[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLrs_DrcM_OtxTiRwJeClKR-wrOdn5a0QEMcxLl2RyiY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":32,"fingerprints":203},"wpdevhub-dlm","WPDevHub Link Manager","2.7","benhallbenhall","https:\u002F\u002Fprofiles.wordpress.org\u002Fbenhallbenhall\u002F","\u003Cp>Create and Track custom link forwarders with a minimized URL off your own website.  Take advantage of short codes, widgets and other features.\u003C\u002Fp>\n","Create and Track custom link forwarders with a minimized URL off your own website.",0,1739,"2019-12-16T23:26:00.000Z","5.3.21","4.0","",[18],"links-link-management","https:\u002F\u002Fwww.wpdevhub.com\u002Fwordpress-plugins\u002Flink-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpdevhub-dlm.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":27,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},5,40,30,84,"2026-04-04T17:25:20.038Z",[],{"attackSurface":33,"codeSignals":108,"taintFlows":165,"riskAssessment":191,"analyzedAt":202},{"hooks":34,"ajaxHandlers":104,"restRoutes":105,"shortcodes":106,"cronEvents":107,"entryPointCount":11,"unprotectedCount":11},[35,41,46,51,55,59,61,66,70,73,77,82,85,89,93,97,100],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","widget_comments_args","disableCommentsWpActionWidgetCommentsArgs","classes\\core\\class.DSCF_DLM_StandardCustomPostType.php",34,{"type":42,"name":43,"callback":44,"file":39,"line":45},"filter","comment_feed_where","disableCommentsWpFilterCommentFeedWhere",35,{"type":36,"name":47,"callback":48,"file":49,"line":50},"admin_enqueue_scripts","wpActionAdminEnqueueScripts","classes\\core\\class.DSCF_DLM_StandardMain.php",66,{"type":36,"name":52,"callback":53,"file":49,"line":54},"wp_enqueue_scripts","wpActionEnqueueScripts",67,{"type":36,"name":56,"callback":57,"file":49,"line":58},"admin_menu","wpActionAdminMenu",68,{"type":36,"name":52,"callback":53,"file":49,"line":60},187,{"type":42,"name":62,"callback":63,"priority":64,"file":49,"line":65},"the_content","wpFilterTheContent",9,390,{"type":42,"name":67,"callback":68,"priority":64,"file":49,"line":69},"the_excerpt","wpFilterTheExcerpt",391,{"type":42,"name":71,"callback":68,"priority":64,"file":49,"line":72},"get_the_excerpt",392,{"type":42,"name":74,"callback":75,"file":49,"line":76},"get_the_archive_title","wpFilterGetTheArchiveTitle",393,{"type":36,"name":78,"callback":79,"file":80,"line":81},"save_post","saveBase","classes\\core\\class.DSCF_DLM_StandardMetaBox.php",28,{"type":42,"name":62,"callback":83,"file":80,"line":84},"filterContent",32,{"type":36,"name":86,"callback":86,"file":87,"line":88},"init","inc\\inc.setup.php",92,{"type":42,"name":90,"callback":91,"file":87,"line":92},"do_parse_request","dispatch",93,{"type":36,"name":94,"callback":95,"file":87,"line":96},"loop_end","closure",94,{"type":42,"name":98,"callback":95,"file":87,"line":99},"the_permalink",99,{"type":36,"name":86,"callback":101,"priority":11,"file":102,"line":103},"wpActionInit","index.php",24,[],[],[],[],{"dangerousFunctions":109,"sqlUsage":115,"outputEscaping":118,"fileOperations":162,"externalRequests":163,"nonceChecks":163,"capabilityChecks":119,"bundledLibraries":164},[110],{"fn":111,"file":112,"line":113,"context":114},"unserialize","classes\\core\\class.DSCF_DLM_StandardObjectRecord.php",64,"return unserialize(base64_decode($object));",{"prepared":116,"raw":11,"locations":117},22,[],{"escaped":119,"rawEcho":120,"locations":121},2,20,[122,126,128,130,132,134,136,139,142,144,146,148,149,150,153,154,156,157,159,161],{"file":123,"line":124,"context":125},"classes\\class.DSCF_DLM_Utilities.php",185,"raw output",{"file":123,"line":127,"context":125},308,{"file":123,"line":129,"context":125},311,{"file":123,"line":131,"context":125},320,{"file":123,"line":133,"context":125},324,{"file":80,"line":135,"context":125},103,{"file":137,"line":138,"context":125},"classes\\core\\class.DSCF_DLM_StandardMetaBoxAndDbObject.php",81,{"file":140,"line":141,"context":125},"pages\\inc.settings-base.php",10,{"file":140,"line":143,"context":125},41,{"file":140,"line":145,"context":125},44,{"file":147,"line":141,"context":125},"pages\\wpdevhub-dlm-home.php",{"file":147,"line":28,"context":125},{"file":147,"line":40,"context":125},{"file":151,"line":152,"context":125},"pages\\wpdevhub-dlm-links.php",11,{"file":151,"line":116,"context":125},{"file":151,"line":155,"context":125},25,{"file":151,"line":84,"context":125},{"file":151,"line":158,"context":125},36,{"file":160,"line":152,"context":125},"pages\\wpdevhub-dlm-reports.php",{"file":160,"line":113,"context":125},4,1,[],[166],{"entryPoint":167,"graph":168,"unsanitizedCount":119,"severity":190},"\u003Cinc.settings-base> (pages\\inc.settings-base.php:0)",{"nodes":169,"edges":186},[170,174,180,182],{"id":171,"type":172,"label":173,"file":140,"line":81},"n0","source","$_REQUEST",{"id":175,"type":176,"label":177,"file":140,"line":178,"wp_function":179},"n1","sink","call_user_func() [RCE]",38,"call_user_func",{"id":181,"type":172,"label":173,"file":140,"line":81},"n2",{"id":183,"type":176,"label":184,"file":140,"line":143,"wp_function":185},"n3","echo() [XSS]","echo",[187,189],{"from":171,"to":175,"sanitized":188},false,{"from":181,"to":183,"sanitized":188},"high",{"summary":192,"deductions":193},"The \"wpdevhub-dlm\" plugin v2.7 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce checks and capability checks, indicating an awareness of basic security principles. The absence of known CVEs and historical vulnerabilities is a strong indicator of a well-maintained codebase. However, significant concerns arise from the static and taint analysis.\n\nThe presence of the `unserialize` function is a major red flag. If the data being unserialized is not strictly controlled and validated, it can lead to arbitrary object deserialization vulnerabilities, which can be critical. Coupled with a taint analysis flow showing an unsanitized path of high severity, this combination points to a potentially exploitable vulnerability. The low percentage of properly escaped output (9%) also suggests a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted directly without proper sanitization.\n\nWhile the plugin has no recorded vulnerabilities, the identified code signals and taint analysis results suggest potential weaknesses that could lead to future issues. The overall risk is elevated due to the high-severity taint flow combined with the dangerous `unserialize` function and the lack of proper output escaping. Addressing these specific code-level concerns is crucial for improving the plugin's security.",[194,197,199],{"reason":195,"points":196},"High severity unsanitized path flow",12,{"reason":198,"points":141},"Dangerous unserialize function used",{"reason":200,"points":201},"Low percentage of properly escaped output",6,"2026-03-17T06:36:17.982Z",{"wat":204,"direct":217},{"assetPaths":205,"generatorPatterns":210,"scriptPaths":211,"versionParams":212},[206,207,208,209],"\u002Fwp-content\u002Fplugins\u002Fwpdevhub-dlm\u002Fassets\u002Fjs\u002Fwpdevhub-dlm-public.js","\u002Fwp-content\u002Fplugins\u002Fwpdevhub-dlm\u002Fassets\u002Fjs\u002Fwpdevhub-dlm-admin.js","\u002Fwp-content\u002Fplugins\u002Fwpdevhub-dlm\u002Fassets\u002Fcss\u002Fwpdevhub-dlm-public.css","\u002Fwp-content\u002Fplugins\u002Fwpdevhub-dlm\u002Fassets\u002Fcss\u002Fwpdevhub-dlm-admin.css",[],[206,207],[213,214,215,216],"wpdevhub-dlm\u002Fassets\u002Fjs\u002Fwpdevhub-dlm-public.js?ver=","wpdevhub-dlm\u002Fassets\u002Fjs\u002Fwpdevhub-dlm-admin.js?ver=","wpdevhub-dlm\u002Fassets\u002Fcss\u002Fwpdevhub-dlm-public.css?ver=","wpdevhub-dlm\u002Fassets\u002Fcss\u002Fwpdevhub-dlm-admin.css?ver=",{"cssClasses":218,"htmlComments":221,"htmlAttributes":223,"restEndpoints":226,"jsGlobals":228,"shortcodeOutput":231},[219,220],"wpdevhub-dlm-link-manager","wpdevhub-dlm-admin",[222],"\u003C!-- WPDevHub Link Manager Plugin -->",[224,225],"data-wpdevhub-dlm-id","data-wpdevhub-dlm-slug",[227],"\u002Fwp-json\u002Fwpdevhub-dlm\u002Fv1\u002Flink",[229,230],"wpdevhubDlmAdmin","wpdevhubDlmPublic",[232],"[wpdevhub_dlm]"]