[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRpsfTRMID0q8IQ3n8zdFx5KC_Zhjb_w1G0QaMxP5M1o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":244},"advanced-email-domain-restriction","Advanced Email Domain Restriction","1.3.0","Md Siddiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Frockscoder\u002F","\u003Cp>The \u003Cstrong>Advanced Email Domain Restriction\u003C\u002Fstrong> plugin provides a lightweight but powerful way to control which email domains are allowed to register on your WordPress site.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Allow-list Only\u003C\u002Fstrong>: Restrict registrations to a specific list of trusted domains.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Upload\u003C\u002Fstrong>: Import large lists of domains via CSV.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Export\u003C\u002Fstrong>: Download your allowed domains list for backup or analysis.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Support\u003C\u002Fstrong>: Fully compatible with WooCommerce customer registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Form Plugin Support\u003C\u002Fstrong>: Automatically validate email fields in \u003Cstrong>Contact Form 7\u003C\u002Fstrong>, \u003Cstrong>WPForms\u003C\u002Fstrong>, and \u003Cstrong>Elementor Pro\u003C\u002Fstrong> forms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TLD & Full Email Support\u003C\u002Fstrong>: Restrict registrations to specific TLDs (e.g., .com) or specific email addresses (e.g., user@example.com).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Case-Insensitive\u003C\u002Fstrong>: Matches \u003Ccode>gmail.com\u003C\u002Fcode> regardless of how the user types it.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Messages\u003C\u002Fstrong>: Define your own error messages for restricted domains.\u003C\u002Fli>\n\u003C\u002Ful>\n","Restrict user registrations to specific domains, TLDs, or email addresses. Includes CSV import\u002Fexport and WooCommerce support.",40,1374,0,"2026-02-22T16:12:00.000Z","6.9.4","6.3","7.4",[19,20,21,22,23],"domain","email","registration","restriction","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-email-domain-restriction","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-email-domain-restriction.1.3.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"rockscoder",1,30,94,"2026-04-04T14:03:38.885Z",[37,58,79,100,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":26,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"email-and-domain-blocker","Email and Domain Blocker for WooCommerce","1.1","Kaleem Abbasi","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaleemabbasi\u002F","\u003Cp>Tired of fake signups and spam accounts in your WooCommerce store?\u003Cbr \u002F>\n\u003Cstrong>Email and Domain Blocker for WooCommerce\u003C\u002Fstrong> lets you block unwanted emails or domains from registering — keeping your store clean and your customers real.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific email addresses (e.g. \u003Ccode>baduser@gmail.com\u003C\u002Fcode>)\u003Cbr \u002F>\n* Block entire domains (e.g. \u003Ccode>@spam.com\u003C\u002Fcode>)\u003Cbr \u002F>\n* Wildcard support (e.g. \u003Ccode>*@gmail.com\u003C\u002Fcode>, \u003Ccode>*@*.ru\u003C\u002Fcode>)\u003Cbr \u002F>\n* Test Email Checker (instantly check if an email is allowed or blocked)\u003Cbr \u002F>\n* Optional logging of blocked attempts\u003Cbr \u002F>\n* Logs tab to view, clear, and download blocked attempts as CSV\u003Cbr \u002F>\n* Simple admin UI with usage examples\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Stop spam signups with disposable or free mail services\u003Cbr \u002F>\n* Block competitors or fraud-prone domains\u003Cbr \u002F>\n* Restrict registrations to company emails only\u003C\u002Fp>\n","Block emails or domains from WooCommerce signups. Supports wildcards, logging, CSV export, and test email checker.",300,2068,3,"2025-09-03T21:51:00.000Z","6.6.5","5.8","7.2",[53,54,21,55,23],"domain-blocker","email-blocker","spam-prevention","https:\u002F\u002Fkaleemabbasi.com\u002Femail-and-domain-blocker-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-and-domain-blocker.1.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":15,"requires_at_least":71,"requires_php":51,"tags":72,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"customer-email-verification-for-woocommerce","Customer Email Verification for WooCommerce","2.6.9","Zorem","https:\u002F\u002Fprofiles.wordpress.org\u002Fzorem\u002F","\u003Cp>Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🔑 OTP-Based Email Verification:\u003C\u002Fstrong> Customers must verify their email with an OTP before completing registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📩 Email Verification Popup:\u003C\u002Fstrong> The verification popup appears instantly after entering an email address and clicking the verify button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>❌ No Account Creation Without Verification:\u003C\u002Fstrong> Users cannot create an account unless they verify their email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Verification Popup:\u003C\u002Fstrong> Modify the popup’s design and messages to match your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✉️ Customizable Verification Email:\u003C\u002Fstrong> Customize the OTP email template, subject, and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Resend OTP Option:\u003C\u002Fstrong> Customers can resend the OTP if they didn’t receive the initial email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Admin Verification Control:\u003C\u002Fstrong> View and manage email verification statuses from the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔓 Role-Based Verification Skipping:\u003C\u002Fstrong> Skip email verification for selected user roles. Redirect users to any page after successful email verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Customer Email Verification for WooCommerce is built to integrate smoothly with plugins that follow WooCommerce’s standard registration and checkout templates. It also works with various social media login plugins, providing flexibility and convenience for users.\u003C\u002Fp>\n\u003Cp>The following plugins have been tested and confirmed to be fully compatible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout WC\u003C\u002Fli>\n\u003Cli>WooCommerce Social Login\u003C\u002Fli>\n\u003Cli>Nextend Social Login and Register\u003C\u002Fli>\n\u003Cli>WooCommerce Memberships\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Funnel Builder by CartFlows\u003C\u002Fli>\n\u003Cli>Affiliate For WooCommerce\u003C\u002Fli>\n\u003Cli>Smart Manager\u003C\u002Fli>\n\u003Cli>Cashier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a complete list of compatible plugins and more details, please visit our \u003Ca href=\"https:\u002F\u002Fdocs.zorem.com\u002Fdocs\u002Fcustomer-email-verification-pro\u002Fcompatibility\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We also offer a Pro version!\u003C\u002Fh3>\n\u003Ch3>Customer Email Verification PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>📦 OTP Verification for Checkout:\u003C\u002Fstrong> Enforce email verification for guest users before completing a purchase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛍️ Enable Checkout Verification:\u003C\u002Fstrong> Choose to verify emails on the cart page or only for free orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔢 OTP Length Customization:\u003C\u002Fstrong> Select between 4-digit or 6-digit OTP codes for verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⏳ OTP Expiration Control:\u003C\u002Fstrong> Set expiration time for OTPs (e.g., 72 hours) to enhance security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Verification Email Resend Limit:\u003C\u002Fstrong> Restrict the number of OTP resend attempts to prevent abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Login Authentication Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Notify users when they log in from a new device or browser.\u003C\u002Fli>\n\u003Cli>Require OTP verification for logins from an unrecognized device, location, or after a set period.\u003C\u002Fli>\n\u003Cli>Define specific conditions for unrecognized logins, such as logging in from a new device or a location not used before.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Advanced Customization:\u003C\u002Fstrong> More control over email templates and verification popups.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fcustomer-email-verification\u002F\" rel=\"nofollow ugc\">Get CEV PRO >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other Plugins by zorem\u003C\u002Fh3>\n\u003Cp>Optimize your WooCommerce store with our plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fwoocommerce-advanced-shipment-tracking\u002F\" rel=\"nofollow ugc\">Advanced Shipment Tracking Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-local-pickup-pro\u002F\" rel=\"nofollow ugc\">Zorem Local Pickup Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsms-for-woocommerce\u002F\" rel=\"nofollow ugc\">SMS for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fcountry-based-restriction-for-woocommerce\u002F\" rel=\"nofollow ugc\">Country Based Restriction for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsales-by-country-for-woocommerce\u002F\" rel=\"nofollow ugc\">Sales By Country for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-returns\u002F\" rel=\"nofollow ugc\">Zorem Returns\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Femail-reports-for-woocommerce\u002F\" rel=\"nofollow ugc\">Email Reports for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fview-as-customer-for-woocommerce\u002F\" rel=\"nofollow ugc\">View as Customer for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore more at \u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002F\" rel=\"nofollow ugc\">zorem.com\u003C\u002Fa>\u003C\u002Fp>\n","Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.",2000,62784,88,19,"2026-02-17T05:37:00.000Z","5.3",[73,74,75,23,76],"customer-verification","email-address-verification","registration-verification","woocommerce-signup-spam","https:\u002F\u002Fwww.zorem.com\u002Fproducts\u002Fcustomer-email-verification-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-email-verification-for-woocommerce.2.6.9.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":45,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":91,"tags":93,"homepage":91,"download_link":97,"security_score":98,"vuln_count":32,"unpatched_count":13,"last_vuln_date":99,"fetched_at":28},"user-domain-whitelist","User Domain Whitelist","v1.5.1","Warren Harrison","https:\u002F\u002Fprofiles.wordpress.org\u002Fhungrymedia\u002F","\u003Cp>The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list below OR prevents registrants with an email address from the domain black list below from registering. For example, \u003Cem>hortense@example.com\u003C\u002Fem> would only be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain white list. Conversely,  \u003Cem>hortense@example.com\u003C\u002Fem> would \u003Cstrong>not\u003C\u002Fstrong> be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain black list. Anyone attempting to register using an email address outside the white list or inside te black list will receive the error message below.Anyone attempting to register using an email address outside the white list will receive an error message. Both the domain whitelist and the error message can be modified via the plugin options page (available under the Settings menu).\u003C\u002Fp>\n","The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list provided by t &hellip;",13738,82,9,"2017-12-25T21:53:00.000Z","","2.8.2",[94,19,95,21,96],"blacklist","email-address","whitelist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-domain-whitelist.zip",84,"2014-02-22 00:00:00",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":47,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":91,"tags":114,"homepage":117,"download_link":118,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"woo-email-domain-blacklist","Email Domain Blacklist for WooCommerce and EDD","2.0.1","Kowsar Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fkowsar89\u002F","\u003Cp>Ever wanted to prevent users using temporary or disposable emails in checkout page? With this plugin, you can!\u003C\u002Fp>\n\u003Cp>There are many websites (eg. 10minutemail.net, guerrillamail.com etc) which provides temporary email service. These websites use many different domain names in their temporary email addresses. All you have to do is, put these domain names in this plugin’s settings page. After that when a user will try to place an order using the blacklisted email domain, checkout process will be interrupted and user will see an error notice.\u003C\u002Fp>\n\u003Cp>You can configure the plugin settings from “Settings>Woo EDD Email Blacklist” menu from admin panel.\u003C\u002Fp>\n\u003Cp>If you have no idea how many temporary domain names exists out there and you want to block all of them anyway, you can enable the option “External blacklist” from plugin settings. I have already created a list of temporary domain names and kept it in my server, enabling this option will pull that list from my server and store it in your database. I will try to update this list in regular intervals. For more information, please read the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-email-domain-blacklist\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> section.\u003C\u002Fp>\n","A lightweight plugin to block any email domain from WooCommerce and Easy Digital Download checkout page",50,2415,74,"2025-09-28T06:35:00.000Z","5.2.24","3.0.1",[115,19,20,116,23],"block","woo","http:\u002F\u002Fkowsarhossain.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwoo-email-domain-blacklist.2.0.1.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":11,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":91,"tags":133,"homepage":91,"download_link":134,"security_score":135,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"blacklist-whitelist-domains","Blacklist & Whitelist Domains for Registration","1.0","codicone","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodicone\u002F","\u003Cp>The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access to your site but also creates a log. The log helps to create new blacklist entries. The increase in your blacklist entries means a decrease in spam and security threats. So it is a great safety measure to start with.\u003C\u002Fp>\n\u003Cp>It is a very handy plugin that you can add to your WordPress site for added security. It helps you to tailor your preferences about which email addresses you want to allow for registration on your site.\u003C\u002Fp>\n\u003Cp>You can create a list of all email addresses or email domains that you wish to receive registrations. On the other hand, you can add a list for blacklist domains to not allow any registration from specific domains. Blacklisting is time-saving because most of the time you have already figured where the spam comes from. So you close those doors already. It is relatively safe also because you are not risking anything prospective.\u003C\u002Fp>\n\u003Ch4>Compatible With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>bbpress\u003C\u002Fli>\n\u003Cli>buddypress\u003C\u002Fli>\n\u003Cli>Profile Builder\u003C\u002Fli>\n\u003Cli>WP User Frontend\u003C\u002Fli>\n\u003Cli>User Registration\u003C\u002Fli>\n\u003Cli>Ultimate member\u003C\u002Fli>\n\u003C\u002Ful>\n","The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access  &hellip;",1681,60,2,"2021-12-15T18:33:00.000Z","5.8.13","4.0",[94,19,20,21,96],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-whitelist-domains.1.0.zip",85,{"attackSurface":137,"codeSignals":188,"taintFlows":199,"riskAssessment":235,"analyzedAt":243},{"hooks":138,"ajaxHandlers":184,"restRoutes":185,"shortcodes":186,"cronEvents":187,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153,157,163,166,169,173,176,180],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","aedr_add_admin_menu","includes\\class-aedr-admin.php",55,{"type":140,"name":146,"callback":147,"file":143,"line":148},"admin_init","aedr_settings_init",56,{"type":140,"name":150,"callback":151,"file":143,"line":152},"admin_enqueue_scripts","aedr_enqueue_admin_scripts",57,{"type":140,"name":154,"callback":155,"file":143,"line":156},"admin_post_aedr_export_csv","aedr_handle_export_csv",58,{"type":158,"name":159,"callback":160,"priority":161,"file":143,"line":162},"filter","registration_errors","aedr_check_email_domain",999,83,{"type":158,"name":164,"callback":165,"priority":161,"file":143,"line":98},"woocommerce_registration_errors","aedr_check_woocommerce_email_domain",{"type":158,"name":167,"callback":168,"priority":161,"file":143,"line":135},"wp_mu_validate_user_signup","aedr_check_multisite_email_domain",{"type":158,"name":170,"callback":171,"priority":172,"file":143,"line":68},"wpcf7_validate_email","aedr_wpcf7_validate_email",10,{"type":158,"name":174,"callback":171,"priority":172,"file":143,"line":175},"wpcf7_validate_email*",89,{"type":140,"name":177,"callback":178,"priority":172,"file":143,"line":179},"wpforms_process_validate_email","aedr_wpforms_validate_email",92,{"type":140,"name":181,"callback":182,"priority":172,"file":143,"line":183},"elementor_pro\u002Fforms\u002Fvalidation","aedr_elementor_validate_email",95,[],[],[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":192,"fileOperations":129,"externalRequests":13,"nonceChecks":32,"capabilityChecks":129,"bundledLibraries":198},[],{"prepared":13,"raw":13,"locations":191},[],{"escaped":193,"rawEcho":32,"locations":194},16,[195],{"file":143,"line":196,"context":197},236,"raw output",[],[200,225],{"entryPoint":201,"graph":202,"unsanitizedCount":32,"severity":224},"aedr_validate_settings (includes\\class-aedr-admin.php:401)",{"nodes":203,"edges":220},[204,209,213],{"id":205,"type":206,"label":207,"file":143,"line":208},"n0","source","$_FILES['aedr_csv_upload']",420,{"id":210,"type":211,"label":212,"file":143,"line":208},"n1","transform","→ parse_csv_domains()",{"id":214,"type":215,"label":216,"file":217,"line":218,"wp_function":219},"n2","sink","fopen() [File Access]","includes\\class-aedr-csv-processor.php",61,"fopen",[221,223],{"from":205,"to":210,"sanitized":222},false,{"from":210,"to":214,"sanitized":222},"medium",{"entryPoint":226,"graph":227,"unsanitizedCount":32,"severity":224},"\u003Cclass-aedr-admin> (includes\\class-aedr-admin.php:0)",{"nodes":228,"edges":232},[229,230,231],{"id":205,"type":206,"label":207,"file":143,"line":208},{"id":210,"type":211,"label":212,"file":143,"line":208},{"id":214,"type":215,"label":216,"file":217,"line":218,"wp_function":219},[233,234],{"from":205,"to":210,"sanitized":222},{"from":210,"to":214,"sanitized":222},{"summary":236,"deductions":237},"The advanced-email-domain-restriction plugin v1.3.0 exhibits a generally strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a minimal attack surface. The code further demonstrates good practices with 100% of SQL queries utilizing prepared statements, a high percentage of properly escaped output, and the presence of nonce and capability checks. The lack of known CVEs and past vulnerabilities suggests a history of stable and secure development.\n\nHowever, there are two areas of potential concern. The taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity, unsanitized paths can be a precursor to vulnerabilities if input is not properly validated or sanitized before use in sensitive operations. Additionally, the plugin performs two file operations. Without further context on these operations, it's impossible to definitively assess their security, but they represent potential entry points for file-related vulnerabilities if not handled with extreme care.\n\nIn conclusion, the plugin is built on a solid foundation of secure coding practices, with a minimal attack surface and good use of WordPress security features. The primary, albeit low-level, risk stems from the identified unsanitized paths. The file operations warrant closer inspection if more detail were available. The absence of historical vulnerabilities is a positive indicator, suggesting a mature and secure codebase.",[238,241],{"reason":239,"points":240},"Flows with unsanitized paths detected",8,{"reason":242,"points":47},"File operations present","2026-03-16T22:19:33.545Z",{"wat":245,"direct":256},{"assetPaths":246,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[247,248,249],"\u002Fwp-content\u002Fplugins\u002Fadvanced-email-domain-restriction\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fadvanced-email-domain-restriction\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fadvanced-email-domain-restriction\u002Fassets\u002Fjs\u002Fmultiselect.min.js",[],[248,249],[253,254,255],"advanced-email-domain-restriction\u002Fassets\u002Fcss\u002Fadmin.css?ver=","advanced-email-domain-restriction\u002Fassets\u002Fjs\u002Fadmin.js?ver=","advanced-email-domain-restriction\u002Fassets\u002Fjs\u002Fmultiselect.min.js?ver=",{"cssClasses":257,"htmlComments":265,"htmlAttributes":266,"restEndpoints":268,"jsGlobals":269,"shortcodeOutput":271},[258,259,260,261,262,263,264],"aedr-form-table","aedr-remove-entry","aedr-actions","aedr-add-entry","aedr-bulk-actions","aedr-bulk-upload","aedr-bulk-export",[],[267],"data-field",[],[270],"aedr_admin_options",[]]