[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIHn8sd0CYIr0moOStL9akqMDplWIBo7Fo-T4AR0Dx_c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":205,"crawl_stats":38,"alternatives":213,"analysis":323,"fingerprints":1324},"bft-autoresponder","Arigato Autoresponder and Newsletter","2.7.2.7","Bob","https:\u002F\u002Fprofiles.wordpress.org\u002Fprasunsen\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fcalendarscripts.info\u002Fbft-pro\u002F\" title=\"Go Pro\" rel=\"nofollow ugc\">Arigato PRO\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbft-autoresponder\u002F#faq\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This powerful email marketing plugin allows scheduling of automated autoresponder messages and newsletters, and managing a mailing list. Use it for all kind of drip marketing campaigns, email based courses, product or service updates, and many more.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPgGGxnDAEpY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Unlimited number of subscribers\u003C\u002Fli>\n\u003Cli>Unlimited number of newsletters\u003C\u002Fli>\n\u003Cli>Unlimited number of auto-responder \u002F drip marketing email messages\u003C\u002Fli>\n\u003Cli>Import and exports members from \u002F to CSV file\u003C\u002Fli>\n\u003Cli>Send messages X days after user registration\u003C\u002Fli>\n\u003Cli>Send messages on fixed dates\u003C\u002Fli>\n\u003Cli>Send newsletters \u002F news flashes\u003C\u002Fli>\n\u003Cli>Add attachments\u003C\u002Fli>\n\u003Cli>Double opt-in\u003C\u002Fli>\n\u003Cli>Google reCaptcha against spam\u003C\u002Fli>\n\u003Cli>Question based captcha\u003C\u002Fli>\n\u003Cli>Selected user role can manage the auto-responder\u003C\u002Fli>\n\u003Cli>Sends hooks for integration with other plugins\u003C\u002Fli>\n\u003Cli>Redirecting after registration\u003C\u002Fli>\n\u003Cli>Optional admin notifications on subscribe \u002F unsubscribe\u003C\u002Fli>\n\u003Cli>Automatically subscribe users who register on your site \u002F blog (optional)\u003C\u002Fli>\n\u003Cli>Automatically create WP user accounts for mailing list subscribers (optional)\u003C\u002Fli>\n\u003Cli>Optional public newsletters archive\u003C\u002Fli>\n\u003Cli>Detailed email log\u003C\u002Fli>\n\u003Cli>Compatible with all SMTP plugins: will send emails through them\u003C\u002Fli>\n\u003Cli>GDPR compliance features\u003C\u002Fli>\n\u003Cli>Webhooks for integration to CRM and any other systemsthrough Zapier and similar services \u003C\u002Fli>\n\u003Cli>PHP 6, PHP 7, PHP 8 compatible\u003C\u002Fli>\n\u003Cli>Always updated and supported\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Integrations\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Built-in integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" title=\"Contact Form 7\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Built-in integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjetpack\u002F\" title=\"Jetpack\" rel=\"ugc\">Jetpack Contact Form\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Built-in integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fninja-forms\u002F\" title=\"Ninja Forms\" rel=\"ugc\">Ninja Forms\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Built-in integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fformidable\u002F\" title=\"Formidable Forms\" rel=\"ugc\">Formidable Forms\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Built-in integration with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" title=\"WPForms\" rel=\"ugc\">WPForms\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>The plugin will send the following hooks:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>do_action(‘arigato_subscribed’, $status, $user_id) – when an user subscribes. The variable $status is true when the subscription is immediately activated and false if email confirmation is required,\u003C\u002Fli>\n\u003Cli>do_action(‘arigato_confirmed’, $member->id) – when a subscriber confirms their email address.\u003C\u002Fli>\n\u003Cli>do_action(‘arigato_unsubscribed’, $user) – when a subscriber unsubscribes. Sends the user object and not the ID so you don’t need to run  a select query with this action.\u003C\u002Fli>\n\u003Cli>do_action(‘arigato_welcome_email’, $user_id, $mail, $user) – when the user receives a welcome (first “0 days” email). \u003C\u002Fli>\n\u003Cli>do_action(‘arigato_subscribed’, $status, $user_id) – called when the new user subscribes. The argument $status is true when the subscriber is already activated and false when double optin confirmation is expected.\u003C\u002Fli>\n\u003Cli>do_action(“arigato_cron_job_ran”) – called when the plugin completes the cron job (once on each run). No arguments passed.\u003C\u002Fli>\n\u003Cli>do_action(“arigato_sent_newsletter”, $newsletter_id, $num_mails_sent) – called after sending newsletter. Passes the newsletter ID and the number of emails sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Community Translations\u003C\u002Fh4>\n\u003Cp>Swedish translation available thanks to Patrik: \u003Ca href=\"http:\u002F\u002Fcalendarscripts.info\u002Ffree\u002Fwordpress\u002Fbroadfast-sv_SE.po\" title=\".po file\" rel=\"nofollow ugc\">.po\u003C\u002Fa> \u002F \u003Ca href=\"http:\u002F\u002Fcalendarscripts.info\u002Ffree\u002Fwordpress\u002Fbroadfast-sv_SE.mo\" title=\".mo file\" rel=\"nofollow ugc\">.mo\u003C\u002Fa>\u003Cbr \u002F>\nGerman translation available thanks to @mpek: \u003Ca href=\"http:\u002F\u002Fcalendarscripts.info\u002Ffree\u002Fwordpress\u002Fbroadfast-de_DE.po\" title=\".po file\" rel=\"nofollow ugc\">.po\u003C\u002Fa> \u002F \u003Ca href=\"http:\u002F\u002Fcalendarscripts.info\u002Ffree\u002Fwordpress\u002Fbroadfast-de_DE.mo\" title=\".mo file\" rel=\"nofollow ugc\">.mo\u003C\u002Fa>\u003Cbr \u002F>\nJapanese translation is included thanks to \u003Ca href=\"https:\u002F\u002Fwww.eigochat.jp\u002F\" rel=\"nofollow ugc\">Takeshi Abe\u003C\u002Fa>\u003C\u002Fp>\n","This plugin allows scheduling of automated autoresponder messages \u002F drip marketing messages, instant newsletters, and managing a mailing list.",600,118150,94,34,"2025-08-14T14:25:00.000Z","6.8.5","5.0","8.0",[20,21,22,23,24],"auto-responder","autoresponder","contact-form","mailing-list","newsletter","http:\u002F\u002Fcalendarscripts.info\u002Fbft-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbft-autoresponder.2.7.2.7.zip",58,18,1,"2025-04-17 00:00:00","2026-03-15T15:16:48.613Z",[33,49,64,77,91,100,111,124,137,148,154,160,165,170,179,188,194,199],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-39594","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-6","Arigato Autoresponder and Newsletter \u003C= 2.7.2.4 - Reflected Cross-Site Scripting","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=2.7.2.4","2.7.2.5","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-21 20:15:27",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf7f5e86-3e88-4fb1-942d-f755ae60f088?source=api-prod",5,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"CVE-2024-34823","arigato-autoresponder-and-newsletter-cross-site-request-forgery-2","Arigato Autoresponder and Newsletter \u003C= 2.7.2.3 - Cross-Site Request Forgery","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2.3. This is due to missing or incorrect nonce validation on the contact_form() function. This makes it possible for unauthenticated attackers to modify contact form details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=2.7.2.3","2.7.2.4",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-05-09 00:00:00","2024-05-15 20:01:59",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc4e0ba71-74dc-414a-9c4e-ad07448e2f18?source=api-prod",7,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":41,"cvss_score":56,"cvss_vector":71,"vuln_type":58,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76},"CVE-2023-47686","arigato-autoresponder-and-newsletter-cross-site-request-forgery","Arigato Autoresponder and Newsletter \u003C= 2.7.2.2 - Cross-Site Request Forgery","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.2.2. This is due to missing or incorrect nonce validation on the bft_log() function. This makes it possible for unauthenticated attackers to trigger the view of all raw email logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. We do not consider this to be a real security issue as it appears to be a \"view-only\" CSRF.","\u003C=2.7.2.2","2.7.2.3","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:L\u002FI:N\u002FA:N","2023-11-09 00:00:00","2024-01-22 19:56:02",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1bf798b5-2a5c-42d9-a4b3-d3ed056e1fdb?source=api-prod",75,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":84,"cvss_score":85,"cvss_vector":86,"vuln_type":44,"published_date":87,"updated_date":73,"references":88,"days_to_patch":90},"CVE-2023-25020","arigato-autoresponder-and-newsletter-unauthenticated-stored-cross-site-scripting","Arigato Autoresponder and Newsletter \u003C= 2.7.1 - Unauthenticated Stored Cross-Site Scripting","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.7.1","2.7.1.1","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-02-06 00:00:00",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F00fa12c7-5814-45f3-a35e-363cd0920e43?source=api-prod",351,{"id":92,"url_slug":93,"title":94,"description":95,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":41,"cvss_score":96,"cvss_vector":97,"vuln_type":44,"published_date":87,"updated_date":73,"references":98,"days_to_patch":90},"CVE-2023-25031","arigato-autoresponder-and-newsletter-authenticated-admin-stored-cross-site-scripting","Arigato Autoresponder and Newsletter \u003C= 2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N",[99],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb1db421d-d935-4441-ae5e-cc01123e80e8?source=api-prod",{"id":101,"url_slug":102,"title":103,"description":104,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":41,"cvss_score":105,"cvss_vector":106,"vuln_type":44,"published_date":107,"updated_date":73,"references":108,"days_to_patch":110},"CVE-2023-25061","arigato-autoresponder-and-newsletter-authenticated-contributor-stored-cross-site-scripting","Arigato Autoresponder and Newsletter \u003C= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-02-02 00:00:00",[109],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7ef79c77-53e7-439d-985a-786eb73c44eb?source=api-prod",355,{"id":112,"url_slug":113,"title":114,"description":115,"plugin_slug":4,"theme_slug":38,"affected_versions":116,"patched_in_version":117,"severity":41,"cvss_score":118,"cvss_vector":119,"vuln_type":44,"published_date":120,"updated_date":73,"references":121,"days_to_patch":123},"CVE-2023-0543","arigato-autoresponder-and-newsletter-authenticated-admin-stored-cross-site-scripting-2","Arigato Autoresponder and Newsletter \u003C= 2.1.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The Arigato Autoresponder and Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$user->email’ parameter in versions up to, and including, 2.1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with admin level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.1.7.1","2.1.7.2",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-01-31 00:00:00",[122],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff4dbab86-926d-4438-8310-19373c9bdd99?source=api-prod",357,{"id":125,"url_slug":126,"title":127,"description":128,"plugin_slug":4,"theme_slug":38,"affected_versions":129,"patched_in_version":38,"severity":130,"cvss_score":131,"cvss_vector":132,"vuln_type":133,"published_date":134,"updated_date":73,"references":135,"days_to_patch":38},"CVE-2018-18461","arigato-autoresponder-and-newsletter-arbitrary-file-upload","Arigato Autoresponder and Newsletter \u003C= 2.7 - Arbitrary File Upload","The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models\u002Fattachment.php.This plugin does not appear to be patched based on our review.","\u003C=*","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2018-10-17 00:00:00",[136],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1d87d225-7de4-49f8-9cba-391d718af7fd?source=api-prod",{"id":138,"url_slug":139,"title":140,"description":141,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":145,"days_to_patch":147},"CVE-2018-1002007","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting","Arigato Autoresponder and Newsletter \u003C= 2.5.1.8 - Reflected Cross-Site Scripting","There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.","\u003C=2.5.1.8","2.5.1.9","2018-09-18 00:00:00",[146],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27bf9abc-b715-442e-9353-ec2154f658c1?source=api-prod",1953,{"id":149,"url_slug":150,"title":140,"description":151,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":152,"days_to_patch":147},"CVE-2018-1002009","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-2","There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.",[153],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F755b53e4-051a-4a25-8fd9-fe10c28acc25?source=api-prod",{"id":155,"url_slug":156,"title":140,"description":157,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":158,"days_to_patch":147},"CVE-2018-1002002","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-3","There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.",[159],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7863f63c-11b5-43ac-9d68-8eb9925cdf7e?source=api-prod",{"id":161,"url_slug":162,"title":140,"description":157,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":163,"days_to_patch":147},"CVE-2018-1002004","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-4",[164],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8ea087a7-197b-4dbe-b551-8074a0ea23ba?source=api-prod",{"id":166,"url_slug":167,"title":140,"description":157,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":168,"days_to_patch":147},"CVE-2018-1002003","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-5",[169],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F92474491-b9fa-49f8-9256-8400af9eef95?source=api-prod",{"id":171,"url_slug":172,"title":173,"description":174,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":84,"cvss_score":85,"cvss_vector":175,"vuln_type":176,"published_date":144,"updated_date":73,"references":177,"days_to_patch":147},"CVE-2018-1002000","arigato-autoresponder-and-newsletter-sql-injection","Arigato Autoresponder and Newsletter \u003C= 2.5.1.8 - SQL Injection","There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",[178],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb4939efc-889a-4d1d-b916-dcf3b064dc81?source=api-prod",{"id":180,"url_slug":181,"title":182,"description":183,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":184,"cvss_vector":185,"vuln_type":44,"published_date":144,"updated_date":73,"references":186,"days_to_patch":147},"CVE-2018-1002006","arigato-autoresponder-and-newsletter-cross-site-scripting","Arigato Autoresponder and Newsletter \u003C= 2.5.1.8 - Cross-Site Scripting","These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N",[187],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fba677822-a588-484e-a0aa-a9eda2954d01?source=api-prod",{"id":189,"url_slug":190,"title":140,"description":191,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":192,"days_to_patch":147},"CVE-2018-1002008","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-7","There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.",[193],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc6f7da0b-cc2c-43e5-8ae9-ef7d6d6f0ae9?source=api-prod",{"id":195,"url_slug":196,"title":140,"description":157,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":144,"updated_date":73,"references":197,"days_to_patch":147},"CVE-2018-1002001","arigato-autoresponder-and-newsletter-reflected-cross-site-scripting-8",[198],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe77bb0b8-e101-4230-b707-10a3a126192d?source=api-prod",{"id":200,"url_slug":201,"title":182,"description":202,"plugin_slug":4,"theme_slug":38,"affected_versions":142,"patched_in_version":143,"severity":41,"cvss_score":184,"cvss_vector":185,"vuln_type":44,"published_date":144,"updated_date":73,"references":203,"days_to_patch":147},"CVE-2018-1002005","arigato-autoresponder-and-newsletter-cross-site-scripting-2","These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.",[204],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffb6719d8-18d2-4fa3-9b52-ba11cf567bb2?source=api-prod",{"slug":206,"display_name":7,"profile_url":8,"plugin_count":207,"total_installs":208,"avg_security_score":209,"avg_patch_time_days":210,"trust_score":211,"computed_at":212},"prasunsen",9,4810,81,725,66,"2026-04-04T15:25:25.215Z",[214,240,256,280,302],{"slug":215,"name":216,"version":217,"author":218,"author_profile":219,"description":220,"short_description":221,"active_installs":222,"downloaded":223,"rating":224,"num_ratings":225,"last_updated":226,"tested_up_to":227,"requires_at_least":228,"requires_php":229,"tags":230,"homepage":234,"download_link":235,"security_score":236,"vuln_count":237,"unpatched_count":238,"last_vuln_date":239,"fetched_at":31},"integrate-contact-form-7-and-aweber","Connect Contact Form 7 and AWeber","026.02.10.1905","Renzo Johnson","https:\u002F\u002Fprofiles.wordpress.org\u002Frnzo\u002F","\u003Cp>Connect Contact Form 7 and AWeber allows you to automatically add form submissions to your AWeber mailing lists using the latest AWeber API. This extension supports multiple mailing lists and API keys, making it easy to manage your email marketing directly from your WordPress forms.\u003C\u002Fp>\n\u003Cp>Whether you’re building your newsletter audience or capturing leads, this plugin bridges the gap between your Contact Form 7 forms and your AWeber account.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy setup and configuration\u003C\u002Fli>\n\u003Cli>Use different mailing lists for each contact form\u003C\u002Fli>\n\u003Cli>Single opt-in (no confirmation email)\u003C\u002Fli>\n\u003Cli>Double opt-in (confirmation email sent to subscribers)\u003C\u002Fli>\n\u003Cli>Optional opt-in checkbox for GDPR compliance\u003C\u002Fli>\n\u003Cli>Support for AWeber custom fields\u003C\u002Fli>\n\u003Cli>Latest AWeber API integration\u003C\u002Fli>\n\u003Cli>Regular updates and maintenance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Coming Soon\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Support for AWeber groups\u003C\u002Fli>\n\u003Cli>Support for AWeber segments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.4 or higher\u003C\u002Fli>\n\u003Cli>Contact Form 7 5.0 or higher\u003C\u002Fli>\n\u003Cli>An active AWeber account\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For setup instructions and detailed documentation, visit the \u003Ca href=\"https:\u002F\u002Frenzojohnson.com\u002Fcontributions\u002Fcontact-form-7-aweber-extension\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Need help? Visit our \u003Ca href=\"https:\u002F\u002Fchimpmatic.com\u002Fcontact\" rel=\"nofollow ugc\">support page\u003C\u002Fa> to get assistance.\u003C\u002Fp>\n\u003Ch4>Third-Party Service\u003C\u002Fh4>\n\u003Cp>This plugin connects to the AWeber API to manage your email subscribers. When a form is submitted, subscriber data (email, name, and any mapped custom fields) is sent to AWeber’s servers.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AWeber Service: \u003Ca href=\"https:\u002F\u002Fwww.aweber.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aweber.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>AWeber Terms of Service: \u003Ca href=\"https:\u002F\u002Fwww.aweber.com\u002Fterms-of-service.htm\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aweber.com\u002Fterms-of-service.htm\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>AWeber Privacy Policy: \u003Ca href=\"https:\u002F\u002Fwww.aweber.com\u002Fprivacy.htm\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.aweber.com\u002Fprivacy.htm\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using this plugin, you agree to AWeber’s terms of service and privacy policy.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This plugin is developed and maintained independently. It is not affiliated with, endorsed by, or officially connected to AWeber Communications, Inc. or the Contact Form 7 development team. “AWeber” is a registered trademark of AWeber Communications, Inc. “Contact Form 7” is developed by Takayuki Miyoshi.\u003C\u002Fp>\n","Integrate AWeber mailing lists with Contact Form 7. Automatically add form subscribers to your AWeber lists.",300,54416,50,8,"2026-03-02T16:04:00.000Z","6.9.4","6.4","7.4",[231,232,233,23,24],"aweber","contact-form-7","email-marketing","https:\u002F\u002Frenzojohnson.com\u002Fcontributions\u002Fcontact-form-7-aweber-extension","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrate-contact-form-7-and-aweber.026.02.10.1905.zip",98,2,0,"2025-11-07 00:00:00",{"slug":241,"name":242,"version":243,"author":218,"author_profile":219,"description":244,"short_description":245,"active_installs":246,"downloaded":247,"rating":238,"num_ratings":238,"last_updated":248,"tested_up_to":227,"requires_at_least":249,"requires_php":229,"tags":250,"homepage":253,"download_link":254,"security_score":255,"vuln_count":238,"unpatched_count":238,"last_vuln_date":38,"fetched_at":31},"cf7-icontact-extension","Integrate Contact Form 7 and iContact","026.02.10.1909","\u003Cp>This plugin connects Contact Form 7 to iContact. When a visitor submits your form, their information is automatically added to your iContact list—no manual exports required.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple setup with iContact API credentials\u003C\u002Fli>\n\u003Cli>Use different iContact lists for different forms\u003C\u002Fli>\n\u003Cli>Single or double opt-in support\u003C\u002Fli>\n\u003Cli>Opt-in checkbox option\u003C\u002Fli>\n\u003Cli>Custom field mapping\u003C\u002Fli>\n\u003Cli>Lightweight and fast\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.2 or higher\u003C\u002Fli>\n\u003Cli>Contact Form 7 6.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>iContact account with API access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disclaimer\u003C\u002Fh3>\n\u003Cp>This plugin is an independent project by Renzo Johnson. It is \u003Cstrong>not\u003C\u002Fstrong> affiliated with, sponsored by, or endorsed by Contact Form 7, Takayuki Miyoshi, iContact, or any related companies. All trademarks belong to their respective owners.\u003C\u002Fp>\n","Connect Contact Form 7 to iContact. Automatically add form submissions to your iContact mailing lists.",40,7650,"2026-03-02T16:07:00.000Z","6.2",[22,251,252,23,24],"form-integration","icontact","http:\u002F\u002Frenzojohnson.com\u002Fcontributions\u002Fcontact-form-7-icontact-extension","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-icontact-extension.026.02.10.1909.zip",100,{"slug":257,"name":258,"version":259,"author":260,"author_profile":261,"description":262,"short_description":263,"active_installs":264,"downloaded":265,"rating":266,"num_ratings":267,"last_updated":268,"tested_up_to":269,"requires_at_least":270,"requires_php":271,"tags":272,"homepage":276,"download_link":277,"security_score":266,"vuln_count":278,"unpatched_count":238,"last_vuln_date":279,"fetched_at":31},"creative-mail-by-constant-contact","Creative Mail – Easier WordPress & WooCommerce Email Marketing","1.6.9","Constant Contact","https:\u002F\u002Fprofiles.wordpress.org\u002Fconstantcontact\u002F","\u003Cp>Creative Mail was designed specifically for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Our intelligent (and super fun) email editor simplifies email marketing campaign creation and pulls your WordPress blog posts, website images and WooCommerce products right into your email content. Leads from your WordPress website, ecommerce store and contact forms are automatically captured and routed into our included Contacts CRM and synced with your email marketing lists.\u003C\u002Fp>\n\u003Cp>It’s perfect for automatic blog post syndication, newsletters and announcements, event promotion, WooCommerce product specials, retargeting ecommerce shoppers, sending postcards, providing updates and more.\u003C\u002Fp>\n\u003Cp>Create awesome email marketing campaigns right from your WordPress Admin Dashboard that are all powered by the award-winning & rock-solid reliability of Newfold Digital.\u003C\u002Fp>\n\u003Ch3>CREATIVE MAIL IS:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Incredibly easy WordPress email marketing\u003C\u002Fli>\n\u003Cli>Deeply connected to your website & WooCommerce store\u003C\u002Fli>\n\u003Cli>Accessed from within your WP Admin Dashboard\u003C\u002Fli>\n\u003Cli>Automatically syncing your contacts and building your marketing lists\u003C\u002Fli>\n\u003Cli>Fun, which makes life way better\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\u002Fplans\" rel=\"nofollow ugc\">VIEW OUR DETAILED FEATURES\u003C\u002Fa>\u003C\u002Fh3>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">WOOCOMMERCE & WORDPRESS INTEGRATION\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cp>Turn your WooCommerce store and your WordPress site into efficient marketing engines. All ecommerce contacts and form entries are all captured in our included CRM and synced automatically with Creative Mail.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced Ecommerce:\u003C\u002Fstrong> WooCommerce store customers and ecommerce interactions are all captured automatically within your email marketing list. Retarget and re-engage your customers. Sell more stuff.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beautiful Transactional Emails:\u003C\u002Fstrong> Standard WooCommerce triggered emails can be replaced to match your branding and style. Build one, and then all your other WooCommerce emails managed by Creative will inherit the same branded look. Hey, style matters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Jetpack Forms Integration:\u003C\u002Fstrong> Collect, sync, and manage opt-in subscribers directly from Jetpack forms into Creative Mail.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Better Branding:\u003C\u002Fstrong> Creative Mail includes our free LogoBuilder and image editing suite to enhance your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Amazing Stock Images:\u003C\u002Fstrong> You get free access to the completely integrated photo library (in addition to your own WordPress media library) to make amazing email marketing campaigns with award-winning images.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get Better Deliverability:\u003C\u002Fstrong> Other email marketing solutions require complex SMTP solutions, external gateways or have you sending from their less than stellar IPs. As a result, your emails can get bounced or never delivered. Creative Mail is an all-in-one solution that uses a rock solid infrastructure, for superior deliverability. Boom! ‘nuff said.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Support:\u003C\u002Fstrong> With our paid plans (Awesome & Ultimate) you get access to phone and chat support to help you get answers from real live, helpful humans. Imagine that!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">OPT-IN  EMAIL FORMS\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Jetpack Newsletter Form:\u003C\u002Fstrong> Jetpack has a JMML (join my mailing list) Newsletter Signup form. When activated, contacts who sign up for your Newsletter through the Jetpack form are brought right into your Newsletter email marketing list. Easy-peasy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Other WordPress Website Forms:\u003C\u002Fstrong> Creative Mail detects the current website forms used on your site, and automatically adds contacts to your email marketing lists. Automagically awesome!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Creative Mail Form:\u003C\u002Fstrong> If you are not using a form on your site, you can easily add your Creative Mail Gutenberg form to start collecting email addresses of your site visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">EMAIL AUTOMATIONS\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Scheduled Sends:\u003C\u002Fstrong> Schedule the time and date of outgoing email marketing campaigns based on your business or organization’s preferences.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single-Step Triggered Emails:\u003C\u002Fstrong> Replace your non-branded WooCommerce order notification triggered emails with on-brand Creative Mail emails for deeper customer engagement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Abandoned Cart:\u003C\u002Fstrong> With Creative Mail and a WooCommerce store you can send emails to customers who abandon their WooCommerce shopping cart. They’ll get an email that reminds them of the items they were considering before they left.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Step Marketing Journeys:\u003C\u002Fstrong> Develop sophisticated CLM (that’s marketing speak for – customer lifecycle marketing) campaigns by leveraging our “if this, then that” campaign automation engine that responds to a customer’s actions, birthdays or purchases. Welcome your customers with email automation.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">ANALYTICS & INSIGHTS\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Realtime Email Marketing Statistics:\u003C\u002Fstrong> Bounces, opens, clicks, forwards, complaints, unsubscribes and more are easily tracked and managed. Be a control freak, it’s OK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Marketing Campaign Mapview:\u003C\u002Fstrong> With our mapview you can see who’s opening your  emails on what devices on an awesome, interactive visual map.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">CONTACTS CRM\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Contact Lists:\u003C\u002Fstrong> Within the Creative Mail Contacts CRM you can quickly and easily manage all your Contacts, Subscribers and Unsubscribes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contact Activity:\u003C\u002Fstrong> Drill into the purchases and behaviors of your contacts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>List Sources:\u003C\u002Fstrong> You’ll know where your contacts come from whether it’s a manual entry, your Jetpack forms, WooCommerce Store, or another defined source.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Labels:\u003C\u002Fstrong> Further refine your marketing by adding custom labels to subscribers or customers (ex. Truck Buyers, Concert Attendee, Dog Owners, etc.).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">IMPORT & EXPORT\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Contacts Sync & Import:\u003C\u002Fstrong> No need anymore for complex integrations between your WordPress site and your email marketing provider. With Creative Mail it all simply works with WordPress out of the box. We do the heavy lifting to sync and import your Jetpack, WordPress, WooCommerce and most used Contact form plugins contacts automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import & Export Via CSV:\u003C\u002Fstrong> Import bulk email marketing lists (limits may apply), add subscribers one by one, or export your contacts into a CSV file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">CAMPAIGNS\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI Emails:\u003C\u002Fstrong> Forget templates, let our A.I. build your email marketing campaigns for you. Pull in WordPress posts or WooCommerce products for sale, and you’re good to go. Let our robots do your bidding!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Campaign Creation:\u003C\u002Fstrong> Build your email marketing campaigns in seconds from your WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Awesome Deliverability:\u003C\u002Fstrong> All email marketing campaigns are sent and delivered by the award-winning power of Newfold Digital technology. We got you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automated Email Marketing:\u003C\u002Fstrong> Send multistep email campaigns automatically, with triggers you define, whether that’s based on time, a customer birthday or behavioral actions. Create a flow to welcome your customers and send a special discount and reminder on their birthday.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Ca href=\"https:\u002F\u002Fwww.creativemail.com\" rel=\"nofollow ugc\">EMAIL LIST MANAGEMENT\u003C\u002Fa>:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Contact List Growth:\u003C\u002Fstrong> Creative Mail collects leads from Jetpack forms or the top WordPress lead capture forms and adds them directly to your email lists.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automate Emails:\u003C\u002Fstrong> With our “Welcome” email trigger you can send a Creative Mail welcome email series to new subscribers and blog readers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto List Updater:\u003C\u002Fstrong> Creative Mail automatically updates your contact lists for unsubscribes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ADD ONS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Social Campaigns:\u003C\u002Fstrong> Connect your social media accounts with your Creative Mail account to share your newsletters with your followers on social.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Marketing Calendar:\u003C\u002Fstrong> With your socials connected we give you an overview of all the newsletters and posts that you’ve sent and scheduled. An easy overview to engage with your audience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Booking:\u003C\u002Fstrong> Set up Bookings for your business with the Bookings tool. Give clients and customers an easy, quick way to set up appointments with you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>LogoBuilder:\u003C\u002Fstrong> Create an amazing logo for your business or social with LogoBuilder and add it to your email campaigns.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TERMS OF SERVICE & PRIVACY NOTICE\u003C\u002Fh3>\n\u003Cp>On behalf of our lawyers (seriously, they’re nice people), please feel free to review our:\u003C\u002Fp>\n\u003Cp>Creative Mail \u003Ca href=\"https:\u002F\u002Fwww.bluehost.com\u002Fterms\u002Fuser-agreement\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003Cbr \u002F>\nCreative Mail \u003Ca href=\"https:\u002F\u002Fnewfold.com\u002Fprivacy-center\" rel=\"nofollow ugc\">Privacy Notice\u003C\u002Fa>\u003C\u002Fp>\n","Creative Mail was designed specifically for WordPress and WooCommerce. Our intelligent (and super fun) email editor simplifies email marketing campaig …",300000,21790763,90,391,"2024-05-06T20:38:00.000Z","6.5.8","4.9","7.3",[22,273,274,24,275],"email","marketing","subscribe","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcreative-mail-by-constant-contact\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcreative-mail-by-constant-contact.1.6.9.zip",3,"2022-10-28 00:00:00",{"slug":281,"name":282,"version":283,"author":284,"author_profile":285,"description":286,"short_description":287,"active_installs":288,"downloaded":289,"rating":290,"num_ratings":48,"last_updated":291,"tested_up_to":227,"requires_at_least":292,"requires_php":293,"tags":294,"homepage":293,"download_link":298,"security_score":299,"vuln_count":300,"unpatched_count":238,"last_vuln_date":301,"fetched_at":31},"lead-form-builder","Lead Form Builder & Contact Form","2.1.0","ThemeHunk","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemehunk\u002F","\u003Cp>\u003Cstrong>Best WordPress Contact Form Plugin to create beautiful contact froms.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ThemeHunk : Lead Form Builder Plugin is a contact form builder as well as lead generator. Contact Form plugin is compatible with all page builders like Elementor, Brizy, SiteOrigin, Gutenburg etc. Lead Form Builder allows you to create beautiful contact forms. Plugin comes with nearly all field options required to create Contact form, Registration form, News letter and contain Ajax based drag & drop field ordering.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.themehunk.com\u002Fdocs\u002Flead-form\u002F\" rel=\"nofollow ugc\">Check Documentation\u003C\u002Fa> |  \u003Ca href=\"https:\u002F\u002Fwpthemes.themehunk.com\u002Flead-form-builder-pro\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fthemehunk.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:-\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create unlimited contact forms for unlimited sites.\u003C\u002Fli>\n\u003Cli>Lead Form Styler Elementor addon available.\u003C\u002Fli>\n\u003Cli>Create contact forms with 9 field types: text(name), email, url, number, textarea(message), radio, checkbox, date, and dropdown.\u003C\u002Fli>\n\u003Cli>Use prebuild forms or add your own. A contact form template is included.\u003C\u002Fli>\n\u003Cli>Three form sizing options available (small, medium, large). \u003C\u002Fli>\n\u003Cli>Send unlimited email notifications, including autoresponders to the form submitter.\u003C\u002Fli>\n\u003Cli>View created contact form from the back-end before publishing it live.\u003C\u002Fli>\n\u003Cli>Three lead receiving methods (Receive Leads in Email, Save Leads in database(you can see all leads in the lead option), Receive Leads in Email and Save in database).\u003C\u002Fli>\n\u003Cli>Send forms to the trash.\u003C\u002Fli>\n\u003Cli>Generate easy to use shortcode.\u003C\u002Fli>\n\u003Cli>Drag and drop field ordering available.\u003C\u002Fli>\n\u003Cli>reCAPTCHA integrate to secure you site.\u003C\u002Fli>\n\u003Cli>Option to set default value as a placeholder(which disappear when clicked). \u003C\u002Fli>\n\u003Cli>Separate “from”, “to” mail settings available for “Admin” and “User”.\u003C\u002Fli>\n\u003Cli>Name your form according to it’s use or location.\u003C\u002Fli>\n\u003Cli>Insert your forms on a page, post, or widget using a shortcode [lead-form form-id=X title=form name]\u003C\u002Fli>\n\u003Cli>Separate lead management available. View leads separately for each form.\u003C\u002Fli>\n\u003Cli>24×7 support available for free product too. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Lead Form Builder Pro:-\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.themehunk.com\u002Fproduct\u002Flead-form-builder-pro\u002F?utm_source=lfb-wp-readme&utm_campaign=lfb-product-link&utm_medium=lfb-lite\" title=\"Lead Form Builder Pro\" rel=\"nofollow ugc\">Pro Version\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Premium version of our plugin Lead form Builder is released now having all the advanced functionality needed for creating a Wonderful form and collecting leads too.  It is a powerful plugin which is designed in such a way that can be used by a novice. Build online forms in minutes by using Pre-built form templates.\u003C\u002Fp>\n\u003Ch4>LIVE  DEMO\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.themehunk.com\u002Fproduct\u002Flead-form-builder-pro\" title=\"Lead Form Builder Pro\" rel=\"nofollow ugc\">Lead Form Builder Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Unlimited Form Creations\u003C\u002Fli>\n\u003Cli>Google One Tap Login Feature\u003C\u002Fli>\n\u003Cli>Leads Tracing like: IP Address, Country, OS & Browser etc.\u003C\u002Fli>\n\u003Cli>Google reCaptcha v2 & v3 for spam protection.\u003C\u002Fli>\n\u003Cli>WordPress Block Editor Support\u003C\u002Fli>\n\u003Cli>Auto Responder Feature Available.\u003C\u002Fli>\n\u003Cli>Fully responsive.\u003C\u002Fli>\n\u003Cli>Leads export feature. \u003C\u002Fli>\n\u003Cli>Import\u002FExport form. \u003C\u002Fli>\n\u003Cli>Lead Form Styler Elementor addon available.\u003C\u002Fli>\n\u003Cli>MailChimp integrated. \u003C\u002Fli>\n\u003Cli>SMTP Mail configure. \u003C\u002Fli>\n\u003Cli>Amazing Multiple Pre-Built form templates.\u003C\u002Fli>\n\u003Cli>Drag and Drop field ordering. \u003C\u002Fli>\n\u003Cli>Upload field option.\u003C\u002Fli>\n\u003Cli>Admin and User email Setting (Set desired ID for receiving and sending emails). \u003C\u002Fli>\n\u003Cli>Easily embed your form in post\u002Fpage editor,  widget using shortcode. \u003C\u002Fli>\n\u003Cli>Live Customizer.\u003C\u002Fli>\n\u003Cli>Form resize option.\u003C\u002Fli>\n\u003Cli>Background image\u002Fcolor option for header and form background.\u003C\u002Fli>\n\u003Cli>Color option for fields, heading and button.\u003C\u002Fli>\n\u003Cli>Custom CSS for extra modifications.\u003C\u002Fli>\n\u003Cli>Form reset option.\u003C\u002Fli>\n\u003Cli>Create forms with 9 field types: upload file,  text(name), email, url, number, textarea (message), radio, checkbox, date, and dropdown.\u003C\u002Fli>\n\u003Cli>Custom Thank You message.\u003C\u002Fli>\n\u003Cli>Thank You page redirection.\u003C\u002Fli>\n\u003Cli>Generate easy to use shortcode.\u003C\u002Fli>\n\u003Cli>Wonderful packages for different type of users.\u003C\u002Fli>\n\u003Cli>Complete documentation with video tutorials. \u003C\u002Fli>\n\u003Cli>24×7 supports available with updates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Themes\u003C\u002Fh3>\n\u003Cp>These themes have been tested and are compatible with search plugin without significant issues. Also you can use this plugin to your Block, Elementor, WooCommerce Pages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fth-shop-mania\u002F\" rel=\"ugc\">TH Shop Mania\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ftop-store\u002F\" rel=\"ugc\">Top Store\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fopen-shop\u002F\" rel=\"ugc\">Open Shop\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fzita\u002F\" rel=\"ugc\">Zita\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fbig-store\u002F\" rel=\"ugc\">Big Store\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fm-shop\u002F\" rel=\"ugc\">M Shop\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Froyal-shop\u002F\" rel=\"ugc\">Royal Shop\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fopen-mart\u002F\" rel=\"ugc\">Open Mart\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgogo\u002F\" rel=\"ugc\">GoGo\u003C\u002Fa> – by ThemeHunk\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Ftwentytwentytwo\u002F\" rel=\"ugc\">Twenty Twenty-Two\u003C\u002Fa> – by WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fhello-elementor\u002F\" rel=\"ugc\">Hello Elementor\u003C\u002Fa> – by Elementor\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Foceanwp\u002F\" rel=\"ugc\">OceanWP\u003C\u002Fa> – by oceanwp\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fneve\u002F\" rel=\"ugc\">Neve\u003C\u002Fa> – by Themeisle\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgo\u002F\" rel=\"ugc\">Go\u003C\u002Fa> – by GoDaddy\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fgeneratepress\u002F\" rel=\"ugc\">GeneratePress\u003C\u002Fa> – by Tom\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fhestia\u002F\" rel=\"ugc\">Hestia\u003C\u002Fa> – by Themeisle\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fcolibri-wp\u002F\" rel=\"ugc\">Colibri WP\u003C\u002Fa> – by Extend Themes\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fkadence\u002F\" rel=\"ugc\">Kadence\u003C\u002Fa> – by Ben Ritner – Kadence WP\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fastra\u002F\" rel=\"ugc\">Astra\u003C\u002Fa> – by Brainstorm Force\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fkubio\u002F\" rel=\"ugc\">Kubio\u003C\u002Fa> – by Extend Themes\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fzakra\u002F\" rel=\"ugc\">Zakra\u003C\u002Fa> – by ThemeGrill\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fstorefront\u002F\" rel=\"ugc\">Storefront\u003C\u002Fa> – by Automattic\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fonepress\u002F\" rel=\"ugc\">OnePress\u003C\u002Fa> – by FameThemes\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Fblocksy\u002F\" rel=\"ugc\">Blocksy\u003C\u002Fa> – by creativethemeshq\u003C\u002Fli>\n\u003C\u002Ful>\n","Fast Drag & Drop Contact From Builder and Lead Generation Tool With Google One Tap Login. Supports Block Editor.",10000,836615,84,"2026-03-13T13:25:00.000Z","5.5","",[22,295,281,296,297],"contact-form-builder","newsletter-form","responsive-form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flead-form-builder.2.1.0.zip",88,11,"2026-03-23 00:00:00",{"slug":233,"name":303,"version":304,"author":305,"author_profile":306,"description":307,"short_description":308,"active_installs":309,"downloaded":310,"rating":255,"num_ratings":311,"last_updated":312,"tested_up_to":313,"requires_at_least":314,"requires_php":293,"tags":315,"homepage":320,"download_link":321,"security_score":322,"vuln_count":238,"unpatched_count":238,"last_vuln_date":38,"fetched_at":31},"Drip for WordPress","1.0.2","getdrip","https:\u002F\u002Fprofiles.wordpress.org\u002Fgetdrip\u002F","\u003Cp>\u003Cstrong>Do you sell online? If so you need \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdrip\u002F\" rel=\"ugc\">our new Drip for WooCommerce Plugin instead of this one\u003C\u002Fa>. It includes your entire product catalog, order history integration, revenue tracking, and much more.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.drip.com\" rel=\"nofollow ugc\">Drip\u003C\u002Fa> is an email and onsite marketing automation platform for ecommerce brands.\u003C\u002Fp>\n\u003Cp>Get your WooCommerce data while it’s hot, then use it to fuel email and onsite marketing strategies that work.\u003C\u002Fp>\n\u003Cp>Tap into dynamic, money-making segmentation that lets you hyper-customize audiences, deliver better shopping experiences, and connect with customers like never before.\u003C\u002Fp>\n\u003Cp>Access pre-built workflows designed around industry best practices and high-converting logic. Take things a step further and split test up to five paths at a time until the engagement sticks.\u003C\u002Fp>\n\u003Cp>Save yourself time with our easy yet powerful automations. Reach people at the right moment, with just the right message to bump click-through-rates and boost sales.\u003C\u002Fp>\n\u003Cp>Pick a template, add your branding using our oh-so-easy visual email builder, and send high-converting email campaigns in minutes.\u003C\u002Fp>\n\u003Cp>Collect zero-party data on your site and use it to turn visitors \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> subscribers \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> customers.\u003C\u002Fp>\n\u003Cp>Install the Drip for WooCommerce plugin. See why thousands of ecommerce brands across the globe trust Drip to build personal and profitable relationships with their customers.\u003C\u002Fp>\n\u003Ch3>Let’s Get Started\u003C\u002Fh3>\n\u003Cp>Ready to start building customer relationships the way they were meant to be? Here’s what you have to do next:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. Sign up for a Drip account\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Signing up is easy. \u003Ca href=\"https:\u002F\u002Fwww.drip.com\u002F\" rel=\"nofollow ugc\">Just head here\u003C\u002Fa>, tell us a little bit about yourself, and let the fun begin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Install the Drip plugin, and select “Drip” from the Settings menu in your WordPress sidebar.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Enter your Drip Account ID, click “Save Changes,” and you’re done!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>FAQs\u003C\u002Fh3>\n\u003Ch3>Do you offer a free trial?\u003C\u002Fh3>\n\u003Cp>Yes, we offer a free 14-day trial for new users. Sign up for a free trial here: \u003Ca href=\"https:\u002F\u002Fwww.getdrip.com\u002Fsignup\u002Fbasic\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.getdrip.com\u002Fsignup\u002Fbasic\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How much does Drip cost?\u003C\u002Fh3>\n\u003Cp>Plans start at $39\u002Fmo. Find your monthly cost on our pricing page: \u003Ca href=\"https:\u002F\u002Fwww.drip.com\u002Fpricing\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.drip.com\u002Fpricing\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Do you offer support? How do I contact them?\u003C\u002Fh3>\n\u003Cp>Our Support Team is available via email between 9 am – 5 pm CST and 8 am – 8 pm CET Monday through Friday at support@drip.com. We offer live chat during these times for customers on the $99\u002Fmo+ plan.\u003C\u002Fp>\n","Do you sell online? If so you need our new Drip for WooCommerce Plugin instead of this one. It includes your entire product catalog, order history int …",2000,53406,4,"2024-03-07T04:14:00.000Z","6.4.8","3.0",[316,317,233,318,319],"autoresponders","email-campaign","email-newsletters","marketing-automation","http:\u002F\u002Fwww.getdrip.com\u002F?utm_source=wp-plugin&utm_medium=link&utm_campaign=plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-marketing.1.0.2.zip",85,{"attackSurface":324,"codeSignals":425,"taintFlows":663,"riskAssessment":1308,"analyzedAt":1323},{"hooks":325,"ajaxHandlers":400,"restRoutes":401,"shortcodes":402,"cronEvents":422,"entryPointCount":48,"unprotectedCount":238},[326,332,335,337,342,346,348,352,356,360,365,369,373,377,381,385,389,393,397],{"type":327,"name":328,"callback":329,"file":330,"line":331},"action","admin_enqueue_scripts","arigato_scripts","bft-autoresponder.php",73,{"type":327,"name":328,"callback":333,"file":330,"line":334},"arigato_admin_scripts",74,{"type":327,"name":336,"callback":329,"file":330,"line":76},"wp_enqueue_scripts",{"type":338,"name":339,"callback":340,"file":330,"line":341},"filter","wpcf7_form_elements","shortcode_filter",78,{"type":327,"name":343,"callback":344,"file":330,"line":345},"wpcf7_before_send_mail","signup",79,{"type":327,"name":347,"callback":344,"file":330,"line":290},"grunion_pre_message_sent",{"type":327,"name":349,"callback":350,"file":330,"line":351},"ninja_forms_save_sub","ninja_signup",87,{"type":327,"name":353,"callback":354,"priority":355,"file":330,"line":266},"frm_after_create_entry","signup_formidable",30,{"type":327,"name":357,"callback":358,"priority":355,"file":330,"line":359},"wpforms_process_complete","signup_wpforms",93,{"type":338,"name":361,"callback":362,"priority":363,"file":330,"line":364},"wp_privacy_personal_data_erasers","bft_register_personal_data_eraser",10,101,{"type":327,"name":366,"callback":367,"priority":363,"file":330,"line":368},"arigato_subscribed","dispatch_subscribe",104,{"type":327,"name":370,"callback":371,"file":330,"line":372},"arigato_confirmed","dispatch_confirmed",105,{"type":327,"name":374,"callback":375,"file":330,"line":376},"arigato_unsubscribed","dispatch_unsubscribe",106,{"type":338,"name":378,"callback":379,"file":330,"line":380},"the_content","bft_screenmsg",616,{"type":327,"name":382,"callback":383,"file":330,"line":384},"init","bft_init",833,{"type":327,"name":386,"callback":387,"file":330,"line":388},"admin_menu","bft_autoresponder_menu",834,{"type":327,"name":390,"callback":391,"file":330,"line":392},"template_redirect","bft_template_redirect",835,{"type":327,"name":394,"callback":395,"priority":363,"file":330,"line":396},"wp_login","bft_auto_subscribe",837,{"type":327,"name":398,"callback":398,"file":330,"line":399},"bft_hook_up",838,[],[],[403,407,411,415,418],{"tag":404,"callback":405,"file":330,"line":406},"bft-int-chk","int_chk",80,{"tag":408,"callback":409,"file":330,"line":410},"bft-num-subs","num_subscribers",96,{"tag":412,"callback":413,"file":330,"line":414},"bft-unsubscribe","unsubscribe",97,{"tag":416,"callback":417,"file":330,"line":236},"bft-newsletter-archive","newsletter_archive",{"tag":419,"callback":420,"file":330,"line":421},"BFTWP","bft_shortcode_signup",836,[423],{"hook":398,"callback":398,"file":330,"line":424},326,{"dangerousFunctions":426,"sqlUsage":435,"outputEscaping":458,"fileOperations":207,"externalRequests":278,"nonceChecks":602,"capabilityChecks":311,"bundledLibraries":662},[427,431,433],{"fn":428,"file":429,"line":14,"context":430},"unserialize","controllers\\webhooks.php","$payload_config = unserialize(stripslashes($hook->payload_config));",{"fn":428,"file":429,"line":331,"context":432},"$config = unserialize(stripslashes($hook->payload_config));",{"fn":428,"file":429,"line":434,"context":432},144,{"prepared":436,"raw":225,"locations":437},149,[438,441,444,447,449,452,454,456],{"file":330,"line":439,"context":440},627,"$wpdb->get_var() with variable interpolation",{"file":330,"line":442,"context":443},773,"$wpdb->get_results() with variable interpolation",{"file":330,"line":445,"context":446},820,"$wpdb->query() with variable interpolation",{"file":330,"line":448,"context":446},821,{"file":450,"line":451,"context":443},"controllers\\integrations.php",180,{"file":450,"line":453,"context":443},279,{"file":455,"line":76,"context":446},"controllers\\list.php",{"file":455,"line":457,"context":440},198,{"escaped":459,"rawEcho":460,"locations":461},165,126,[462,465,467,469,472,474,476,478,480,482,485,486,487,489,490,492,494,495,497,499,500,501,502,503,505,506,508,509,510,511,513,515,516,518,519,521,522,524,526,528,530,531,533,534,536,538,540,542,544,545,547,548,550,552,554,557,559,560,562,563,566,568,570,573,574,576,577,578,579,581,582,584,585,586,587,588,589,590,591,593,594,595,596,597,598,599,600,603,605,606,607,608,611,612,614,616,617,619,620,622,624,625,627,628,630,633,634,636,637,639,640,642,643,644,645,646,648,649,651,652,653,655,656,658,660,661],{"file":330,"line":463,"context":464},528,"raw output",{"file":330,"line":466,"context":464},675,{"file":330,"line":468,"context":464},717,{"file":470,"line":471,"context":464},"bft-lib.php",187,{"file":470,"line":473,"context":464},284,{"file":470,"line":475,"context":464},315,{"file":470,"line":477,"context":464},361,{"file":470,"line":479,"context":464},475,{"file":429,"line":481,"context":464},133,{"file":483,"line":484,"context":464},"models\\attachment.php",19,{"file":483,"line":484,"context":464},{"file":483,"line":484,"context":464},{"file":488,"line":311,"context":464},"views\\bft_import.html.php",{"file":488,"line":207,"context":464},{"file":488,"line":491,"context":464},52,{"file":493,"line":300,"context":464},"views\\bft_list.html.php",{"file":493,"line":209,"context":464},{"file":493,"line":496,"context":464},82,{"file":493,"line":498,"context":464},83,{"file":493,"line":290,"context":464},{"file":493,"line":322,"context":464},{"file":493,"line":13,"context":464},{"file":493,"line":13,"context":464},{"file":493,"line":504,"context":464},95,{"file":493,"line":414,"context":464},{"file":493,"line":507,"context":464},99,{"file":493,"line":255,"context":464},{"file":493,"line":255,"context":464},{"file":493,"line":255,"context":464},{"file":493,"line":512,"context":464},103,{"file":493,"line":514,"context":464},117,{"file":493,"line":514,"context":464},{"file":493,"line":517,"context":464},118,{"file":493,"line":517,"context":464},{"file":493,"line":520,"context":464},122,{"file":493,"line":520,"context":464},{"file":493,"line":523,"context":464},177,{"file":525,"line":484,"context":464},"views\\bft_main.html.php",{"file":525,"line":527,"context":464},25,{"file":525,"line":529,"context":464},72,{"file":525,"line":334,"context":464},{"file":525,"line":532,"context":464},76,{"file":525,"line":290,"context":464},{"file":525,"line":535,"context":464},91,{"file":525,"line":537,"context":464},113,{"file":525,"line":539,"context":464},123,{"file":525,"line":541,"context":464},128,{"file":525,"line":543,"context":464},157,{"file":525,"line":543,"context":464},{"file":525,"line":546,"context":464},181,{"file":525,"line":546,"context":464},{"file":525,"line":549,"context":464},216,{"file":525,"line":551,"context":464},232,{"file":525,"line":553,"context":464},244,{"file":555,"line":556,"context":464},"views\\bft_messages.html.php",27,{"file":555,"line":558,"context":464},60,{"file":555,"line":211,"context":464},{"file":555,"line":561,"context":464},71,{"file":555,"line":13,"context":464},{"file":564,"line":565,"context":464},"views\\integration-contact-form.html.php",28,{"file":564,"line":567,"context":464},38,{"file":564,"line":569,"context":464},42,{"file":571,"line":572,"context":464},"views\\integration-formidable-form.html.php",16,{"file":571,"line":572,"context":464},{"file":571,"line":575,"context":464},31,{"file":571,"line":575,"context":464},{"file":571,"line":569,"context":464},{"file":571,"line":569,"context":464},{"file":571,"line":580,"context":464},53,{"file":571,"line":580,"context":464},{"file":583,"line":572,"context":464},"views\\integration-ninja-form.html.php",{"file":583,"line":572,"context":464},{"file":583,"line":575,"context":464},{"file":583,"line":575,"context":464},{"file":583,"line":569,"context":464},{"file":583,"line":569,"context":464},{"file":583,"line":580,"context":464},{"file":583,"line":580,"context":464},{"file":592,"line":572,"context":464},"views\\integration-wpforms.html.php",{"file":592,"line":572,"context":464},{"file":592,"line":575,"context":464},{"file":592,"line":575,"context":464},{"file":592,"line":569,"context":464},{"file":592,"line":569,"context":464},{"file":592,"line":580,"context":464},{"file":592,"line":580,"context":464},{"file":601,"line":602,"context":464},"views\\list-user.html.php",26,{"file":604,"line":311,"context":464},"views\\message-config.html.php",{"file":604,"line":207,"context":464},{"file":604,"line":363,"context":464},{"file":604,"line":300,"context":464},{"file":609,"line":610,"context":464},"views\\newsletter-archive.html.php",12,{"file":609,"line":610,"context":464},{"file":609,"line":613,"context":464},13,{"file":609,"line":615,"context":464},22,{"file":609,"line":602,"context":464},{"file":618,"line":363,"context":464},"views\\newsletter.html.php",{"file":618,"line":28,"context":464},{"file":618,"line":621,"context":464},23,{"file":618,"line":623,"context":464},61,{"file":618,"line":623,"context":464},{"file":618,"line":626,"context":464},62,{"file":618,"line":211,"context":464},{"file":618,"line":629,"context":464},67,{"file":631,"line":632,"context":464},"views\\raw-email-log.html.php",48,{"file":631,"line":632,"context":464},{"file":631,"line":635,"context":464},49,{"file":631,"line":224,"context":464},{"file":631,"line":638,"context":464},51,{"file":631,"line":491,"context":464},{"file":641,"line":29,"context":464},"views\\signup-form.html.php",{"file":641,"line":237,"context":464},{"file":641,"line":278,"context":464},{"file":641,"line":311,"context":464},{"file":641,"line":48,"context":464},{"file":641,"line":647,"context":464},6,{"file":641,"line":63,"context":464},{"file":650,"line":29,"context":464},"views\\view-archived-newsletter.html.php",{"file":650,"line":278,"context":464},{"file":650,"line":63,"context":464},{"file":654,"line":27,"context":464},"views\\webhook.html.php",{"file":654,"line":623,"context":464},{"file":657,"line":615,"context":464},"views\\webhooks.html.php",{"file":657,"line":659,"context":464},24,{"file":657,"line":527,"context":464},{"file":657,"line":602,"context":464},[],[664,681,787,894,902,924,941,954,964,974,985,1002,1026,1051,1071,1085,1096,1115,1131,1148,1170,1189,1216,1227,1241,1254,1263,1292,1300],{"entryPoint":665,"graph":666,"unsanitizedCount":29,"severity":41},"bft_subscribe (bft-lib.php:201)",{"nodes":667,"edges":678},[668,673],{"id":669,"type":670,"label":671,"file":470,"line":672},"n0","source","$_POST",229,{"id":674,"type":675,"label":676,"file":470,"line":551,"wp_function":677},"n1","sink","wp_remote_get() [SSRF]","wp_remote_get",[679],{"from":669,"to":674,"sanitized":680},false,{"entryPoint":682,"graph":683,"unsanitizedCount":238,"severity":786},"bft_options (bft-autoresponder.php:331)",{"nodes":684,"edges":770},[685,688,692,696,698,702,704,708,710,714,716,720,722,726,728,732,734,738,740,744,746,750,752,756,758,762,764,768],{"id":669,"type":670,"label":686,"file":330,"line":687},"$_POST (x16)",337,{"id":674,"type":675,"label":689,"file":330,"line":690,"wp_function":691},"update_option() [Settings Manipulation]",339,"update_option",{"id":693,"type":670,"label":694,"file":330,"line":695},"n2","$_POST['bft_sender']",363,{"id":697,"type":675,"label":689,"file":330,"line":695,"wp_function":691},"n3",{"id":699,"type":670,"label":700,"file":330,"line":701},"n4","$_POST['bft_redirect']",364,{"id":703,"type":675,"label":689,"file":330,"line":701,"wp_function":691},"n5",{"id":705,"type":670,"label":706,"file":330,"line":707},"n6","$_POST['bft_optin']",365,{"id":709,"type":675,"label":689,"file":330,"line":707,"wp_function":691},"n7",{"id":711,"type":670,"label":712,"file":330,"line":713},"n8","$_POST['mails_per_run']",372,{"id":715,"type":675,"label":689,"file":330,"line":713,"wp_function":691},"n9",{"id":717,"type":670,"label":718,"file":330,"line":719},"n10","$_POST['text_captcha']",373,{"id":721,"type":675,"label":689,"file":330,"line":719,"wp_function":691},"n11",{"id":723,"type":670,"label":724,"file":330,"line":725},"n12","$_POST['sleep']",377,{"id":727,"type":675,"label":689,"file":330,"line":725,"wp_function":691},"n13",{"id":729,"type":670,"label":730,"file":330,"line":731},"n14","$_POST['bcc']",379,{"id":733,"type":675,"label":689,"file":330,"line":731,"wp_function":691},"n15",{"id":735,"type":670,"label":736,"file":330,"line":737},"n16","$_POST['recaptcha_public']",381,{"id":739,"type":675,"label":689,"file":330,"line":737,"wp_function":691},"n17",{"id":741,"type":670,"label":742,"file":330,"line":743},"n18","$_POST['recaptcha_private']",382,{"id":745,"type":675,"label":689,"file":330,"line":743,"wp_function":691},"n19",{"id":747,"type":670,"label":748,"file":330,"line":749},"n20","$_POST['recaptcha_lang']",384,{"id":751,"type":675,"label":689,"file":330,"line":749,"wp_function":691},"n21",{"id":753,"type":670,"label":754,"file":330,"line":755},"n22","$_POST['optin_subject']",408,{"id":757,"type":675,"label":689,"file":330,"line":755,"wp_function":691},"n23",{"id":759,"type":670,"label":760,"file":330,"line":761},"n24","$_POST['optin_message']",409,{"id":763,"type":675,"label":689,"file":330,"line":761,"wp_function":691},"n25",{"id":765,"type":670,"label":766,"file":330,"line":767},"n26","$_POST['bft_optin_redirect']",410,{"id":769,"type":675,"label":689,"file":330,"line":767,"wp_function":691},"n27",[771,773,774,775,776,777,778,779,780,781,782,783,784,785],{"from":669,"to":674,"sanitized":772},true,{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"from":717,"to":721,"sanitized":772},{"from":723,"to":727,"sanitized":772},{"from":729,"to":733,"sanitized":772},{"from":735,"to":739,"sanitized":772},{"from":741,"to":745,"sanitized":772},{"from":747,"to":751,"sanitized":772},{"from":753,"to":757,"sanitized":772},{"from":759,"to":763,"sanitized":772},{"from":765,"to":769,"sanitized":772},"low",{"entryPoint":788,"graph":789,"unsanitizedCount":238,"severity":786},"\u003Cbft-autoresponder> (bft-autoresponder.php:0)",{"nodes":790,"edges":870},[791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,823,827,831,836,840,843,846,850,853,856,859,862,865,868],{"id":669,"type":670,"label":686,"file":330,"line":687},{"id":674,"type":675,"label":689,"file":330,"line":690,"wp_function":691},{"id":693,"type":670,"label":694,"file":330,"line":695},{"id":697,"type":675,"label":689,"file":330,"line":695,"wp_function":691},{"id":699,"type":670,"label":700,"file":330,"line":701},{"id":703,"type":675,"label":689,"file":330,"line":701,"wp_function":691},{"id":705,"type":670,"label":706,"file":330,"line":707},{"id":709,"type":675,"label":689,"file":330,"line":707,"wp_function":691},{"id":711,"type":670,"label":712,"file":330,"line":713},{"id":715,"type":675,"label":689,"file":330,"line":713,"wp_function":691},{"id":717,"type":670,"label":718,"file":330,"line":719},{"id":721,"type":675,"label":689,"file":330,"line":719,"wp_function":691},{"id":723,"type":670,"label":724,"file":330,"line":725},{"id":727,"type":675,"label":689,"file":330,"line":725,"wp_function":691},{"id":729,"type":670,"label":730,"file":330,"line":731},{"id":733,"type":675,"label":689,"file":330,"line":731,"wp_function":691},{"id":735,"type":670,"label":736,"file":330,"line":737},{"id":739,"type":675,"label":689,"file":330,"line":737,"wp_function":691},{"id":741,"type":670,"label":742,"file":330,"line":743},{"id":745,"type":675,"label":689,"file":330,"line":743,"wp_function":691},{"id":747,"type":670,"label":748,"file":330,"line":749},{"id":751,"type":675,"label":689,"file":330,"line":749,"wp_function":691},{"id":753,"type":670,"label":754,"file":330,"line":755},{"id":757,"type":675,"label":689,"file":330,"line":755,"wp_function":691},{"id":759,"type":670,"label":760,"file":330,"line":761},{"id":763,"type":675,"label":689,"file":330,"line":761,"wp_function":691},{"id":765,"type":670,"label":766,"file":330,"line":767},{"id":769,"type":675,"label":689,"file":330,"line":767,"wp_function":691},{"id":820,"type":670,"label":821,"file":330,"line":822},"n28","$_GET['email']",660,{"id":824,"type":675,"label":825,"file":330,"line":822,"wp_function":826},"n29","get_row() [SQLi]","get_row",{"id":828,"type":670,"label":829,"file":330,"line":830},"n30","$_GET (x4)",666,{"id":832,"type":675,"label":833,"file":330,"line":834,"wp_function":835},"n31","query() [SQLi]",668,"query",{"id":837,"type":670,"label":838,"file":330,"line":839},"n32","$_GET",690,{"id":841,"type":675,"label":825,"file":330,"line":842,"wp_function":826},"n33",691,{"id":844,"type":670,"label":671,"file":330,"line":845},"n34",614,{"id":847,"type":848,"label":849,"file":330,"line":845},"n35","transform","→ bft_subscribe()",{"id":851,"type":675,"label":833,"file":470,"line":852,"wp_function":835},"n36",265,{"id":854,"type":670,"label":838,"file":330,"line":855},"n37",706,{"id":857,"type":848,"label":858,"file":330,"line":855},"n38","→ bft_welcome_mail()",{"id":860,"type":675,"label":833,"file":330,"line":861,"wp_function":835},"n39",556,{"id":863,"type":670,"label":838,"file":330,"line":864},"n40",710,{"id":866,"type":848,"label":867,"file":330,"line":864},"n41","→ bft_subscribe_notify()",{"id":869,"type":675,"label":825,"file":470,"line":507,"wp_function":826},"n42",[871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"from":717,"to":721,"sanitized":772},{"from":723,"to":727,"sanitized":772},{"from":729,"to":733,"sanitized":772},{"from":735,"to":739,"sanitized":772},{"from":741,"to":745,"sanitized":772},{"from":747,"to":751,"sanitized":772},{"from":753,"to":757,"sanitized":772},{"from":759,"to":763,"sanitized":772},{"from":765,"to":769,"sanitized":772},{"from":820,"to":824,"sanitized":772},{"from":828,"to":832,"sanitized":772},{"from":837,"to":841,"sanitized":772},{"from":844,"to":847,"sanitized":680},{"from":847,"to":851,"sanitized":772},{"from":854,"to":857,"sanitized":680},{"from":857,"to":860,"sanitized":772},{"from":863,"to":866,"sanitized":680},{"from":866,"to":869,"sanitized":772},{"entryPoint":895,"graph":896,"unsanitizedCount":238,"severity":786},"\u003Cbft-lib> (bft-lib.php:0)",{"nodes":897,"edges":900},[898,899],{"id":669,"type":670,"label":671,"file":470,"line":672},{"id":674,"type":675,"label":676,"file":470,"line":551,"wp_function":677},[901],{"from":669,"to":674,"sanitized":772},{"entryPoint":903,"graph":904,"unsanitizedCount":238,"severity":786},"bft_message_config (controllers\\config.php:4)",{"nodes":905,"edges":919},[906,909,910,912,913,915,916,918],{"id":669,"type":670,"label":907,"file":908,"line":48},"$_GET (x3)","controllers\\config.php",{"id":674,"type":675,"label":689,"file":908,"line":363,"wp_function":691},{"id":693,"type":670,"label":911,"file":908,"line":363},"$_POST['subject']",{"id":697,"type":675,"label":689,"file":908,"line":363,"wp_function":691},{"id":699,"type":670,"label":914,"file":908,"line":300},"$_POST['message']",{"id":703,"type":675,"label":689,"file":908,"line":300,"wp_function":691},{"id":705,"type":670,"label":917,"file":908,"line":610},"$_POST['receivers']",{"id":709,"type":675,"label":689,"file":908,"line":610,"wp_function":691},[920,921,922,923],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"entryPoint":925,"graph":926,"unsanitizedCount":238,"severity":786},"\u003Cconfig> (controllers\\config.php:0)",{"nodes":927,"edges":936},[928,929,930,931,932,933,934,935],{"id":669,"type":670,"label":907,"file":908,"line":48},{"id":674,"type":675,"label":689,"file":908,"line":363,"wp_function":691},{"id":693,"type":670,"label":911,"file":908,"line":363},{"id":697,"type":675,"label":689,"file":908,"line":363,"wp_function":691},{"id":699,"type":670,"label":914,"file":908,"line":300},{"id":703,"type":675,"label":689,"file":908,"line":300,"wp_function":691},{"id":705,"type":670,"label":917,"file":908,"line":610},{"id":709,"type":675,"label":689,"file":908,"line":610,"wp_function":691},[937,938,939,940],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"entryPoint":942,"graph":943,"unsanitizedCount":238,"severity":786},"contact_form (controllers\\integrations.php:5)",{"nodes":944,"edges":951},[945,947,948,950],{"id":669,"type":670,"label":946,"file":450,"line":659},"$_POST['cf7_name_field']",{"id":674,"type":675,"label":689,"file":450,"line":659,"wp_function":691},{"id":693,"type":670,"label":949,"file":450,"line":527},"$_POST['cf7_email_field']",{"id":697,"type":675,"label":689,"file":450,"line":527,"wp_function":691},[952,953],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":955,"graph":956,"unsanitizedCount":238,"severity":786},"ninja (controllers\\integrations.php:49)",{"nodes":957,"edges":962},[958,960],{"id":669,"type":670,"label":671,"file":450,"line":959},59,{"id":674,"type":675,"label":689,"file":450,"line":961,"wp_function":691},64,[963],{"from":669,"to":674,"sanitized":772},{"entryPoint":965,"graph":966,"unsanitizedCount":238,"severity":786},"formidable (controllers\\integrations.php:152)",{"nodes":967,"edges":972},[968,970],{"id":669,"type":670,"label":671,"file":450,"line":969},162,{"id":674,"type":675,"label":689,"file":450,"line":971,"wp_function":691},167,[973],{"from":669,"to":674,"sanitized":772},{"entryPoint":975,"graph":976,"unsanitizedCount":238,"severity":786},"signup_formidable (controllers\\integrations.php:193)",{"nodes":977,"edges":982},[978,980,981],{"id":669,"type":670,"label":671,"file":450,"line":979},248,{"id":674,"type":848,"label":849,"file":450,"line":979},{"id":693,"type":675,"label":833,"file":470,"line":852,"wp_function":835},[983,984],{"from":669,"to":674,"sanitized":680},{"from":674,"to":693,"sanitized":772},{"entryPoint":986,"graph":987,"unsanitizedCount":238,"severity":786},"wpforms (controllers\\integrations.php:252)",{"nodes":988,"edges":999},[989,991,993,995],{"id":669,"type":670,"label":671,"file":450,"line":990},262,{"id":674,"type":675,"label":689,"file":450,"line":992,"wp_function":691},267,{"id":693,"type":670,"label":671,"file":450,"line":994},276,{"id":697,"type":675,"label":996,"file":450,"line":997,"wp_function":998},"get_var() [SQLi]",285,"get_var",[1000,1001],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":1003,"graph":1004,"unsanitizedCount":238,"severity":786},"\u003Cintegrations> (controllers\\integrations.php:0)",{"nodes":1005,"edges":1019},[1006,1007,1008,1009,1010,1012,1013,1014,1015,1017,1018],{"id":669,"type":670,"label":946,"file":450,"line":659},{"id":674,"type":675,"label":689,"file":450,"line":659,"wp_function":691},{"id":693,"type":670,"label":949,"file":450,"line":527},{"id":697,"type":675,"label":689,"file":450,"line":527,"wp_function":691},{"id":699,"type":670,"label":1011,"file":450,"line":959},"$_POST (x3)",{"id":703,"type":675,"label":689,"file":450,"line":961,"wp_function":691},{"id":705,"type":670,"label":671,"file":450,"line":994},{"id":709,"type":675,"label":996,"file":450,"line":997,"wp_function":998},{"id":711,"type":670,"label":1016,"file":450,"line":979},"$_POST (x2)",{"id":715,"type":848,"label":849,"file":450,"line":979},{"id":717,"type":675,"label":833,"file":470,"line":852,"wp_function":835},[1020,1021,1022,1023,1024,1025],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":680},{"from":715,"to":717,"sanitized":772},{"entryPoint":1027,"graph":1028,"unsanitizedCount":238,"severity":786},"bft_list (controllers\\list.php:4)",{"nodes":1029,"edges":1045},[1030,1032,1033,1036,1037,1038,1039,1040,1041,1042],{"id":669,"type":670,"label":1031,"file":455,"line":621},"$_GET (x2)",{"id":674,"type":675,"label":833,"file":455,"line":659,"wp_function":835},{"id":693,"type":670,"label":1034,"file":455,"line":1035},"$_GET['id']",33,{"id":697,"type":675,"label":825,"file":455,"line":1035,"wp_function":826},{"id":699,"type":670,"label":671,"file":455,"line":207},{"id":703,"type":675,"label":825,"file":455,"line":224,"wp_function":826},{"id":705,"type":670,"label":671,"file":455,"line":334},{"id":709,"type":675,"label":833,"file":455,"line":76,"wp_function":835},{"id":711,"type":670,"label":838,"file":455,"line":621},{"id":715,"type":675,"label":1043,"file":455,"line":520,"wp_function":1044},"get_results() [SQLi]","get_results",[1046,1047,1048,1049,1050],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"entryPoint":1052,"graph":1053,"unsanitizedCount":238,"severity":786},"\u003Clist> (controllers\\list.php:0)",{"nodes":1054,"edges":1065},[1055,1056,1057,1058,1059,1060,1061,1062,1063,1064],{"id":669,"type":670,"label":907,"file":455,"line":621},{"id":674,"type":675,"label":833,"file":455,"line":659,"wp_function":835},{"id":693,"type":670,"label":1034,"file":455,"line":1035},{"id":697,"type":675,"label":825,"file":455,"line":1035,"wp_function":826},{"id":699,"type":670,"label":671,"file":455,"line":207},{"id":703,"type":675,"label":825,"file":455,"line":224,"wp_function":826},{"id":705,"type":670,"label":671,"file":455,"line":334},{"id":709,"type":675,"label":833,"file":455,"line":76,"wp_function":835},{"id":711,"type":670,"label":838,"file":455,"line":621},{"id":715,"type":675,"label":1043,"file":455,"line":520,"wp_function":1044},[1066,1067,1068,1069,1070],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"entryPoint":1072,"graph":1073,"unsanitizedCount":238,"severity":786},"bft_log (controllers\\log.php:4)",{"nodes":1074,"edges":1082},[1075,1078,1079,1080],{"id":669,"type":670,"label":1076,"file":1077,"line":225},"$_POST['cleanup_days']","controllers\\log.php",{"id":674,"type":675,"label":689,"file":1077,"line":225,"wp_function":691},{"id":693,"type":670,"label":671,"file":1077,"line":647},{"id":697,"type":675,"label":1043,"file":1077,"line":1081,"wp_function":1044},14,[1083,1084],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":1086,"graph":1087,"unsanitizedCount":238,"severity":786},"\u003Clog> (controllers\\log.php:0)",{"nodes":1088,"edges":1093},[1089,1090,1091,1092],{"id":669,"type":670,"label":1076,"file":1077,"line":225},{"id":674,"type":675,"label":689,"file":1077,"line":225,"wp_function":691},{"id":693,"type":670,"label":671,"file":1077,"line":647},{"id":697,"type":675,"label":1043,"file":1077,"line":1081,"wp_function":1044},[1094,1095],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":1097,"graph":1098,"unsanitizedCount":238,"severity":786},"bft_messages (controllers\\messages.php:4)",{"nodes":1099,"edges":1110},[1100,1102,1103,1105,1106,1107,1109],{"id":669,"type":670,"label":1016,"file":1101,"line":621},"controllers\\messages.php",{"id":674,"type":675,"label":833,"file":1101,"line":659,"wp_function":835},{"id":693,"type":670,"label":671,"file":1101,"line":1104},37,{"id":697,"type":675,"label":1043,"file":1101,"line":635,"wp_function":1044},{"id":699,"type":670,"label":1016,"file":1101,"line":602},{"id":703,"type":848,"label":1108,"file":1101,"line":602},"→ save_attachments()",{"id":705,"type":675,"label":833,"file":483,"line":961,"wp_function":835},[1111,1112,1113,1114],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":680},{"from":703,"to":705,"sanitized":772},{"entryPoint":1116,"graph":1117,"unsanitizedCount":238,"severity":786},"\u003Cmessages> (controllers\\messages.php:0)",{"nodes":1118,"edges":1126},[1119,1120,1121,1122,1123,1124,1125],{"id":669,"type":670,"label":1016,"file":1101,"line":621},{"id":674,"type":675,"label":833,"file":1101,"line":659,"wp_function":835},{"id":693,"type":670,"label":671,"file":1101,"line":1104},{"id":697,"type":675,"label":1043,"file":1101,"line":635,"wp_function":1044},{"id":699,"type":670,"label":1016,"file":1101,"line":602},{"id":703,"type":848,"label":1108,"file":1101,"line":602},{"id":705,"type":675,"label":833,"file":483,"line":961,"wp_function":835},[1127,1128,1129,1130],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":680},{"from":703,"to":705,"sanitized":772},{"entryPoint":1132,"graph":1133,"unsanitizedCount":238,"severity":786},"bft_newsletter (controllers\\newsletter.php:4)",{"nodes":1134,"edges":1144},[1135,1137,1139,1141,1142,1143],{"id":669,"type":670,"label":1016,"file":1136,"line":613},"controllers\\newsletter.php",{"id":674,"type":675,"label":833,"file":1136,"line":1138,"wp_function":835},20,{"id":693,"type":670,"label":1140,"file":1136,"line":246},"$_GET['del']",{"id":697,"type":675,"label":833,"file":1136,"line":246,"wp_function":835},{"id":699,"type":670,"label":1034,"file":1136,"line":224},{"id":703,"type":675,"label":825,"file":1136,"line":224,"wp_function":826},[1145,1146,1147],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"entryPoint":1149,"graph":1150,"unsanitizedCount":238,"severity":786},"\u003Cnewsletter> (controllers\\newsletter.php:0)",{"nodes":1151,"edges":1164},[1152,1153,1154,1155,1156,1157,1158,1159,1161,1162],{"id":669,"type":670,"label":1016,"file":1136,"line":613},{"id":674,"type":675,"label":833,"file":1136,"line":1138,"wp_function":835},{"id":693,"type":670,"label":1140,"file":1136,"line":246},{"id":697,"type":675,"label":833,"file":1136,"line":246,"wp_function":835},{"id":699,"type":670,"label":1034,"file":1136,"line":224},{"id":703,"type":675,"label":825,"file":1136,"line":224,"wp_function":826},{"id":705,"type":670,"label":838,"file":1136,"line":626},{"id":709,"type":675,"label":1043,"file":1136,"line":1160,"wp_function":1044},68,{"id":711,"type":670,"label":838,"file":1136,"line":498},{"id":715,"type":675,"label":825,"file":1136,"line":1163,"wp_function":826},86,[1165,1166,1167,1168,1169],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"entryPoint":1171,"graph":1172,"unsanitizedCount":238,"severity":786},"manage (controllers\\webhooks.php:4)",{"nodes":1173,"edges":1184},[1174,1176,1177,1178,1179,1180,1182,1183],{"id":669,"type":670,"label":1175,"file":429,"line":613},"$_POST['hook_url'] (x2)",{"id":674,"type":675,"label":833,"file":429,"line":610,"wp_function":835},{"id":693,"type":670,"label":1034,"file":429,"line":1035},{"id":697,"type":675,"label":825,"file":429,"line":1035,"wp_function":826},{"id":699,"type":670,"label":838,"file":429,"line":1035},{"id":703,"type":675,"label":1181,"file":429,"line":14,"wp_function":428},"unserialize() [Object Injection]",{"id":705,"type":670,"label":1034,"file":429,"line":569},{"id":709,"type":675,"label":833,"file":429,"line":569,"wp_function":835},[1185,1186,1187,1188],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"entryPoint":1190,"graph":1191,"unsanitizedCount":238,"severity":786},"\u003Cwebhooks> (controllers\\webhooks.php:0)",{"nodes":1192,"edges":1209},[1193,1194,1195,1196,1197,1198,1199,1200,1201,1202,1204,1205],{"id":669,"type":670,"label":1175,"file":429,"line":613},{"id":674,"type":675,"label":833,"file":429,"line":610,"wp_function":835},{"id":693,"type":670,"label":1034,"file":429,"line":1035},{"id":697,"type":675,"label":825,"file":429,"line":1035,"wp_function":826},{"id":699,"type":670,"label":907,"file":429,"line":1035},{"id":703,"type":675,"label":1181,"file":429,"line":14,"wp_function":428},{"id":705,"type":670,"label":1034,"file":429,"line":569},{"id":709,"type":675,"label":833,"file":429,"line":569,"wp_function":835},{"id":711,"type":670,"label":838,"file":429,"line":647},{"id":715,"type":675,"label":1043,"file":429,"line":1203,"wp_function":1044},69,{"id":717,"type":670,"label":838,"file":429,"line":1035},{"id":721,"type":675,"label":1206,"file":429,"line":1207,"wp_function":1208},"wp_remote_post() [SSRF]",175,"wp_remote_post",[1210,1211,1212,1213,1214,1215],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"from":699,"to":703,"sanitized":772},{"from":705,"to":709,"sanitized":772},{"from":711,"to":715,"sanitized":772},{"from":717,"to":721,"sanitized":772},{"entryPoint":1217,"graph":1218,"unsanitizedCount":29,"severity":786},"\u003Cbft_import.html> (views\\bft_import.html.php:0)",{"nodes":1219,"edges":1225},[1220,1222],{"id":669,"type":670,"label":1221,"file":488,"line":207},"$_SERVER['REQUEST_URI']",{"id":674,"type":675,"label":1223,"file":488,"line":207,"wp_function":1224},"echo() [XSS]","echo",[1226],{"from":669,"to":674,"sanitized":680},{"entryPoint":1228,"graph":1229,"unsanitizedCount":238,"severity":786},"\u003Cbft_list.html> (views\\bft_list.html.php:0)",{"nodes":1230,"edges":1238},[1231,1233,1234,1237],{"id":669,"type":670,"label":1232,"file":493,"line":246},"$_GET['filter_email']",{"id":674,"type":675,"label":1223,"file":493,"line":246,"wp_function":1224},{"id":693,"type":670,"label":1235,"file":493,"line":1236},"$_GET['filter_name']",44,{"id":697,"type":675,"label":1223,"file":493,"line":1236,"wp_function":1224},[1239,1240],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":1242,"graph":1243,"unsanitizedCount":238,"severity":786},"\u003Clist-user.html> (views\\list-user.html.php:0)",{"nodes":1244,"edges":1251},[1245,1247,1248,1250],{"id":669,"type":670,"label":1246,"file":601,"line":647},"$_GET['ob']",{"id":674,"type":675,"label":1223,"file":601,"line":647,"wp_function":1224},{"id":693,"type":670,"label":1249,"file":601,"line":647},"$_GET['offset']",{"id":697,"type":675,"label":1223,"file":601,"line":647,"wp_function":1224},[1252,1253],{"from":669,"to":674,"sanitized":772},{"from":693,"to":697,"sanitized":772},{"entryPoint":1255,"graph":1256,"unsanitizedCount":238,"severity":786},"\u003Cunsubscribe.html> (views\\unsubscribe.html.php:0)",{"nodes":1257,"edges":1261},[1258,1260],{"id":669,"type":670,"label":821,"file":1259,"line":278},"views\\unsubscribe.html.php",{"id":674,"type":675,"label":1223,"file":1259,"line":278,"wp_function":1224},[1262],{"from":669,"to":674,"sanitized":772},{"entryPoint":1264,"graph":1265,"unsanitizedCount":48,"severity":84},"bft_template_redirect (bft-autoresponder.php:606)",{"nodes":1266,"edges":1282},[1267,1268,1269,1270,1271,1272,1273,1274,1275,1276,1277,1278,1279,1280,1281],{"id":669,"type":670,"label":821,"file":330,"line":822},{"id":674,"type":675,"label":825,"file":330,"line":822,"wp_function":826},{"id":693,"type":670,"label":907,"file":330,"line":830},{"id":697,"type":675,"label":833,"file":330,"line":834,"wp_function":835},{"id":699,"type":670,"label":838,"file":330,"line":839},{"id":703,"type":675,"label":825,"file":330,"line":842,"wp_function":826},{"id":705,"type":670,"label":671,"file":330,"line":845},{"id":709,"type":848,"label":849,"file":330,"line":845},{"id":711,"type":675,"label":833,"file":470,"line":852,"wp_function":835},{"id":715,"type":670,"label":838,"file":330,"line":855},{"id":717,"type":848,"label":858,"file":330,"line":855},{"id":721,"type":675,"label":833,"file":330,"line":861,"wp_function":835},{"id":723,"type":670,"label":838,"file":330,"line":864},{"id":727,"type":848,"label":867,"file":330,"line":864},{"id":729,"type":675,"label":825,"file":470,"line":507,"wp_function":826},[1283,1284,1285,1286,1287,1288,1289,1290,1291],{"from":669,"to":674,"sanitized":680},{"from":693,"to":697,"sanitized":680},{"from":699,"to":703,"sanitized":680},{"from":705,"to":709,"sanitized":680},{"from":709,"to":711,"sanitized":772},{"from":715,"to":717,"sanitized":680},{"from":717,"to":721,"sanitized":772},{"from":723,"to":727,"sanitized":680},{"from":727,"to":729,"sanitized":772},{"entryPoint":1293,"graph":1294,"unsanitizedCount":29,"severity":84},"bft_newsletter_archive (controllers\\newsletter.php:58)",{"nodes":1295,"edges":1298},[1296,1297],{"id":669,"type":670,"label":838,"file":1136,"line":626},{"id":674,"type":675,"label":1043,"file":1136,"line":1160,"wp_function":1044},[1299],{"from":669,"to":674,"sanitized":680},{"entryPoint":1301,"graph":1302,"unsanitizedCount":29,"severity":84},"bft_view_newsletter (controllers\\newsletter.php:78)",{"nodes":1303,"edges":1306},[1304,1305],{"id":669,"type":670,"label":838,"file":1136,"line":498},{"id":674,"type":675,"label":825,"file":1136,"line":1163,"wp_function":826},[1307],{"from":669,"to":674,"sanitized":680},{"summary":1309,"deductions":1310},"The bft-autoresponder plugin exhibits a mixed security posture. While it demonstrates good practices in utilizing prepared statements for the vast majority of its SQL queries and includes a decent number of nonce and capability checks, several concerning signals emerge from the static analysis and vulnerability history.  The presence of the `unserialize` function is a significant red flag, as it is a known vector for object injection vulnerabilities if not handled with extreme care and input validation.  Furthermore, the taint analysis reveals several flows with unsanitized paths, including three identified as high severity. This, combined with the plugin's history of 18 known CVEs, including one critical unpatched vulnerability, points to a recurring pattern of security weaknesses that attackers have successfully exploited in the past. The types of common vulnerabilities (CSRF, XSS, Unrestricted Uploads, SQL Injection) further reinforce the need for heightened vigilance.",[1311,1313,1315,1317,1319,1321],{"reason":1312,"points":28},"Unpatched critical vulnerability",{"reason":1314,"points":610},"High severity taint flows detected",{"reason":1316,"points":363},"Dangerous unserialize function present",{"reason":1318,"points":63},"Unsanitized paths in taint analysis",{"reason":1320,"points":48},"Output escaping only 57% proper",{"reason":1322,"points":311},"Large number of past CVEs","2026-03-16T19:26:28.383Z",{"wat":1325,"direct":1334},{"assetPaths":1326,"generatorPatterns":1329,"scriptPaths":1330,"versionParams":1331},[1327,1328],"\u002Fwp-content\u002Fplugins\u002Fbft-autoresponder\u002Ffront.css","\u002Fwp-content\u002Fplugins\u002Fbft-autoresponder\u002Fcss\u002Fadmin.css",[],[],[1332,1333],"bft-autoresponder\u002Ffront.css?ver=","bft-autoresponder\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":1335,"htmlComments":1336,"htmlAttributes":1337,"restEndpoints":1338,"jsGlobals":1339,"shortcodeOutput":1340},[4],[],[],[],[],[1341,1342,1343,1344],"[bft-num-subs]","[bft-unsubscribe]","[bft-newsletter-archive]","[bft-int-chk]"]