\" rel=\"nofollow ugc\">Instagram\u003C\u002Fa> & \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fcodehaveli\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Plugin \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Froyrakesh\u002Fcodehaveli-bitly-url-shortener\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Bitly URL Shortener uses the functionality of Bitly API to generate Bitly short link without leaving your WordPress site.",600,14840,5,"2026-01-29T14:56:00.000Z","6.9.4","7.4",[20,165,146,166,109],"connector","short-url","https:\u002F\u002Fgithub.com\u002Froyrakesh\u002Fcodehaveli-bitly-url-shortener","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcodehaveli-bitly-url-shortener.1.5.1.zip",99,"2025-06-05 00:00:00",{"slug":172,"name":173,"version":174,"author":175,"author_profile":176,"description":177,"short_description":178,"active_installs":61,"downloaded":179,"rating":180,"num_ratings":28,"last_updated":181,"tested_up_to":182,"requires_at_least":105,"requires_php":18,"tags":183,"homepage":186,"download_link":187,"security_score":128,"vuln_count":112,"unpatched_count":112,"last_vuln_date":38,"fetched_at":31},"shorter-links","Shorter Links","2.1.0","akrabat","https:\u002F\u002Fprofiles.wordpress.org\u002Fakrabat\u002F","\u003Cp>The \u003Cstrong>Shorter Links\u003C\u002Fstrong> WordPress plugin overrides the default WordPress\u003Cbr \u002F>\n“shortlink” URL with one that has a custom text in it. You can also set a\u003Cbr \u002F>\ndifferent base URL.\u003C\u002Fp>\n\u003Cp>A custom field called “Shorter link” is created once a post is saved,\u003Cbr \u002F>\nso that you can change the shortlink to a more memorable set of\u003Cbr \u002F>\ncharacters.\u003C\u002Fp>\n\u003Cp>The choice of base URL to use for the short link can be configured within\u003Cbr \u002F>\nSettings->Shorter Links.\u003C\u002Fp>\n\u003Cp>Related Links:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fakrabat.com\u002Fshorter-links\" rel=\"nofollow ugc\">Plugin home page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Licence\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the \u003Ca href=\"http:\u002F\u002Fakrabat.com\u002Flicense\u002Fnew-bsd\" rel=\"nofollow ugc\">New BSD license\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>History\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>2.1.0 – 8 August 2015\u003C\u002Fstrong>\u003Cbr \u002F>\nRework to look for the shorter link after WordPress has done its processing. This\u003Cbr \u002F>\nmeans that a shorterlink that represents a date won’t affect an archive list.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.6 – 8 August 2015\u003C\u002Fstrong>\u003Cbr \u002F>\nEnsure that the short_link is correct when using a post id.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.5 – 8 August 2015\u003C\u002Fstrong>\u003Cbr \u002F>\nUpdated Tested up to 4.3\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.3 – 9 July 2012\u003C\u002Fstrong>\u003Cbr \u002F>\nBug fix so that archives work.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.2 – 23 June 2012\u003C\u002Fstrong>\u003Cbr \u002F>\nFall back to REQUEST_URI if there’s nothing interesting in $query_vars.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.1 – 20 June 2012\u003C\u002Fstrong>\u003Cbr \u002F>\nUpdated to handle 4 digit short links that look like a year to WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2.0.0 – 21 November 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nUpdated to be WordPress 3.0 or above, so we only need to hook into the WordPress\u003Cbr \u002F>\nshortlink system\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.8.2 – 21 November 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nFix permissions issue on settings page. This is the last version that works\u003Cbr \u002F>\non WordPress 2.9.x or earlier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.8.1 – 7 September 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nBug fix to remove a warning.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.8 – 1 September 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nuse shortlink rather than shorturl for WordPress less than 3.\u003Cbr \u002F>\nFor WordPress 3 or higher, hook into the new shortlink system.\u003Cbr \u002F>\nFix the admin page so that it displays in WordPress 3.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.7 – 11 Feburary 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nHandle failures better.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.6 – 10 January 2010\u003C\u002Fstrong>\u003Cbr \u002F>\nUpdate version number in correct places so that the WP plugins system notices the update.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.5 – 29 December 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nSupport permalinks that start with \u002F%category%\u002F\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.4 – 14 April 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nSupport rel=”shorturl” as per \u003Ca href=\"http:\u002F\u002Fsites.google.com\u002Fa\u002Fsnaplog.com\u002Fwiki\u002Fshort_url\" rel=\"nofollow ugc\">Robert Spychala’s Short URL Auto-Discovery proposal\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.3 – 14 April 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd support for setting the base URL. Patch by \u003Ca href=\"davemastergeneral@gmail.com\" rel=\"nofollow ugc\">Dave Marshall\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.2 – 13 April 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nOnly send the \u003Ccode>Link\u003C\u002Fcode> HTTP header as recommended by \u003Ca href=\"http:\u002F\u002Fshiflett.org\u002Fblog\u002F2009\u002Fapr\u002Fa-rev-canonical-http-header\" rel=\"nofollow ugc\">Shiflett\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.1 – 13 April 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nFixed output of HTTP headers. Patch by \u003Ca href=\"http:\u002F\u002Fbethesignal.org\u002F\" rel=\"nofollow ugc\">Jeff Waugh\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1.0 – 11 April 2009\u003C\u002Fstrong>\u003Cbr \u002F>\nInitial release.\u003C\u002Fp>\n","Override the default WordPress \"shortlink\" URL with one that has a custom text in it. You can also set a different base URL.",7033,76,"2015-08-08T10:35:00.000Z","4.3.34",[145,184,23,185,109],"revcanonical","shorturl","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fshorter-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshorter-links.2.1.0.zip",{"attackSurface":189,"codeSignals":255,"taintFlows":289,"riskAssessment":353,"analyzedAt":369},{"hooks":190,"ajaxHandlers":225,"restRoutes":246,"shortcodes":247,"cronEvents":253,"entryPointCount":254,"unprotectedCount":103},[191,197,200,205,208,210,213,215,218,221,223],{"type":192,"name":193,"callback":194,"file":195,"line":196},"action","admin_notices","authorization_successful_notice","admin\\class-wp-bitly-admin.php",209,{"type":192,"name":193,"callback":198,"file":195,"line":199},"regenerate_successful_notice",287,{"type":192,"name":201,"callback":202,"file":203,"line":204},"plugins_loaded","anonymous","includes\\class-wp-bitly.php",167,{"type":192,"name":206,"callback":202,"file":203,"line":207},"admin_enqueue_scripts",186,{"type":192,"name":206,"callback":202,"file":203,"line":209},187,{"type":192,"name":211,"callback":202,"file":203,"line":212},"init",189,{"type":192,"name":211,"callback":202,"file":203,"line":214},190,{"type":192,"name":216,"callback":202,"file":203,"line":217},"admin_init",191,{"type":192,"name":219,"callback":202,"file":203,"line":220},"save_post",197,{"type":192,"name":211,"callback":202,"file":203,"line":222},200,{"type":192,"name":216,"callback":202,"file":203,"line":224},202,[226,233,237,240,243],{"action":227,"nopriv":228,"callback":229,"hasNonce":230,"hasCapCheck":230,"file":231,"line":232},"wpbitly_oauth_get_token",false,"get_token",true,"includes\\class-wp-bitly-auth.php",50,{"action":234,"nopriv":228,"callback":235,"hasNonce":230,"hasCapCheck":230,"file":231,"line":236},"wpbitly_oauth_disconnect","disconnect",51,{"action":238,"nopriv":228,"callback":202,"hasNonce":228,"hasCapCheck":228,"file":203,"line":239},"get_domain_options",192,{"action":241,"nopriv":228,"callback":202,"hasNonce":228,"hasCapCheck":228,"file":203,"line":242},"get_group_options",193,{"action":244,"nopriv":228,"callback":202,"hasNonce":228,"hasCapCheck":228,"file":203,"line":245},"get_org_options",194,[],[248],{"tag":249,"callback":250,"file":251,"line":252},"wpbitly","wpbitly_shortlink","includes\\class-wp-bitly-shortlink.php",199,[],6,{"dangerousFunctions":256,"sqlUsage":257,"outputEscaping":259,"fileOperations":112,"externalRequests":103,"nonceChecks":287,"capabilityChecks":160,"bundledLibraries":288},[],{"prepared":112,"raw":112,"locations":258},[],{"escaped":260,"rawEcho":261,"locations":262},69,12,[263,266,268,270,272,273,274,276,279,281,283,285],{"file":195,"line":264,"context":265},261,"raw output",{"file":231,"line":267,"context":265},118,{"file":231,"line":269,"context":265},147,{"file":231,"line":271,"context":265},180,{"file":231,"line":222,"context":265},{"file":231,"line":196,"context":265},{"file":231,"line":275,"context":265},221,{"file":277,"line":278,"context":265},"includes\\class-wp-bitly-metabox.php",159,{"file":277,"line":280,"context":265},164,{"file":277,"line":282,"context":265},165,{"file":277,"line":284,"context":265},172,{"file":286,"line":27,"context":265},"includes\\class-wp-bitly-settings.php",7,[],[290,323,335,344],{"entryPoint":291,"graph":292,"unsanitizedCount":322,"severity":40},"\u003Cclass-wp-bitly-settings> (includes\\class-wp-bitly-settings.php:0)",{"nodes":293,"edges":318},[294,298,304,308,312],{"id":295,"type":296,"label":297,"file":286,"line":128},"n0","source","$_SERVER (x11)",{"id":299,"type":300,"label":301,"file":286,"line":302,"wp_function":303},"n1","sink","echo() [XSS]",139,"echo",{"id":305,"type":296,"label":306,"file":286,"line":307},"n2","$_POST (x2)",514,{"id":309,"type":310,"label":311,"file":286,"line":307},"n3","transform","→ wpbitly_get()",{"id":313,"type":300,"label":314,"file":315,"line":316,"wp_function":317},"n4","wp_remote_get() [SSRF]","includes\\class-wp-bitly-api.php",65,"wp_remote_get",[319,320,321],{"from":295,"to":299,"sanitized":230},{"from":305,"to":309,"sanitized":228},{"from":309,"to":313,"sanitized":228},2,{"entryPoint":324,"graph":325,"unsanitizedCount":112,"severity":334},"\u003Cclass-wp-bitly-admin> (admin\\class-wp-bitly-admin.php:0)",{"nodes":326,"edges":332},[327,330],{"id":295,"type":296,"label":328,"file":195,"line":329},"$_GET",185,{"id":299,"type":300,"label":301,"file":195,"line":331,"wp_function":303},241,[333],{"from":295,"to":299,"sanitized":230},"low",{"entryPoint":336,"graph":337,"unsanitizedCount":112,"severity":334},"register_settings (includes\\class-wp-bitly-settings.php:64)",{"nodes":338,"edges":342},[339,341],{"id":295,"type":296,"label":340,"file":286,"line":128},"$_SERVER (x7)",{"id":299,"type":300,"label":301,"file":286,"line":302,"wp_function":303},[343],{"from":295,"to":299,"sanitized":230},{"entryPoint":345,"graph":346,"unsanitizedCount":112,"severity":334},"_f_settings_field_authorize (includes\\class-wp-bitly-settings.php:83)",{"nodes":347,"edges":351},[348,350],{"id":295,"type":296,"label":349,"file":286,"line":128},"$_SERVER",{"id":299,"type":300,"label":301,"file":286,"line":302,"wp_function":303},[352],{"from":295,"to":299,"sanitized":230},{"summary":354,"deductions":355},"The wp-bitly plugin exhibits a mixed security posture.  On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a high percentage of output being properly escaped, alongside a robust number of nonce and capability checks. This suggests a development team with an awareness of common web security pitfalls.\n\nHowever, significant concerns arise from the attack surface analysis.  Three out of five AJAX handlers lack authentication checks, presenting a direct pathway for unauthorized actions if exploited. The taint analysis, while limited in scope, did identify one flow with unsanitized paths, which, though not classified as critical or high, warrants attention given the potential for unexpected behavior. The plugin's history of four known CVEs, including one currently unpatched medium severity vulnerability, and common patterns of Cross-site Scripting and Missing Authorization, is a strong indicator of recurring security weaknesses that have not been fully addressed.\n\nIn conclusion, while the plugin has some commendable security implementations, the presence of unprotected AJAX handlers, a history of vulnerabilities including an unpatched one, and identified taint flows paint a picture of moderate risk. The recurring nature of past vulnerabilities suggests a need for more rigorous security auditing and remediation processes to ensure long-term security.",[356,358,361,363,365,367],{"reason":357,"points":101},"Unprotected AJAX handlers",{"reason":359,"points":360},"Currently unpatched CVE",18,{"reason":362,"points":261},"Medium severity CVE history (4 instances)",{"reason":364,"points":287},"Flows with unsanitized paths",{"reason":366,"points":160},"Missing Authorization vulnerability history",{"reason":368,"points":160},"Cross-site Scripting vulnerability history","2026-03-16T18:35:49.980Z",{"wat":371,"direct":384},{"assetPaths":372,"generatorPatterns":377,"scriptPaths":378,"versionParams":379},[373,374,375,376],"\u002Fwp-content\u002Fplugins\u002Fwp-bitly\u002Fadmin\u002Fcss\u002Fwp-bitly-admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-bitly\u002Fadmin\u002Fcss\u002Fchartist\u002Fchartist.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-bitly\u002Fadmin\u002Fjs\u002Fwp-bitly-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-bitly\u002Fadmin\u002Fjs\u002Fchartist\u002Fchartist.min.js",[],[375,376],[380,381,382,383],"wp-bitly\u002Fadmin\u002Fcss\u002Fwp-bitly-admin.css?ver=","wp-bitly\u002Fadmin\u002Fcss\u002Fchartist\u002Fchartist.min.css?ver=","wp-bitly\u002Fadmin\u002Fjs\u002Fwp-bitly-admin.js?ver=","wp-bitly\u002Fadmin\u002Fjs\u002Fchartist\u002Fchartist.min.js?ver=",{"cssClasses":385,"htmlComments":387,"htmlAttributes":388,"restEndpoints":390,"jsGlobals":391,"shortcodeOutput":393},[386],"wp-bitly-setup-notice",[],[389],"data-nonce",[],[392],"wpBitlyData",[]]