Does Labur WordPress Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Labur WordPress Plugin compatible with WordPress 5.5.18?

According to WordPress.org data, Labur WordPress Plugin 1.0.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is Labur WordPress Plugin updated?

Labur WordPress Plugin was last updated on Dec 6, 2020. Frequent updates are generally a positive security signal.

What is Labur WordPress Plugin's security score?

Labur WordPress Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Labur WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/wp-labur

labur is a quick, modern, and open-source link shortener for basque community. This plugin allows you to use labur service in Wordpress.

0 active installs v1.0.1 PHP + WP 4.7.3+ Updated Dec 6, 2020

free-softwarelaburlink-shorteneropen-sourceshortener

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Labur WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Labur WordPress Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "wp-labur" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of known CVEs and a clean vulnerability history are also positive indicators, suggesting a generally stable and secure development history.

However, there are significant concerns. The plugin exposes a single AJAX handler that lacks authentication checks, creating a direct and unprotected entry point for potential attackers. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this analysis, represent a potential risk of unexpected behavior or data leakage if further exploitation is possible. The lack of nonce checks on the unprotected AJAX handler is a critical omission for preventing Cross-Site Request Forgery (CSRF) attacks.

In conclusion, while the plugin has strengths in its database interaction and output handling, the unprotected AJAX endpoint and the presence of unsanitized paths in the taint analysis present notable security weaknesses. The absence of known vulnerabilities is encouraging but does not negate the risks posed by the identified code signals. Further investigation into the unsanitized paths and immediate remediation of the unprotected AJAX handler are recommended.

Key Concerns

Unprotected AJAX handler found
Flows with unsanitized paths
Missing nonce checks

Vulnerabilities

None known

Labur WordPress Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Labur WordPress Plugin Release Timeline

v1.0.1Current

Code Analysis

Analyzed Mar 17, 2026

Labur WordPress Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

25 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped27 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

labur_get_url_process (labur.php:86)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Labur WordPress Plugin Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_labur_get_urllabur.php:101

WordPress Hooks 8

filtermanage_posts_columnsadmin\admin-all-posts-page.php:18

actionmanage_posts_custom_columnadmin\admin-all-posts-page.php:34

actionadmin_menuadmin\admin-menu.php:17

actionadd_meta_boxesadmin\labur-metabox.php:17

actionsave_postadmin\labur-metabox.php:51

actionadmin_initadmin\settings-page.php:17

actionplugins_loadedlabur.php:46

actionadd_meta_boxeslabur.php:76

Maintenance & Trust

Labur WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedDec 6, 2020

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Labur WordPress Plugin Alternatives

Polr WordPress Plugin

wp-polr

Polr is a quick, modern, and open-source link shortener. This plugin allows you to use Polr service in Wordpress.

10 No CVEs

Simple 301 Redirects By BetterLinks – Easy WordPress Redirect Manager for Redirects, 404 Error Log & More

simple-301-redirects

Simple 301 Redirects provides an easy method of redirecting requests to another page on your site or elsewhere on the web.

100K 7 CVEs

BetterLinks – URL Shortener, Link Tracking, Analytics & Affiliate Link Manager

betterlinks

Ultimate plugin to create, shorten, track and manage any URL. Gather analytics reports and run successful marketing campaigns easily.

20K 3 CVEs

Linker – URL shortener & track outbound link clicks

linker

Track Outbound Link Clicks Easily: Shorten & track your site links by using your own domain name. e.g. "your-domain.com/go/link"

2K 1 CVE

WP Discord Invite

wp-discord-invite

Create memorable Discord invite links (yoursite.com/discord) with tracking, webhooks, and social previews.

500 4 CVEs

Developer Profile

Labur WordPress Plugin Developer Profile

Egoitz Gonzalez

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Labur WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-labur/labur.js

Script Paths