[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUMTCZAhsxvupBM4raplkfiGWN-zxsZ6EdZC-HcBODLs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":33,"fingerprints":150},"atec-smtp-mail","atec SMTP Mail","1.1.24","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin hooks into WordPress Mail function and allows to configure SMTP host, credentials, port & encryption method.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Mail & host tests to check the deliverability of your mail.\u003C\u002Fli>\n\u003Cli>SPF, DMARC and host DKIM test.\u003C\u002Fli>\n\u003Cli>Sign your WP mails with your DKIM private key (DKIM signature).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Use SMTP mail instead of standard WP mail. The only plugin supporting DKIM signature.",40,1406,100,1,"2026-03-15T10:15:00.000Z","6.9.4","4.9","7.4",[20],"use-smtp-mail-instead-of-standard-wp-mail-the-only-plugin-supporting-dkim-signature","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-smtp-mail.1.1.24.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":14,"trust_score":30,"computed_at":31},16,2730,99,"2026-04-04T03:52:51.428Z",[],{"attackSurface":34,"codeSignals":93,"taintFlows":141,"riskAssessment":142,"analyzedAt":149},{"hooks":35,"ajaxHandlers":83,"restRoutes":90,"shortcodes":91,"cronEvents":92,"entryPointCount":14,"unprotectedCount":14},[36,42,45,48,52,55,59,61,66,70,74,78,81],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_menu","closure","atec-smtp-mail.php",30,{"type":37,"name":43,"callback":39,"file":40,"line":44},"admin_init",32,{"type":37,"name":46,"callback":39,"file":40,"line":47},"plugins_loaded",39,{"type":37,"name":49,"callback":39,"file":50,"line":51},"admin_enqueue_scripts","includes\\ATEC\\INIT.php",563,{"type":37,"name":53,"callback":39,"file":50,"line":54},"admin_notices",646,{"type":37,"name":56,"callback":39,"priority":57,"file":50,"line":58},"admin_footer",10,687,{"type":37,"name":53,"callback":39,"file":50,"line":60},719,{"type":37,"name":62,"callback":63,"priority":57,"file":64,"line":65},"wp_mail_failed","on_mail_error","includes\\atec-wpsm-mail-test.php",72,{"type":37,"name":67,"callback":39,"file":68,"line":69},"phpmailer_init","includes\\atec-wpsm-smtp-mail.php",96,{"type":71,"name":72,"callback":39,"file":68,"line":73},"filter","wp_mail_from",237,{"type":71,"name":75,"callback":39,"priority":76,"file":68,"line":77},"wp_mail",20,243,{"type":37,"name":79,"callback":39,"priority":57,"file":68,"line":80},"wp_mail_succeeded",285,{"type":37,"name":62,"callback":39,"priority":57,"file":68,"line":82},305,[84],{"action":85,"nopriv":86,"callback":87,"hasNonce":86,"hasCapCheck":86,"file":88,"line":89},"atec_admin_notice_dismiss",false,"dismiss_notice","includes\\ATEC\\LOADER.php",109,[],[],[],{"dangerousFunctions":94,"sqlUsage":95,"outputEscaping":116,"fileOperations":137,"externalRequests":14,"nonceChecks":138,"capabilityChecks":139,"bundledLibraries":140},[],{"prepared":96,"raw":96,"locations":97},7,[98,102,104,107,109,112,114],{"file":99,"line":100,"context":101},"includes\\ATEC\\DB.php",120,"$wpdb->query() with variable interpolation",{"file":99,"line":103,"context":101},121,{"file":99,"line":105,"context":106},137,"$wpdb->get_var() with variable interpolation",{"file":99,"line":108,"context":106},160,{"file":99,"line":110,"context":111},171,"$wpdb->get_results() with variable interpolation",{"file":99,"line":113,"context":101},185,{"file":99,"line":115,"context":101},197,{"escaped":117,"rawEcho":118,"locations":119},340,6,[120,124,126,128,131,134],{"file":121,"line":122,"context":123},"includes\\ATEC\\CHECK.php",73,"raw output",{"file":121,"line":125,"context":123},111,{"file":121,"line":127,"context":123},124,{"file":129,"line":130,"context":123},"includes\\ATEC\\PAGINA.php",56,{"file":132,"line":133,"context":123},"includes\\ATEC\\SVG.php",562,{"file":135,"line":136,"context":123},"includes\\ATEC\\TOOLS.php",1208,15,2,5,[],[],{"summary":143,"deductions":144},"The 'atec-smtp-mail' plugin version 1.1.25 exhibits a generally good security posture with several positive indicators. The vast majority of output is properly escaped, and the plugin doesn't appear to bundle outdated libraries or make excessive external HTTP requests.  The absence of known CVEs and past vulnerabilities is also a strong positive sign, suggesting a history of secure development.  However, a significant concern arises from the static analysis, which reveals one AJAX handler that lacks authentication checks. This represents a direct entry point into the plugin's functionality that could be exploited by unauthenticated users, potentially leading to unintended actions or information disclosure if the handler's functionality is sensitive. The relatively small number of total entry points makes this single unprotected handler a proportionally larger risk.\n\nWhile the taint analysis shows no critical or high-severity flows, the presence of an unprotected AJAX handler warrants careful attention. The code signals indicate a moderate use of prepared statements for SQL queries, but the existence of raw SQL without proper preparation could still pose a risk, especially if the unprotected AJAX handler interacts with the database in any way.  The plugin also uses nonce and capability checks for some of its operations, which is good practice, but their absence on the identified AJAX handler is a clear weakness.  In conclusion, the plugin has strengths in its output escaping and lack of vulnerability history, but the unprotected AJAX handler presents a notable risk that needs to be addressed to improve the overall security.",[145,147],{"reason":146,"points":57},"Unprotected AJAX handler",{"reason":148,"points":139},"SQL queries: 50% not using prepared statements","2026-03-16T22:05:53.052Z",{"wat":151,"direct":162},{"assetPaths":152,"generatorPatterns":156,"scriptPaths":157,"versionParams":158},[153,154,155],"\u002Fwp-content\u002Fplugins\u002Fatec-smtp-mail\u002Fincludes\u002FATEC\u002Fload.js","\u002Fwp-content\u002Fplugins\u002Fatec-smtp-mail\u002Fincludes\u002FATEC\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fatec-smtp-mail\u002Fincludes\u002FATEC\u002Fsvg.js",[],[153,154,155],[159,160,161],"atec-smtp-mail\u002Fincludes\u002FATEC\u002Fload.js?ver=","atec-smtp-mail\u002Fincludes\u002FATEC\u002Fadmin.js?ver=","atec-smtp-mail\u002Fincludes\u002FATEC\u002Fsvg.js?ver=",{"cssClasses":163,"htmlComments":164,"htmlAttributes":165,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":171},[],[],[166],"data-wp-hooks",[],[169,170],"ATEC_INIT","ATEC_LOADER",[]]