[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWcS-Nt9RIfNfzI4r7Uss4jg378gQ2moNk8z9HDXL02E":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":130,"fingerprints":235},"block-temporary-email","Block Temporary Email","1.7.5","IsTempMail","https:\u002F\u002Fprofiles.wordpress.org\u002Fistempmail\u002F","\u003Cp>This plugin will verify every email address submitted by users.\u003Cbr \u002F>\nIt’ll automatically detect and block disposable, temporary email addresses.\u003Cbr \u002F>\nIt’ll give a nice warning message when users are signing up, logging in,\u003Cbr \u002F>\nor changing email to a temporary email.\u003C\u002Fp>\n\u003Cp>The plugin checks the domain name using a service named\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.istempmail.com\u002F?ref=wp\" rel=\"nofollow ugc\">IsTempMail\u003C\u002Fa>.\u003Cbr \u002F>\nIf a domain name is blocked, it will be stored into a local blacklist.\u003Cbr \u002F>\nYou can also manage your own local whitelist and blacklist to allow or\u003Cbr \u002F>\ndisallow certain domains.\u003C\u002Fp>\n\u003Cp>The plugin integrates with the WordPress built-in function \u003Ccode>is_email()\u003C\u002Fcode>.\u003Cbr \u002F>\nIt works seamlessly with other plugins including WooCommerce,\u003Cbr \u002F>\nContact Form 7, Gravity Form, Jetpack\u002FGrunion contact forms, Kadence Blocks Forms as well as\u003Cbr \u002F>\nother formbuilders and ecommerce plugins and WordPress’ own registration form.\u003C\u002Fp>\n","This plugin stops users from giving you disposable or fake email addresses when signing up. This helps reduce spam and fraud.",500,8483,90,8,"2025-08-12T12:41:00.000Z","6.8.5","2.9","",[20,21,22,23,24],"check-email","disposable-email","fake-email","temporary-email","validate-email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblock-temporary-email\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-temporary-email.1.7.5.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"istempmail",1,30,94,"2026-04-05T19:12:36.726Z",[39,57,71,92,112],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":54,"download_link":55,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":56},"ultimate-email-validator","Ultimate Email Validator – Validate and Stop Fake, Temporary and Disposable Emails","2.2.0","Oxibug","https:\u002F\u002Fprofiles.wordpress.org\u002Foxibug\u002F","\u003Cp>Enhance Your Website’s Integrity with Ultimate Email Validator Plugin!\u003C\u002Fp>\n\u003Cp>Are you tired of dealing with fake registrations and spammy submissions on your website? Say goodbye to disposable and temporary email addresses causing havoc in your databases. Introducing the Ultimate Email Validator, a powerful WordPress plugin designed to ensure the authenticity of user registrations, contact form submissions, and more.\u003C\u002Fp>\n\u003Cp>Powered by the reliable \u003Ca href=\"https:\u002F\u002Fquickemailverification.com\u002F\" rel=\"nofollow ugc\">Quick Email Verification\u003C\u002Fa> API, the Ultimate Email Validator is your ultimate solution to maintaining a clean and genuine user base. Our plugin seamlessly integrates with popular WordPress extensions including Contact Form 7, Mailchimp, WooCommerce, BuddyPress, Gravity Forms, and Ninja Forms, making it a comprehensive tool for various forms across your site.\u003C\u002Fp>\n\u003Cp>Experience a new level of email verification with our cutting-edge WordPress plugin. Designed to enhance user registration processes, our plugin is your ultimate solution to verify email addresses in registration forms. Say goodbye to the nuisance of fake and disposable emails cluttering your user database. Our plugin is engineered to seamlessly integrate into your registration process, ensuring that only genuine email addresses make the cut. We’re here to transform your website’s integrity with advanced technology that checks disposable emails during the registration process. Don’t compromise on data quality – empower your website today with the power to validate and authenticate email addresses effectively.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Email Validation:\u003C\u002Fstrong> Our plugin utilizes the [Quick Email Verification] API to meticulously validate email addresses in real-time. Say goodbye to disposable and temporary email addresses flooding your database.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Robust Compatibility:\u003C\u002Fstrong> Whether you’re using Contact Form 7, Mailchimp, WooCommerce, BuddyPress, Gravity Forms, or Ninja Forms, our plugin works seamlessly with these extensions to ensure uniform protection against fake registrations.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cost-Effective Solution:\u003C\u002Fstrong> Worried about the cost? Don’t be! Our plugin leverages the [Quick Email Verification] API’s generous free plan, offering up to 100 requests daily, translating to approximately 3000 requests monthly. This is the perfect solution for small to medium websites looking for comprehensive protection without breaking the bank.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Interface:\u003C\u002Fstrong> We believe in simplicity. Our user-friendly interface allows you to effortlessly enable or disable email validation for each form, ensuring you’re in full control of your website’s integrity.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Enhanced Security:\u003C\u002Fstrong> By preventing disposable and temporary emails from accessing your forms, you’re effectively safeguarding your website from spam, fraudulent activities, and potential security breaches.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Start Protecting Your Website Today:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With the Ultimate Email Validator, you can provide a seamless user experience while keeping your website’s integrity intact. Don’t let disposable emails tarnish your online presence. Empower your website with a powerful layer of protection and ensure every interaction on your site is genuine and meaningful.\u003C\u002Fp>\n\u003Cp>Don’t compromise on quality. Get the Ultimate Email Validator plugin today and enjoy the benefits of clean and reliable user data. Take advantage of our cost-effective solution and make a difference in your website’s security.\u003C\u002Fp>\n\u003Ch3>Registration Form Validation\u003C\u002Fh3>\n\u003Cp>Ultimate Email Validator identifies email fields in \u003Cstrong>WordPress, BuddyPress and WooCommerce\u003C\u002Fstrong> registration forms. It also identifies email fields on the \u003Cstrong>Update User Profile\u003C\u002Fstrong> page, preventing users from later modifying their genuine email addresses.\u003C\u002Fp>\n\u003Ch3>Form Validation\u003C\u002Fh3>\n\u003Cp>You can also utilize Ultimate Email Validator to validate email fields in Comment Boxes within posts or pages. It supports popular contact forms like \u003Cstrong>Contact Form 7, MailChimp, Ninja Forms and Gravity Forms\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Ultimate Email Validator Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>MailChimp\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Display a Custom Message\u003C\u002Fh3>\n\u003Cp>Ultimate Email Validator includes a user-friendly and stylish options panel, allowing you to manage the validation process according to your preferences. You can enable or disable validations for each registration or contact form and customize the message for each form. This way, the message displayed during registration will differ from the one shown in contact forms, and so on.\u003C\u002Fp>\n","Enhance Website Security: Stop Fake, Temporary, and Disposable Emails Across Registration, Contact Form 7, Mailchimp, Woocommerce, and More!",10,3024,"6.3.8","5.3","5.6",[21,53,22,23,24],"email-validation","https:\u002F\u002Foxibug.com\u002Fplugins\u002Fultimate-email-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fultimate-email-validator.2.2.0.zip","2026-03-15T10:48:56.248Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":28,"downloaded":65,"rating":28,"num_ratings":28,"last_updated":66,"tested_up_to":16,"requires_at_least":17,"requires_php":67,"tags":68,"homepage":18,"download_link":70,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"temp-mail-detector-block-temporary-emails","Temp Mail Detector – Block Temporary Emails","1.0","tempmaildetector","https:\u002F\u002Fprofiles.wordpress.org\u002Ftempmaildetector\u002F","\u003Cp>The Temp Mail Detector WordPress Plugin is a privacy first temporary email prevention plugin which helps stop disposable emails from being able to sign up or comment on your website.\u003C\u002Fp>\n\u003Cp>By combining the ability to use custom block lists alongside the optional Temp Mail Detector API you can choose which hosts are allowed or not allowed to register or comment on your website.\u003C\u002Fp>\n\u003Ch3>What’s available\u003C\u002Fh3>\n\u003Cp>This plugin offers multiple options:\u003Cbr \u002F>\n* \u003Cstrong>Blocklist\u003C\u002Fstrong> – You can enter a list of domains you would like to block at signup.\u003Cbr \u002F>\n* \u003Cstrong>Protect comments\u003C\u002Fstrong> – Choose if you would like the plugin to protect comments from disposable emails.\u003Cbr \u002F>\n* \u003Cstrong>Plus emails\u003C\u002Fstrong> – Block emails which have a \u003Ccode>+\u003C\u002Fcode> in the user part.\u003Cbr \u002F>\n* \u003Cstrong>External check\u003C\u002Fstrong> – This makes use of the dynamic Temp Mail Detector API for real-time checks.\u003C\u002Fp>\n\u003Cp>To check against the Temp Mail Detector API, you will need to \u003Ca href=\"https:\u002F\u002Ftempmaildetector.com\" rel=\"nofollow ugc\">register for a free API key\u003C\u002Fa>.\u003Cbr \u002F>\nEach API key gets 200 lookups for free each month, which reset on the first of the month.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>If external checks are enabled via the use of an API key, when checking if an email is temporary or not through the Temp Mail Detector API, only the website address of the email is sent to be analysed. Your users emails addresses are never transmitted or shared with anyone.\u003C\u002Fp>\n\u003Cp>If an email is \u003Ccode>user@website.com\u003C\u002Fcode>, this plugin will only send \u003Ccode>website.com\u003C\u002Fcode> to be analysed. By never sharing your users emails, you can both check if an email is disposable while also maintaining your users privacy.\u003C\u002Fp>\n\u003Ch3>Terms of Service \u002F Privacy Policy\u003C\u002Fh3>\n\u003Cp>Please make yourselves familiar with our terms of service and privacy policy, which can be found here:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftempmaildetector.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftempmaildetector.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Detect and block temporary emails from registering on your website using the Temp Mail Detector plugin.",281,"2025-07-05T08:06:00.000Z","7.0",[21,22,69,23,24],"spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemp-mail-detector-block-temporary-emails.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":47,"downloaded":79,"rating":28,"num_ratings":28,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":89,"download_link":90,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":91},"email-blocklist","Email Blocklist","1.2.7","Michał Kowalik","https:\u002F\u002Fprofiles.wordpress.org\u002Fklapaucius4\u002F","\u003Cp>Email Blocklist helps you keep your WordPress site safe and clean by preventing registrations and comments from users with disposable, temporary, or otherwise unwanted email domains.\u003C\u002Fp>\n\u003Cp>Spam registrations and fake accounts often rely on throwaway email addresses. With Email Blocklist, you can easily stop them at the source. The plugin lets you build and manage your own custom blocklist of domains to prevent low-quality signups, spam comments, and fake interactions.\u003C\u002Fp>\n\u003Cp>Unlike many similar plugins, Email Blocklist is completely free and does not rely on any paid APIs or third-party services. Everything runs directly on your WordPress installation. No hidden costs, no subscriptions – just a lightweight solution that does one job and does it well.\u003C\u002Fp>\n\u003Cp>This plugin also lets you scan existing users and flag accounts using suspicious or blocked email domains as potential spam, highlighting them in the user list so you can easily filter or remove them if needed.\u003C\u002Fp>\n\u003Ch3>External Service Usage\u003C\u002Fh3>\n\u003Cp>This plugin uses a public GitHub repository to fetch a global blocklist.\u003Cbr \u002F>\nOne JSON file contains the list of blocked domains (https:\u002F\u002Fraw.githubusercontent.com\u002Fklapaucius4\u002Femail-blocklist\u002Frefs\u002Fheads\u002Fmaster\u002Fblocklist.json),\u003Cbr \u002F>\nand another holds basic metadata (https:\u002F\u002Fraw.githubusercontent.com\u002Fklapaucius4\u002Femail-blocklist\u002Frefs\u002Fheads\u002Fmaster\u002Fblocklist-meta.json).\u003C\u002Fp>\n\u003Cp>The blocklist is downloaded during plugin activation. A daily WP-Cron task checks for updates,\u003Cbr \u002F>\nand the list is refreshed automatically if a newer version is available.\u003Cbr \u002F>\nYou can also trigger a manual update from the plugin settings page.\u003C\u002Fp>\n\u003Cp>Note: This plugin sends requests to GitHub to fetch the blocklist files.\u003Cbr \u002F>\nBy using this plugin, data is transmitted to GitHub under GitHub’s Terms of Service (https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fgithub-terms\u002Fgithub-terms-of-service)\u003Cbr \u002F>\nand GitHub Privacy Statement (https:\u002F\u002Fdocs.github.com\u002Fen\u002Fsite-policy\u002Fprivacy-policies\u002Fgithub-privacy-statement).\u003C\u002Fp>\n","Keep your WordPress site clean by blocking signups and comments from temporary or disposable email domains. 100% free, no paid APIs.",458,"2026-03-02T21:36:00.000Z","6.9.4","5.2","7.4",[85,86,87,88,24],"disposable-emails","spam-prevention","temporary-emails","user-registration","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-blocklist\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-blocklist.1.2.7.zip","2026-03-15T14:54:45.397Z",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":47,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":18,"tags":106,"homepage":109,"download_link":110,"security_score":111,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"block-disposable-email-addresses","Block Disposable Email","0.8","gsetz","https:\u002F\u002Fprofiles.wordpress.org\u002Fgsetz\u002F","\u003Cp>This plugin prevents people from registering with disposable email addresses (dea) like the ones provided by mailinator (also known as throw-away email, one-time email). It protects your most important asset, your registered user base, by preventing contamination by fake accounts. This plugin working principle is similar to spam blacklists.\u003C\u002Fp>\n\u003Cp>It hooks in the wordpress function is_email() so it will extend the known email validation of wordpress to detect dea domains.\u003C\u002Fp>\n\u003Cp>The plugin itself does not contain a list of domains to block. Instead of local maintenance the plugin uses the service of http:\u002F\u002Fwww.block-disposable-email.com. This is a very accurate free service for up to 200 queries a month. For huge sites several commercial plans are available.\u003C\u002Fp>\n\u003Cp>Please see the FAQ section for some more information.\u003C\u002Fp>\n","This plugin detects one-time email addresses (disposable email, trashmail, mailinator, 10minutemail) and helps to keep your userbase and comments clea &hellip;",4288,46,3,"2017-03-16T18:51:00.000Z","4.6.30","3.3.1",[107,21,108,69,23],"comments","posts","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fblock-disposable-email-addresses\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-disposable-email-addresses.zip",85,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":47,"downloaded":120,"rating":28,"num_ratings":28,"last_updated":121,"tested_up_to":81,"requires_at_least":51,"requires_php":122,"tags":123,"homepage":128,"download_link":129,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"disposable-email-blocker-contact-form-7","Disposable Email Blocker – Contact Form 7","2.0.3","Sajjad Hossain Sagor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjad67\u002F","\u003Cp>Block Spammy Disposable\u002FTemporary Emails To Increase Your Conversion & Filter Out Spam Emails.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No Complicated Settings, Just Plug & Play\u003C\u002Fli>\n\u003Cli>Enable Filtering for Specific Forms\u003C\u002Fli>\n\u003Cli>Fully Translation Ready\u003C\u002Fli>\n\u003Cli>Customize Messages for Disposable\u002FTemporary Email Alerts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use this plugin to block\u002Fprevent disposable emails like 10MinuteMail and GuerrillaMail from submission on any contact form 7 form. Filter our your email listing to keep only real subscribers or users.\u003C\u002Fp>\n\u003Cp>Credits\u003Cbr \u002F>\n– https:\u002F\u002Fgithub.com\u002Fandreis\u002Fdisposable\u003C\u002Fp>\n","Now You Can Easily Block\u002FPrevent Disposable\u002FTemporary Spam Emails From Submitting on CF7 Form.",2088,"2025-12-10T17:12:00.000Z","8.0",[124,125,126,23,127],"blocker","contact-form-7","disposable-email-blocker","temporary-email-blocker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisposable-email-blocker-contact-form-7\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisposable-email-blocker-contact-form-7.2.0.3.zip",{"attackSurface":131,"codeSignals":208,"taintFlows":225,"riskAssessment":226,"analyzedAt":234},{"hooks":132,"ajaxHandlers":190,"restRoutes":204,"shortcodes":205,"cronEvents":206,"entryPointCount":207,"unprotectedCount":207},[133,139,143,147,152,156,160,163,166,170,174,177,181,186],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","plugins_loaded","loadTextDomain","istempmail.php",29,{"type":134,"name":140,"callback":141,"file":137,"line":142},"admin_menu","menu",34,{"type":134,"name":144,"callback":145,"file":137,"line":146},"admin_init","settings",35,{"type":148,"name":149,"callback":150,"priority":47,"file":137,"line":151},"filter","plugin_action_links","addActionLinks",37,{"type":148,"name":153,"callback":154,"priority":47,"file":137,"line":155},"is_email","isEmail",39,{"type":148,"name":157,"callback":158,"file":137,"line":159},"registration_errors","deaError",41,{"type":148,"name":161,"callback":158,"file":137,"line":162},"user_profile_update_errors",42,{"type":148,"name":164,"callback":158,"file":137,"line":165},"login_errors",43,{"type":148,"name":167,"callback":168,"priority":47,"file":137,"line":169},"kadence_blocks_form_submission_success","kadenceSuccess",69,{"type":148,"name":171,"callback":172,"file":137,"line":173},"kadence_blocks_form_submission_messages","kadenceMessages",70,{"type":148,"name":175,"callback":168,"priority":47,"file":137,"line":176},"kadence_blocks_advanced_form_submission_success",74,{"type":148,"name":178,"callback":179,"file":137,"line":180},"kadence_blocks_advanced_form_submission_messages","kadenceAdvancedMessages",75,{"type":148,"name":182,"callback":183,"priority":184,"file":137,"line":185},"sanitize_email","kadenceSanitizeEmailCallback",999,82,{"type":148,"name":187,"callback":188,"priority":34,"file":137,"line":189},"kadence_blocks_advanced_form_processed_fields","kadenceFilterFormFields",99,[191,196,199,202],{"action":192,"nopriv":193,"callback":194,"hasNonce":193,"hasCapCheck":193,"file":137,"line":195},"kb_process_ajax_submit",false,"kadenceAjaxSubmit",67,{"action":192,"nopriv":197,"callback":194,"hasNonce":193,"hasCapCheck":193,"file":137,"line":198},true,68,{"action":200,"nopriv":193,"callback":194,"hasNonce":193,"hasCapCheck":193,"file":137,"line":201},"kb_process_advanced_form_submit",72,{"action":200,"nopriv":197,"callback":194,"hasNonce":193,"hasCapCheck":193,"file":137,"line":203},73,[],[],[],4,{"dangerousFunctions":209,"sqlUsage":210,"outputEscaping":212,"fileOperations":28,"externalRequests":223,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":224},[],{"prepared":28,"raw":28,"locations":211},[],{"escaped":213,"rawEcho":207,"locations":214},11,[215,218,219,221],{"file":216,"line":146,"context":217},"settings.php","raw output",{"file":216,"line":101,"context":217},{"file":216,"line":220,"context":217},97,{"file":216,"line":222,"context":217},108,2,[],[],{"summary":227,"deductions":228},"The 'block-temporary-email' v1.7.5 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, utilizing prepared statements for all SQL queries and showing no critical or high-severity taint analysis findings. The absence of known vulnerabilities (CVEs) and a history of no recorded vulnerabilities also suggests a generally well-maintained codebase. However, significant security concerns arise from the attack surface analysis. The plugin exposes four AJAX handlers, all of which lack authentication checks. This creates a substantial entry point for potential attackers to interact with the plugin's functionality without proper authorization. Furthermore, the plugin lacks nonce checks for its AJAX actions, which is a critical oversight that can lead to Cross-Site Request Forgery (CSRF) vulnerabilities. While direct output escaping is not a major issue with 73% being properly escaped, the overall lack of authorization and nonce verification on its AJAX endpoints poses a considerable risk.",[229,232],{"reason":230,"points":231},"4 AJAX handlers without auth checks",20,{"reason":233,"points":47},"0 Nonce checks on AJAX handlers","2026-03-16T19:33:32.960Z",{"wat":236,"direct":241},{"assetPaths":237,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[],[],[],[],{"cssClasses":242,"htmlComments":243,"htmlAttributes":244,"restEndpoints":245,"jsGlobals":246,"shortcodeOutput":247},[],[],[],[],[],[]]