[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuH6fPGjBdeUzjmX6TVMOfY7NRE_czoW5ZnvlBhtAxWE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":15,"requires_php":14,"tags":16,"homepage":17,"download_link":18,"security_score":19,"vuln_count":13,"unpatched_count":13,"last_vuln_date":20,"fetched_at":21,"vulnerabilities":22,"developer":23,"crawl_stats":20,"alternatives":31,"analysis":32,"fingerprints":103},"yourls-link-creator-bulk-generate","Yourls Link Creator Bulk Generate","1.0.0","Dustin Filippini","https:\u002F\u002Fprofiles.wordpress.org\u002Fdustyf\u002F","\u003Cp>Bulk generate Yourls URLS when using the Yourls Link Creator plugin.\u003C\u002Fp>\n\u003Cp>Did you set up a Yourls install and integrate it in with your WordPress site?  Its great that all new posts get autogenerated short URLs, but what about old posts?  Run this bulk generator to create Yourls Short URLs for all of your existing posts.\u003C\u002Fp>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fyourls-link-creator\u002F\" rel=\"ugc\">Yourls Link Creator\u003C\u002Fa> by Norcross and an installation of the \u003Ca href=\"http:\u002F\u002Fyourls.org\" rel=\"nofollow ugc\">Yourls URL shortener\u003C\u002Fa>.  Please install, activate, and configure these before using.\u003C\u002Fp>\n","Bulk generate Yourls URLS when using the Yourls Link Creator plugin.",10,1617,0,"","3.6.0",[],"http:\u002F\u002Fdustyf.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyourls-link-creator-bulk-generate.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":24,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":26,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"dustyf",5,530,91,30,88,"2026-04-04T19:56:59.720Z",[],{"attackSurface":33,"codeSignals":58,"taintFlows":95,"riskAssessment":96,"analyzedAt":102},{"hooks":34,"ajaxHandlers":54,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":13,"unprotectedCount":13},[35,40,43,47,51],{"type":36,"name":37,"callback":37,"file":38,"line":39},"action","init","yourls-link-creator-bulk-generate.php",93,{"type":36,"name":41,"callback":41,"file":38,"line":42},"admin_menu",94,{"type":36,"name":44,"callback":45,"file":38,"line":46},"load-tools_page_yourls-link-creator-bulk-generate","process_post",95,{"type":36,"name":48,"callback":49,"file":38,"line":50},"yourls_link_creator_bulk_generate_notice","no_post_types",328,{"type":36,"name":48,"callback":52,"file":38,"line":53},"completed_message",334,[],[],[],[],{"dangerousFunctions":59,"sqlUsage":60,"outputEscaping":62,"fileOperations":13,"externalRequests":13,"nonceChecks":93,"capabilityChecks":13,"bundledLibraries":94},[],{"prepared":13,"raw":13,"locations":61},[],{"escaped":63,"rawEcho":64,"locations":65},8,13,[66,69,71,73,75,77,79,81,83,85,87,89,91],{"file":38,"line":67,"context":68},161,"raw output",{"file":38,"line":70,"context":68},162,{"file":38,"line":72,"context":68},186,{"file":38,"line":74,"context":68},191,{"file":38,"line":76,"context":68},269,{"file":38,"line":78,"context":68},284,{"file":38,"line":80,"context":68},286,{"file":38,"line":82,"context":68},288,{"file":38,"line":84,"context":68},295,{"file":38,"line":86,"context":68},298,{"file":38,"line":88,"context":68},305,{"file":38,"line":90,"context":68},308,{"file":38,"line":92,"context":68},315,1,[],[],{"summary":97,"deductions":98},"The \"yourls-link-creator-bulk-generate\" v1.0.0 plugin exhibits a strong security posture in several key areas, with no identified vulnerabilities in its history and a promising static analysis report. The absence of known CVEs and unpatched vulnerabilities is a significant strength, indicating a generally secure development history or limited exposure to past security issues.  The code analysis reveals a clean slate regarding dangerous functions, raw SQL queries (all using prepared statements), file operations, and external HTTP requests, which are all positive indicators. The presence of a nonce check is also a good practice.\n\nHowever, there are areas of concern that temper the overall good assessment. A significant weakness is the low percentage of properly escaped output (38%). This implies a considerable risk of Cross-Site Scripting (XSS) vulnerabilities, where user-supplied data might be rendered directly in the browser without proper sanitization, potentially allowing malicious scripts to execute. Furthermore, the complete absence of capability checks and the zero unprotected entry points in the attack surface analysis might suggest that the plugin's functionality is not deeply integrated into sensitive WordPress actions or user roles, which could be a double-edged sword. While it limits the attack surface, it also means that any future expansion without proper capability checks could introduce significant risks.\n\nIn conclusion, while the plugin demonstrates good practices by avoiding common pitfalls like raw SQL and dangerous functions, the high rate of unescaped output presents a substantial risk that needs immediate attention. The lack of historical vulnerabilities is encouraging, but the current static analysis highlights a critical area for improvement to prevent potential XSS attacks. The limited attack surface and lack of capability checks warrant further investigation if the plugin is intended for complex or sensitive operations.",[99],{"reason":100,"points":101},"Low output escaping percentage",15,"2026-03-16T23:18:51.329Z",{"wat":104,"direct":113},{"assetPaths":105,"generatorPatterns":108,"scriptPaths":109,"versionParams":110},[106,107],"\u002Fwp-content\u002Fplugins\u002Fyourls-link-creator-bulk-generate\u002Fjs\u002Fylcbg.js","\u002Fwp-content\u002Fplugins\u002Fyourls-link-creator-bulk-generate\u002Fcss\u002Fylcbg.css",[],[106],[111,112],"yourls-link-creator-bulk-generate\u002Fjs\u002Fylcbg.js?ver=","yourls-link-creator-bulk-generate\u002Fcss\u002Fylcbg.css?ver=",{"cssClasses":114,"htmlComments":116,"htmlAttributes":117,"restEndpoints":121,"jsGlobals":122,"shortcodeOutput":123},[115],"ylcbg_post_types",[],[118,119,120],"ylcbg_post_types[]","ylcbg_submit","ylcbg_nonce",[],[],[]]