KISS WP admin menu useful links

Contributors: KISS Plugins

Adds custom user-defined links to the bottom of the Site Name menu in the WP admin toolbar on the front-end view.

Description

This plugin allows administrators to easily add up to five custom links to the WordPress admin toolbar. Specifically, these links will appear in the dropdown menu under the site's name when viewing the front end of the website while logged in. This provides quick access to frequently used admin pages or any other URLs.

The first two links are pre-populated with "Posts" (/wp-admin/edit.php) and "Pages" (/wp-admin/edit.php?post_type=page) upon plugin activation, but all links are fully customizable via a settings page.

Installation

1. Upload the kiss-wp-admin-menu-useful-links folder to the /wp-content/plugins/ directory on your WordPress installation.
2. Activate the plugin through the 'Plugins' menu in WordPress.
3. Alternatively, upload the plugin's ZIP file directly via the 'Plugins' > 'Add New' > 'Upload Plugin' page in your WordPress admin area.

Usage

1. After activating the plugin, navigate to Settings > KISS Useful Links in your WordPress admin dashboard.
2. You will find fields to enter up to 5 custom link labels and their corresponding URLs.
   • Label: The text that will be displayed for the link.
   • URL: The destination URL. This can be a relative path (e.g., /wp-admin/users.php) or a full URL (e.g., https://example.com/my-page).
   • Priority: A number that determines the order of the links. A lower number (e.g., 10) will place a link higher in the menu, while a higher number (e.g., 100) will place it lower.
3. Enter your desired labels and URLs.
4. Click the "Save Links" button.
5. Visit the front end of your website while logged in. Hover over your site name in the admin toolbar (top-left) to see your custom links added to the menu.

License & Disclaimer

This plugin is licensed under the GNU General Public License v2 (GPLv2) or later.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

You are free to use and modify this plugin as per the GPLv2 license. However, it is provided "as-is," and the author(s) accept no liability for any issues, damages, or conflicts that may arise from its use.

Security

This plugin has been thoroughly audited for security vulnerabilities and implements WordPress security best practices:

• ✅ Nonce verification in all form processing functions
• ✅ Comprehensive URL validation that prevents XSS while supporting relative paths
• ✅ Proper input sanitization using WordPress functions
• ✅ Output escaping for all user-generated content
• ✅ Capability checks ensuring only authorized users can modify settings
• ✅ No direct file access protection

Changelog

1.6 - 2025-08-15 🚨 CRITICAL SECURITY UPDATE

• CRITICAL FIX: Resolved nonce verification bypass vulnerability
• SECURITY FIX: Implemented comprehensive URL validation to prevent XSS attacks
• SECURITY FIX: Enhanced input validation while maintaining relative path support
• IMPROVEMENT: Updated superglobal access patterns to follow WordPress standards
• STATUS: All critical and high-priority security issues resolved

1.5

• Fixed WordPress coding standards compliance
• Added proper nonce verification for security
• Moved JavaScript to separate file with proper enqueuing
• Fixed direct $_GET usage with sanitization
• Improved type hints and function signatures

1.4

• Added option caching and safer localStorage handling.
• Improved settings UI and security.

1.3

• Added an upgrade routine to set a default priority for links from older versions.

1.2

• Added a priority field to control the order of the links.
• Added instructional text to the settings page.

1.00

• Initial release.

For detailed security information, see ROADMAP.md.