WP-Safety

CM E-Mail Blacklist – Simple email filtering for safer registration Security & Risk Analysis

wordpress.org/plugins/cm-email-blacklist

Block unwanted email registrations on your site with this email blacklist plugin. Protect your site by preventing spam sign-ups.

800 active installs v1.6.4 PHP 5.2.4+ WP 5.4.0+ Updated Jan 28, 2026
anti-spamblacklistemail-blacklistspamwhitelist
96
A · Safe
CVEs total3
Unpatched0
Last CVEJan 16, 2026
Plugin page Download
Safety Verdict

Is CM E-Mail Blacklist – Simple email filtering for safer registration Safe to Use in 2026?

Generally Safe

Score 96/100

CM E-Mail Blacklist – Simple email filtering for safer registration has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Jan 16, 2026Updated 3mo ago
Risk Assessment

The "cm-email-blacklist" v1.6.4 plugin exhibits a mixed security posture. On the positive side, it makes good use of prepared statements for SQL queries and includes nonce checks on some entry points. However, significant concerns arise from its attack surface, particularly with three out of four AJAX handlers lacking authentication checks, making them vulnerable to unauthorized actions. Additionally, while the taint analysis shows no critical or high severity flows, one flow with an unsanitized path warrants attention for potential injection vulnerabilities. The plugin's vulnerability history, with three previously disclosed medium-severity CVEs for Cross-Site Scripting and CSRF, and the most recent vulnerability dated in the future (implying potential for future undiscovered issues or misrepresentation), suggests a pattern of past security weaknesses that, while currently patched, could indicate ongoing development or maintenance practices that may overlook certain security considerations.

Key Concerns

  • AJAX handlers without authentication checks
  • Output escaping is not consistently applied
  • One unsanitized path in taint analysis
  • Past medium severity vulnerabilities
Vulnerabilities
3 published

CM E-Mail Blacklist – Simple email filtering for safer registration Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2026-0691medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM E-Mail Blacklist <= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter

Jan 16, 2026 Patched in 1.6.3 (1d)
CVE-2025-24694medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CM E-Mail Blacklist – Simple email filtering for safer registration <= 1.5.5 - Reflected Cross-Site Scripting

Feb 3, 2025 Patched in 1.5.6 (40d)
CVE-2024-5167medium · 4.3Cross-Site Request Forgery (CSRF)

CM Email Registration Blacklist and Whitelist <= 1.4.8 - Cross-Site Request Forgery

Jun 22, 2024 Patched in 1.4.9 (6d)
Version History

CM E-Mail Blacklist – Simple email filtering for safer registration Release Timeline

v1.6.21 CVE
CVE-2026-0691
v1.6.11 CVE
CVE-2026-0691
v1.6.01 CVE
CVE-2026-0691
v1.5.91 CVE
CVE-2026-0691
v1.5.81 CVE
CVE-2026-0691
v1.5.71 CVE
CVE-2026-0691
v1.5.61 CVE
CVE-2026-0691
Code Analysis
Analyzed Mar 16, 2026

CM E-Mail Blacklist – Simple email filtering for safer registration Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
154
115 escaped
Nonce Checks
3
Capability Checks
1
File Operations
0
External Requests
5
Bundled Libraries
0

Output Escaping

43% escaped269 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
cminds_system_info_content (package\cminds-free.php:2723)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

CM E-Mail Blacklist – Simple email filtering for safer registration Attack Surface

Entry Points8
Unprotected3

AJAX Handlers 4

authwp_ajax_cm-submit-uninstall-reasonpackage\cminds-free.php:147
authwp_ajax_cm-submit-registration-emailpackage\cminds-free.php:148
authwp_ajax_cm-submit-deregistrationpackage\cminds-free.php:149
authwp_ajax_cm-submit-registration-skippackage\cminds-free.php:150

Shortcodes 4

[cminds_free_registration] package\cminds-free.php:54
[cminds_free_guide] package\cminds-free.php:55
[cminds_upgrade_box] package\cminds-free.php:56
[cminds_free_activation] package\cminds-free.php:57
WordPress Hooks 15
actionadmin_headcm-email-blacklist.php:103
actionactivated_pluginpackage\cminds-free.php:31
actionadmin_initpackage\cminds-free.php:33
actionadmin_menupackage\cminds-free.php:34
actionadmin_enqueue_scriptspackage\cminds-free.php:35
actionadmin_enqueue_scriptspackage\cminds-free.php:36
actioncminds_download_sysinfopackage\cminds-free.php:48
actioninitpackage\cminds-free.php:50
actioninitpackage\cminds-free.php:51
filterplugin_row_metapackage\cminds-free.php:59
actionwp_dashboard_setuppackage\cminds-free.php:62
actionadmin_footerpackage\cminds-free.php:157
filterwp_mail_content_typepackage\cminds-free.php:311
filterwp_mail_content_typepackage\cminds-free.php:2073
filterwp_mail_content_typepackage\cminds-free.php:2164
Maintenance & Trust

CM E-Mail Blacklist – Simple email filtering for safer registration Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 28, 2026
PHP min version5.2.4
Downloads46K

Community Trust

Rating90/100
Number of ratings8
Active installs800
Alternatives

CM E-Mail Blacklist – Simple email filtering for safer registration Alternatives

Advanced Email Filter for Elementor Forms

Advanced Email Filter for Elementor Forms

advanced-email-filter-for-elementor-forms

A
100

Enhance Elementor Pro Forms with advanced email filtering capabilities including global blocklists/whitelist and per-form controls.

100 No CVEs
Maspik – Ultimate Spam Protection

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

A
96

No more fake leads or unwanted submissions — Maspik blocks spam instantly across all forms without using CAPTCHA.

30K 8 CVEs
Exact Match Disallowed Comment & Contact Forms

Exact Match Disallowed Comment & Contact Forms

exact-match-disallowed-comment-contact-forms

A
100

Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.

100 No CVEs
Back List

Back List

back-list

A
85

Adds Whitelist and Blacklist options for Trackbacks and Pingbacks

10 No CVEs
WP-Mail-Validator

WP-Mail-Validator

wp-mail-validator

A
85

WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:

10 No CVEs
Developer Profile

CM E-Mail Blacklist – Simple email filtering for safer registration Developer Profile

CreativeMindsSolutions

19 plugins · 22K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
535 days
View full developer profile
Detection Fingerprints

How We Detect CM E-Mail Blacklist – Simple email filtering for safer registration

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cm-email-blacklist/assets/css/cm-email-blacklist.css/wp-content/plugins/cm-email-blacklist/assets/js/cm-email-blacklist.js
Script Paths
/wp-content/plugins/cm-email-blacklist/assets/js/cm-email-blacklist.js
Version Parameters
cm-email-blacklist/assets/css/cm-email-blacklist.css?ver=cm-email-blacklist/assets/js/cm-email-blacklist.js?ver=

HTML / DOM Fingerprints

CSS Classes
cmseparator
FAQ

Frequently Asked Questions about CM E-Mail Blacklist – Simple email filtering for safer registration