[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6F_p6PeRcKyDq2x4rGIDmeNijAeWIpQmufTEXtL4uPo":3,"$f9TZUtJ5M5jmgJ5GO7KvG-sZ9RJSRLmc8qYzcW377EGo":684,"$fovLEo87Q2ZZ4zI4PvdM6N0sxpaw1C0xkmG_iJEl5VpM":688},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":92,"crawl_stats":39,"alternatives":99,"analysis":194,"fingerprints":666},"cm-email-blacklist","CM E-Mail Blacklist – Simple email filtering for safer registration","1.6.4","CreativeMindsSolutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativemindssolutions\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Femail-registration-blacklist-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Pro Plugin Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.videolessonsplugin.com\u002Fvideo-lesson\u002Flesson\u002Femail-domain-blacklist-plugin\u002F\" rel=\"nofollow ugc\">Videos\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcreativeminds.helpscoutdocs.com\u002Fcategory\u002F285-email-registration-blacklist-cmrb\" rel=\"nofollow ugc\">User Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Safeguard your WordPress site from unauthorized registrations and spammers by implementing personalized rules for blacklisting and whitelisting with our WordPress blacklist plugin solution.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows you to block or allow users to enter your website based on specific criteria. With customizable domain, IP and email blacklists you can prevent users from registering.\u003C\u002Fp>\n\u003Cp>Conversely, thanks to the whitelist feature of our WordPress plugin, you can ensure that only users with approved email domains, usernames, or IP addresses can register.\u003C\u002Fp>\n\u003Ch3>Enhance WordPress Site Security\u003C\u002Fh3>\n\u003Cp>Our blacklist plugin enables you to increase the security of your WordPress site and prevent spam registrations from fake or malicious users.\u003C\u002Fp>\n\u003Cp>Additionally, this feature-packed tool gives you greater control over who can access your site’s and community content.\u003C\u002Fp>\n\u003Ch3>Email Blacklist and Anti-Spam plugin Premium Editions\u003C\u002Fh3>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Femail-registration-blacklist-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Email Blacklist and Anti-Spam Plugin Premium editions\u003C\u002Fa> includes even more powerful features, such as: support for contact forms and WordPress comments, white list and blacklist features work across domains and emails, domain and email testing tool and much more.\u003C\u002Fp>\n\u003Ch3>Email Blacklist and Anti-Spam plugin Introduction Video (Pro Version)\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F123027044\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>How to Use the Email Blacklist Feature of the Plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Closed Beta\u003C\u002Fstrong> – Control users in your beta site release.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Members Only\u003C\u002Fstrong> – Add suspicious domains to the blacklist and block their users from registrating.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam blocker\u003C\u002Fstrong> – Prevent spam users from registering.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Basic WordPress Blacklist Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Support Free Domain List from SpamAssassin.\u003C\u002Fli>\n\u003Cli>Support a domain whitelist plugin feature.\u003C\u002Fli>\n\u003Cli>Support an email blacklist plugin feature.\u003C\u002Fli>\n\u003Cli>Support an IP whitelist plugin feature.\u003C\u002Fli>\n\u003Cli>Admin can edit front-end labels and messages.\u003C\u002Fli>\n\u003Cli>Includes tester.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Femail-registration-blacklist-plugin-for-wordpress\u002F\" rel=\"nofollow ugc\">Pro Version Detailed Features List\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support DNSBL online service.\u003C\u002Fli>\n\u003Cli>Support domain blacklist and whitelist features.\u003C\u002Fli>\n\u003Cli>Support email blacklist and whitelist features.\u003C\u002Fli>\n\u003Cli>Support IP blacklist and whitelist features.\u003C\u002Fli>\n\u003Cli>Support reserved username blacklist feature.\u003C\u002Fli>\n\u003Cli>Control who is allowed to comment.\u003C\u002Fli>\n\u003Cli>Access to failed registration log.\u003C\u002Fli>\n\u003Cli>Additional errors messages to show to users trying to register.\u003C\u002Fli>\n\u003Cli>Edit profile restriction.\u003C\u002Fli>\n\u003Cli>Support importing list of emails from CSV.\u003C\u002Fli>\n\u003Cli>Includes domain & email tester.\u003C\u002Fli>\n\u003Cli>Special Gmail support.\u003C\u002Fli>\n\u003Cli>Special characters support.\u003C\u002Fli>\n\u003Cli>Contact Form 7 integration.\u003C\u002Fli>\n\u003Cli>ChatGPT integration.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Follow Us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.cminds.com\u002Fcategory\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Blog\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fcmplugins\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fcreativeminds\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fuser\u002Fcmindschannel\" rel=\"nofollow ugc\">YouTube\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fwww.pinterest.com\u002Fcmplugins\u002F\" rel=\"nofollow ugc\">Pinterest\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fcmplugins\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Suggested Plugins by CreativeMinds\u003C\u002Fh3>\n\u003Cp>List of all \u003Ca href=\"https:\u002F\u002Fwww.cminds.com\" rel=\"nofollow ugc\">WordPress Plugins\u003C\u002Fa> by CreativeMinds\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fglossaryplugin.com\u002F\" rel=\"nofollow ugc\">CM Tooltip Glossary\u003C\u002Fa> – Easily creates a Glossary, Encyclopaedia or Dictionary of your website’s terms and shows them as a tooltip in posts and pages when hovering. With many more powerful features.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.downloadmanagerplugin.com\u002F\" rel=\"nofollow ugc\">CM Download Manager\u003C\u002Fa> – Allows users to upload, manage, track and support documents or files in a download directory listing database for others to contribute, use and comment upon.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.answersplugin.com\u002F\" rel=\"nofollow ugc\">CM Answers Plugin\u003C\u002Fa> – A fully-featured WordPress Questions & Answers Plugin that allows you to build multiple discussion forum systems Just like StackOverflow, Yahoo Answers and Quora, Now with MicroPayments and Anonymous posting support.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frestrictcontent.com\u002F\" rel=\"nofollow ugc\">CM Restrict Content\u003C\u002Fa> – A full-featured, powerful membership solution and content restriction plugin for WordPress. Support access by role to content on your site.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fbookingcalendarplugin.com\u002F\" rel=\"nofollow ugc\">CM Booking Calendar\u003C\u002Fa> – Customers can easily schedule appointments and pay for them directly through your website.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block unwanted email registrations on your site with this email blacklist plugin. Protect your site by preventing spam sign-ups.",800,45983,90,8,"2026-01-28T16:31:00.000Z","6.9.4","5.4.0","5.2.4",[20,21,22,23,24],"anti-spam","blacklist","email-blacklist","spam","whitelist","https:\u002F\u002Fwww.cminds.com\u002Fwordpress-plugins-library\u002Femail-registration-blacklist-plugin-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.zip",96,3,0,"2026-01-16 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,61,76],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":41,"severity":42,"cvss_score":43,"cvss_vector":44,"vuln_type":45,"published_date":30,"updated_date":46,"references":47,"days_to_patch":49,"patch_diff_files":50,"patch_trac_url":39,"research_status":51,"research_verified":52,"research_rounds_completed":28,"research_plan":53,"research_summary":54,"research_vulnerable_code":55,"research_fix_diff":56,"research_exploit_outline":57,"research_model_used":58,"research_started_at":59,"research_completed_at":60,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-0691","cm-e-mail-blacklist-authenticated-administrator-stored-cross-site-scripting-via-blackemail-parameter","CM E-Mail Blacklist \u003C= 1.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'black_email' Parameter","The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'black_email' parameter in all versions up to, and including, 1.6.2. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.6.2","1.6.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-01-17 06:42:20",[48],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F821f4ea9-bc25-4d65-9058-5b77c4f1b230?source=api-prod",1,[],"researched",false,"This research plan outlines the technical steps required to demonstrate the Stored Cross-Site Scripting (XSS) vulnerability in the CM E-Mail Blacklist plugin (CVE-2026-0691).\n\n### 1. Vulnerability Summary\nThe CM E-Mail Blacklist plugin (versions \u003C= 1.6.2) fails to properly sanitize the `black_email` input parameter and subsequently fails to escape this value when displaying it in the admin dashboard. While the attack requires Administrator-level privileges, it is considered a vulnerability in multi-site environments or single-site environments where `unfiltered_html` has been disabled for administrators (e.g., via `define('DISALLOW_FILE_EDIT', true);` or specific role manager plugins).\n\n### 2. Attack Vector Analysis\n*   **Vulnerable Endpoint:** WordPress Admin Area (`\u002Fwp-admin\u002Fadmin.php?page=cm-email-blacklist-settings` - *inferred*)\n*   **Vulnerable Parameter:** `black_email`\n*   **Authentication Requirement:** Administrator or higher.\n*   **Action String:** Likely `update` or a plugin-specific AJAX action (e.g., `cm_email_blacklist_save_options` - *inferred*).\n*   **Precondition:** The testing environment must have `unfiltered_html` disabled for the administrator to demonstrate that the plugin's failure to sanitize\u002Fescape is the root cause.\n\n### 3. Code Flow (Inferred)\n1.  **Input:** An administrator navigates to the plugin settings page and submits a list of blacklisted emails.\n2.  **Processing:** The request is handled by an `admin_init` hook or a specific POST handler (likely in `CMEmailBlacklist.php` or an admin-specific file). The code likely retrieves `$_POST['black_email']` and saves it using `update_option()` without calling `sanitize_text_field()` or `wp_kses()`.\n3.  **Storage:** The payload is stored in the `wp_options` table (e.g., under the option name `cm_email_blacklist_data`).\n4.  **Output:** When the settings page or a logs page is reloaded, the plugin retrieves the option using `get_option()` and echoes it directly into a table cell or `\u003Ctextarea>` without using `esc_html()` or `esc_textarea()`.\n\n### 4. Nonce Acquisition Strategy\nThe plugin likely uses the standard WordPress Settings API or a custom form with a nonce field for CSRF protection.\n\n1.  **Identify the Page:** Navigate to the plugin settings page.\n2.  **Locate Nonce:** Search the HTML for a hidden input field, usually named `_wpnonce` or similar.\n3.  **Extraction (PoC Agent):**\n    *   Navigate to the settings page: `browser_navigate(\"http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin.php?page=cm-email-blacklist-settings\")`\n    *   Extract the nonce: `browser_eval(\"document.querySelector('input[name=\\\"_wpnonce\\\"]')?.value\")`\n    *   Identify the option group or action: `browser_eval(\"document.querySelector('input[name=\\\"option_page\\\"]')?.value\")`\n\n### 5. Exploitation Strategy\nThe goal is to inject a JavaScript payload into the blacklist settings that will execute whenever the settings page is viewed.\n\n*   **Step 1: Authenticate.** Log in as an Administrator.\n*   **Step 2: Access Settings.** Navigate to the \"CM E-Mail Blacklist\" settings page.\n*   **Step 3: Capture Form Data.** Identify the exact POST structure. Usually, it targets `options.php` or `admin-post.php`.\n*   **Step 4: Send Payload.**\n    *   **Payload:** `\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>`\n    *   **HTTP Request (via `http_request`):**\n        ```http\n        POST \u002Fwp-admin\u002Foptions.php HTTP\u002F1.1\n        Content-Type: application\u002Fx-www-form-urlencoded\n\n        option_page=cm_email_blacklist_options&\n        action=update&\n        _wpnonce=[EXTRACTED_NONCE]&\n        black_email=test@example.com%0A%22%3E%3Cscript%3Ealert(document.domain)%3C\u002Fscript%3E\n        ```\n*   **Step 5: Trigger XSS.** Navigate back to the settings page to verify execution.\n\n### 6. Test Data Setup\n1.  **Plugin Installation:** Ensure `cm-email-blacklist` version 1.6.2 is active.\n2.  **Disable `unfiltered_html`:**\n    *   Use WP-CLI: `wp config set DISALLOW_UNFILTERED_HTML true --raw`\n    *   *Alternative:* Create a site admin who does not have this capability if on Multisite.\n3.  **Initial State:** Ensure the blacklist is empty.\n\n### 7. Expected Results\n*   The `POST` request should return a `302 Found` redirecting back to the settings page.\n*   The settings page HTML will contain the raw payload: `...value=\"test@example.com \">\u003Cscript>alert(document.domain)\u003C\u002Fscript>\"...`\n*   The browser will trigger an alert box showing the domain, confirming script execution in the admin context.\n\n### 8. Verification Steps\n1.  **Database Check:** Use WP-CLI to verify the payload is stored exactly as sent.\n    `wp option get cm_email_blacklist_data` (Inferred option name)\n2.  **Response Inspection:** Inspect the source of the settings page.\n    `http_request` GET to the settings page and grep for `\u003Cscript>alert`.\n\n### 9. Alternative Approaches\n*   **AJAX Handler:** If the plugin uses AJAX to save settings, look for `wp_ajax_cm_blacklist_save`. The payload remains the same, but the Content-Type may be `multipart\u002Fform-data` and the endpoint will be `\u002Fwp-admin\u002Fadmin-ajax.php`.\n*   **Import Feature:** If the plugin has an \"Import CSV\" or \"Bulk Upload\" feature, the `black_email` parameter might be processed through a file upload. A CSV containing the XSS payload can be uploaded to trigger the same vulnerability.\n*   **Bypass Attenuation:** If the plugin escapes the value inside a `\u003Ctextarea>` but not in a `\u003Ctd>` list, try a payload that breaks out of the table cell, like `\u003C\u002Ftd>\u003Ctd>\u003Cscript>alert(1)\u003C\u002Fscript>\u003C\u002Ftd>`.","The CM E-Mail Blacklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'black_email' parameter in versions up to 1.6.2. This occurs because the plugin fails to sanitize input during storage and escape output during display, allowing administrators (particularly in Multisite environments) to inject malicious scripts that execute when users view the settings page.","\u002F* Inferred from vulnerability description and research plan *\u002F\n\u002F* Likely located in the settings handling logic of the plugin *\u002F\n\n\u002F\u002F Processing input (Input is saved directly without sanitization)\nif (isset($_POST['black_email'])) {\n    update_option('cm_email_blacklist_data', $_POST['black_email']);\n}\n\n---\n\n\u002F\u002F Displaying output (Option is retrieved and echoed without escaping)\n$blacklist = get_option('cm_email_blacklist_data');\n?>\n\u003Ctextarea name=\"black_email\">\u003C?php echo $blacklist; ?>\u003C\u002Ftextarea>\n\u003C?php","--- a\u002Fcm-email-blacklist\u002Fadmin\u002Fsettings.php\n+++ b\u002Fcm-email-blacklist\u002Fadmin\u002Fsettings.php\n@@ -1,7 +1,7 @@\n if (isset($_POST['black_email'])) {\n-    update_option('cm_email_blacklist_data', $_POST['black_email']);\n+    update_option('cm_email_blacklist_data', sanitize_textarea_field($_POST['black_email']));\n }\n \n $blacklist = get_option('cm_email_blacklist_data');\n ?>\n-\u003Ctextarea name=\"black_email\">\u003C?php echo $blacklist; ?>\u003C\u002Ftextarea>\n+\u003Ctextarea name=\"black_email\">\u003C?php echo esc_textarea($blacklist); ?>\u003C\u002Ftextarea>","To exploit this vulnerability, an attacker requires Administrator-level privileges on a site where the 'unfiltered_html' capability is restricted (such as a WordPress Multisite installation or a site with DISALLOW_UNFILTERED_HTML enabled). \n\n1. Authenticate as an administrator and navigate to the plugin's settings page (typically \u002Fwp-admin\u002Fadmin.php?page=cm-email-blacklist-settings).\n2. Locate the input field for 'black_email' (usually a textarea for blacklisted email addresses).\n3. Inject an XSS payload designed to break out of the textarea tags, for example: \">\u003C\u002Ftextarea>\u003Cscript>alert(document.domain)\u003C\u002Fscript>.\n4. Submit the form to save the settings. The payload will be stored in the database without sanitization.\n5. The script will execute immediately upon redirection to the settings page, or whenever any administrator views the plugin settings, as the stored value is echoed back into the page without escaping.","gemini-3-flash-preview","2026-05-05 08:05:45","2026-05-05 08:06:08",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":39,"affected_versions":66,"patched_in_version":67,"severity":42,"cvss_score":68,"cvss_vector":69,"vuln_type":45,"published_date":70,"updated_date":71,"references":72,"days_to_patch":74,"patch_diff_files":75,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-24694","cm-e-mail-blacklist-simple-email-filtering-for-safer-registration-reflected-cross-site-scripting","CM E-Mail Blacklist – Simple email filtering for safer registration \u003C= 1.5.5 - Reflected Cross-Site Scripting","The CM E-Mail Blacklist – Simple email filtering for safer registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.5.5","1.5.6",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-02-03 00:00:00","2025-03-14 17:00:44",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4cad38bf-99b9-4bca-b1c0-d90bd2c60a28?source=api-prod",40,[],{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":39,"affected_versions":81,"patched_in_version":82,"severity":42,"cvss_score":83,"cvss_vector":84,"vuln_type":85,"published_date":86,"updated_date":87,"references":88,"days_to_patch":90,"patch_diff_files":91,"patch_trac_url":39,"research_status":39,"research_verified":52,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":52,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-5167","cm-email-registration-blacklist-and-whitelist-cross-site-request-forgery","CM Email Registration Blacklist and Whitelist \u003C= 1.4.8 - Cross-Site Request Forgery","The CM Email Registration Blacklist and Whitelist plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.8. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to add and delete emails and modify the blacklist\u002Fwhitelist via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C=1.4.8","1.4.9",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-06-22 00:00:00","2024-06-27 14:07:44",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5004d789-6e59-403b-8df9-2030a976fc52?source=api-prod",6,[],{"slug":93,"display_name":7,"profile_url":8,"plugin_count":94,"total_installs":95,"avg_security_score":27,"avg_patch_time_days":96,"trust_score":97,"computed_at":98},"creativemindssolutions",19,22010,535,76,"2026-05-19T20:08:02.729Z",[100,121,142,159,178],{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":108,"num_ratings":49,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":119,"download_link":120,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"advanced-email-filter-for-elementor-forms","Advanced Email Filter for Elementor Forms","1.2.0","Mahidul Islam Mukto","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuktoapb\u002F","\u003Cp>Advanced Email Filter for Elementor Forms adds enterprise-grade email validation to your Elementor pro forms. Protect against spam submissions while maintaining flexibility for legitimate users.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Global Blocklist\u002FWhitelist management\u003C\u002Fli>\n\u003Cli>Per-form email filtering rules\u003C\u002Fli>\n\u003Cli>Wildcard support for domains and patterns\u003C\u002Fli>\n\u003Cli>Business email only filter (new feature)\u003C\u002Fli>\n\u003Cli>Disposable \u002F temporary email blocking (new feature)\u003C\u002Fli>\n\u003Cli>Compatible with Elementor Pro forms only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpprodevs.com\u002Fadvanced-email-filter-for-elementor-forms\u002F\" rel=\"nofollow ugc\">Learn more about all features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.wpprodevs.com\u002Fdocs\u002Femail-filter-for-elementor\u002F\" rel=\"nofollow ugc\">Read Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FfMFmGRLFpNQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>There is two place where you can control email filter.\u003C\u002Fp>\n\u003Ch4>Global Settings\u003C\u002Fh4>\n\u003Cp>Navigate to \u003Ccode>Email Filter -> Settings\u003C\u002Fcode> to configure:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocklist\u003C\u002Fstrong>: @spamdomain.com, *.ru, fake-user@\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Whitelist\u003C\u002Fstrong>: @yourcompany.com, admin@, *.trusted.org\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Form-Specific Settings\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Edit Elementor Form widget\u003C\u002Fli>\n\u003Cli>Open \u003Cem>Email Filtering\u003C\u002Fem> section\u003C\u002Fli>\n\u003Cli>Add patterns:\n\u003Cul>\n\u003Cli>Blocklist (form-specific)\u003Cbr \u002F>\n@temp-domain.com, *.xyz\u003C\u002Fli>\n\u003Cli>Whitelist (form-specific)\u003Cbr \u002F>\n@client-domain.com, manager@\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Hooks & Filters\u003C\u002Fh3>\n\u003Cp>Customize validation behavior using these hooks:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Modify validation error message\nadd_filter('aefe_validation_error', function($message, $email) {\n    return sprintf(__('Error: %s is blocked', 'text-domain'), $email);\n}, 10, 2);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enhance Elementor Pro Forms with advanced email filtering capabilities including global blocklists\u002Fwhitelist and per-form controls.",100,1178,"2025-07-05T16:37:00.000Z","6.8.5","5.6","7.4",[115,116,22,117,118],"disposable-email","elementor-form","spam-protection","whitelist-email","https:\u002F\u002Fwww.mukto.info\u002Fproject\u002Fadvanced-email-filter-for-elementor-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-email-filter-for-elementor-forms.1.2.0.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":134,"tags":136,"homepage":139,"download_link":140,"security_score":27,"vuln_count":14,"unpatched_count":29,"last_vuln_date":141,"fetched_at":31},"contact-forms-anti-spam","Maspik – Ultimate Spam Protection","2.8.0","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>Maspik is an advanced WordPress anti-spam plugin that blocks bots, fake leads, and unwanted submissions across your entire site — without hurting real users.\u003C\u002Fp>\n\u003Cp>Trusted by thousands of websites worldwide. Works automatically on activation.\u003C\u002Fp>\n\u003Cp>👉 Works with all major form plugins. No CAPTCHA. No coding. Immediate results.\u003C\u002Fp>\n\u003Ch3>Why block spam with Maspik?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Cstrong>Instant protection\u003C\u002Fstrong> – Works as soon as you activate the plugin.\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>High success rate\u003C\u002Fstrong> – Better protection than traditional CAPTCHA.\u003C\u002Fli>\n\u003Cli>🔍 \u003Cstrong>Smart detection\u003C\u002Fstrong> – Identifies spam patterns automatically with advanced rules and optional AI spam detection.\u003C\u002Fli>\n\u003Cli>🌐 \u003Cstrong>Wide compatibility\u003C\u002Fstrong> – Supports all major form plugins and WordPress core forms (comments, registration).\u003C\u002Fli>\n\u003Cli>🛠️ \u003Cstrong>Fully customizable\u003C\u002Fstrong> – Blacklists, IP blocking, character limits, link limits, countries, languages, and more.\u003C\u002Fli>\n\u003Cli>👥 \u003Cstrong>Spam Block Guarantee\u003C\u002Fstrong> – We are committed to helping you block spam. See the \u003Ca href=\"#-spam-block-guarantee---for-all-users\" rel=\"nofollow ugc\">Spam Block Guarantee\u003C\u002Fa> section.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>✅ Works instantly with popular form plugins and core WordPress forms\u003Cbr \u002F>\n✅ No CAPTCHA required – silent protection for your visitors\u003Cbr \u002F>\n✅ Forbidden keywords list system (Blacklist\u002FBlocklist) – block any word, phrase, or pattern you want per field type\u003Cbr \u002F>\n✅ IP blacklist & API integrations\u003Cbr \u002F>\n✅ Phone number validation\u003Cbr \u002F>\n✅ Multiple honeypot methods and advanced key checks\u003Cbr \u002F>\n✅ Multi-language support\u003Cbr \u002F>\n✅ Maspik Matrix – Cloud-based Multi-layer spam protection engine\u003C\u002Fp>\n\u003Ch3>Detailed Features – Advanced Spam Protection & Filtering\u003C\u002Fh3>\n\u003Ch3>Maspik Matrix – Advanced Multi-Layer Spam Protection\u003C\u002Fh3>\n\u003Cp>Maspik Matrix is a powerful layered spam filter that combines multiple detection methods into one unified protection system.\u003C\u002Fp>\n\u003Cp>This engine performs several checks in parallel to increase accuracy and reduce false positives, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP reputation and risk scoring  \u003C\u002Fli>\n\u003Cli>Pattern matching and keyword analysis  \u003C\u002Fli>\n\u003Cli>Heuristic behavior checks  \u003C\u002Fli>\n\u003Cli>Structural and content-based evaluation  \u003C\u002Fli>\n\u003Cli>AI Spam Check scoring mechanisms  \u003C\u002Fli>\n\u003Cli>Learn from spam submissions and improve over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Maspik Matrix provides stronger, faster, and more reliable spam detection by evaluating each submission through multiple layers of protection simultaneously.\u003C\u002Fp>\n\u003Cp>Maspik includes \u003Cstrong>100 free Matrix checks\u003C\u002Fstrong> so you can start protecting forms immediately.\u003Cbr \u002F>\n\u003Cstrong>Pro users get unlimited Matrix checks\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Note – Local checks are not counted towards the monthly limit, only API calls are counted.\u003C\u002Fp>\n\u003Ch3>Blacklisting by Field Type\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Text fields\u002FText area fields\u003C\u002Fstrong> (e.g. name, subject, message)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email fields\u003C\u002Fstrong> (supports regex\u002Fwildcard patterns)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL fields\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Phone number fields\u003C\u002Fstrong> (regex\u002Fwildcard support)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Blocking Capabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Specific IP addresses\u003C\u002Fli>\n\u003Cli>Spam submissions in:\n\u003Cul>\n\u003Cli>WordPress comments\u003C\u002Fli>\n\u003Cli>WordPress registration forms\u003C\u002Fli>\n\u003Cli>Contact forms from supported plugins (see list below)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Option to block submissions containing emojis in textarea fields\u003C\u002Fli>\n\u003Cli>Blocking bot-generated submissions\u003C\u002Fli>\n\u003Cli>Advanced key checks to detect automated submissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Advanced Blocking\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Honeypot fields (multiple strategies)\u003C\u002Fli>\n\u003Cli>IP verification (100 checks\u002Fmonth in free version)\u003C\u002Fli>\n\u003Cli>Advanced key check engine\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Character Control\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Maximum characters in text fields\u003C\u002Fli>\n\u003Cli>Maximum characters in textarea fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Link Limitation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Limit the number of links allowed in textarea fields (for example, 0–1 links)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>API Integrations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Proxycheck.io\u003C\u002Fstrong> – Check IP addresses against proxy\u002FVPN\u002FTOR\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AbuseIPDB.com\u003C\u002Fstrong> – Check IP addresses against abuse\u002Fspam\u002Fmalicious\u002Fproxy\u002FVPN\u002FTOR\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Numverify.com\u003C\u002Fstrong> – Validate phone numbers to block spam phone numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Spam Log\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Review blocked submissions\u003C\u002Fli>\n\u003Cli>Understand why and how spam was blocked\u003C\u002Fli>\n\u003Cli>Use logs to fine-tune your spam protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Detailed Statistics\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Track how many spam submissions were blocked\u003C\u002Fli>\n\u003Cli>Analyze patterns\u003C\u002Fli>\n\u003Cli>Monitor protection over time\u003C\u002Fli>\n\u003Cli>Advanced spam statistics dashboard in the admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supported Forms\u003C\u002Fh3>\n\u003Cp>Maspik integrates seamlessly with a wide range of popular form plugins and WordPress core forms:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Elementor Forms\u003C\u002Fli>\n\u003Cli>Elementor Atomic Forms\u003C\u002Fli>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Hello Plus\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Everest Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>JetFormBuilder\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003Cli>Fluent Forms\u003C\u002Fli>\n\u003Cli>Bricks Builder Forms\u003C\u002Fli>\n\u003Cli>Breakdance Builder Forms\u003C\u002Fli>\n\u003Cli>BuddyPress\u003C\u002Fli>\n\u003Cli>Bitforms\u003C\u002Fli>\n\u003Cli>Metform\u003C\u002Fli>\n\u003Cli>WordPress comments\u003C\u002Fli>\n\u003Cli>WordPress registration form\u003C\u002Fli>\n\u003Cli>Custom PHP forms\u003C\u002Fli>\n\u003Cli>WPForms*  \u003C\u002Fli>\n\u003Cli>Gravity Forms*  \u003C\u002Fli>\n\u003Cli>WooCommerce registration form*  \u003C\u002Fli>\n\u003Cli>WooCommerce review*\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*) Pro license required.\u003C\u002Fp>\n\u003Ch3>Pro Version Features 🌟\u003C\u002Fh3>\n\u003Cp>Upgrade to Maspik Pro to unlock powerful additional features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>⭐ Maspik Matrix – Unlimited checks\u003C\u002Fli>\n\u003Cli>⭐ Custom spam dashboard for multiple sites – manage all spam settings from one place\u003C\u002Fli>\n\u003Cli>⭐ Country-based filtering – block spam by country or allow only specific countries\u003C\u002Fli>\n\u003Cli>⭐ Language-based filtering – block spam by language or allow only specific languages\u003C\u002Fli>\n\u003Cli>⭐ Settings import\u002Fexport\u003C\u002Fli>\n\u003Cli>⭐ Premium support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Learn more and get Maspik Pro at:\u003Cbr \u002F>\nhttps:\u002F\u002Fwpmaspik.com\u002F?readme-file\u003C\u002Fp>\n\u003Ch3>Important Note\u003C\u002Fh3>\n\u003Cp>Be cautious when selecting words to blacklist, as every website has different needs.\u003Cbr \u002F>\nFor example, if you are a digital marketing agency and blacklist the word “SEO”, you may lose some valid leads.\u003C\u002Fp>\n\u003Cp>The plugin is provided “as is” and the user assumes full responsibility for configuring and using it appropriately for their specific needs.\u003C\u002Fp>\n\u003Cp>Maspik is GDPR compliant.\u003C\u002Fp>\n\u003Ch3>Support & Community\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🚀 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fdocumentation\u002Fgetting-started\u002F?readme-file\" rel=\"nofollow ugc\">Get Started guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>📚 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fdocumentation\u002F?readme-file\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fmaspik\" rel=\"nofollow ugc\">Community Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F#support?readme-file\" rel=\"nofollow ugc\">Report Issues\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💡 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F#support?readme-file\" rel=\"nofollow ugc\">Feature Requests\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💰 \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002Fget-maspik-pro-for-free-share-your-expertise\u002F?readme-file\" rel=\"nofollow ugc\">Receive Maspik Pro for free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💖 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-forms-anti-spam\u002Freviews\u002F#new-post\" rel=\"ugc\">Support us with a 5-star review\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>✨ \u003Ca href=\"https:\u002F\u002Fwpmaspik.com\u002F?readme-file\" rel=\"nofollow ugc\">WP Maspik Website\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛡️ Spam Block Guarantee – for all users\u003C\u002Fh3>\n\u003Cp>We stand behind our protection. If spam is still getting through your forms, our team is here to help and guide you to block it.\u003C\u002Fp>\n\u003Ch3>Getting Help is Easy\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Join our \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fmaspik\" rel=\"nofollow ugc\">Community Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create a new post with:\n\u003Cul>\n\u003Cli>Your website URL and form page URL (optional)\u003C\u002Fli>\n\u003Cli>Description of the spam you are receiving\u003C\u002Fli>\n\u003Cli>Screenshot or text of sample spam submissions\u003C\u002Fli>\n\u003Cli>Your Maspik version\u003C\u002Fli>\n\u003Cli>Screenshot or export of your current Maspik settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Our team will guide you step-by-step to block the spam effectively.\u003C\u002Fp>\n","No more fake leads or unwanted submissions — Maspik blocks spam instantly across all forms without using CAPTCHA.",30000,854453,94,83,"2026-04-15T10:30:00.000Z","7.0","5.0",[20,137,21,138,23],"antispam","honeypot","https:\u002F\u002Fwpmaspik.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-forms-anti-spam.2.8.0.zip","2025-09-09 17:27:41",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":108,"downloaded":150,"rating":29,"num_ratings":29,"last_updated":151,"tested_up_to":111,"requires_at_least":152,"requires_php":134,"tags":153,"homepage":157,"download_link":158,"security_score":108,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"exact-match-disallowed-comment-contact-forms","Exact Match Disallowed Comment & Contact Forms","1.3.1","Ryan Howard","https:\u002F\u002Fprofiles.wordpress.org\u002Fryhowa\u002F","\u003Cp>Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.\u003C\u002Fp>\n\u003Cp>The WordPress comment blocklist inside matches keywords, so for example, blocklisting a word such as “pasta” will automatically delete comments containing “pastaroni” or “anitpasta” (but not “chef boyardee”).\u003C\u002Fp>\n\u003Cp>If you try to use the WordPress comment blocklist for contact form entries, this can be hugely problematic. The first major issue is falsely identifying comments as spam so you risk blocking valid contact form entries.\u003C\u002Fp>\n\u003Cp>Additionally, there’s no moderation queue built into Formidable Forms, Contact Form 7, or Gravity Forms for entries marked as spam. This plugin fixes those issues.\u003C\u002Fp>\n\u003Ch4>Changing the default WordPress comment blocklist functionality\u003C\u002Fh4>\n\u003Cp>This plugin changes the default inside match blocklist functionality to exact match keywords, URLs, and ip addresses. If you add “karaoke” to your blocklist you’ll only be blocking “karaoke” and not “karaoke stars.”\u003C\u002Fp>\n\u003Ch4>Retaining Contact Form Entries\u003C\u002Fh4>\n\u003Cp>The plugin also retains contact form entries marked as spam in your database, so you can check them from the WordPress admin area.\u003C\u002Fp>\n\u003Ch4>Important Notes \u002F FAQ\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>For default comments in a post after submitting, if blocklisted, the comment will go to Spam status, whereas the default functionality would be to send that comment to the trash.\u003C\u002Fli>\n\u003Cli>We’re currently configured to work with Contact Form 7, Formidable Forms and Gravity Forms.\u003C\u002Fli>\n\u003Cli>Add keywords you want to block to the WordPress admin area under \u003Cstrong>Settings > Discussion > Disallowed Comment Keys\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Upon activation, the plugin will automatically populate three keywords by default in the “Disallowed Comment Keys” field in the WP Admin area. This is so you know things are working. We leave it to the user to control their specific blocklist keywords. If you want a list of we’ll known spam words as a starting point, check your preferred search engine for “ultimate comment blocklist” or “WordPress comment blocklist.”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CAUTION:\u003C\u002Fstrong> Even though this is a significantly less blunt approach than the default WordPress functionality, please be careful. If you add the word “appointment” to your blocklist, you will block any form fill with the word “appointment” from getting through to your inbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support the Plugin\u003C\u002Fh4>\n\u003Cp>If you love this plugin and want to support it, you can help us by linking to this page, leaving constructive feedback, or sending a monetary donation \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fcompletewebresources\" rel=\"nofollow ugc\">paypal.me\u002Fcompletewebresources\u003C\u002Fa>.\u003C\u002Fp>\n","Change the default WordPress comment blocklist functionality to exact match and save entries marked as spam for review.",3594,"2025-11-17T17:52:00.000Z","",[20,21,154,155,156],"contact-form-7","formidable","gravity-forms","https:\u002F\u002Fwww.completewebresources.com\u002Fexact-match-disallowed-comment-contact-forms-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexact-match-disallowed-comment-contact-forms.1.3.1.zip",{"slug":160,"name":161,"version":162,"author":163,"author_profile":164,"description":165,"short_description":166,"active_installs":167,"downloaded":168,"rating":29,"num_ratings":29,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":152,"tags":172,"homepage":175,"download_link":176,"security_score":177,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"back-list","Back List","0.5","w3prodigy","https:\u002F\u002Fprofiles.wordpress.org\u002Fw3prodigy\u002F","\u003Cp>Adds Whitelist and Blacklist options for Trackbacks and Pingbacks as well as the option to auto-accept Trackbacks from your own blog. These options can be found on the Discussion Options page.\u003C\u002Fp>\n","Adds Whitelist and Blacklist options for Trackbacks and Pingbacks",10,2263,"2010-09-07T16:01:00.000Z","3.0.5","3.0",[20,21,173,174],"comments","security","http:\u002F\u002Fw3prodigy.com\u002Fwordpress-plugins\u002Fback-list\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-list.zip",85,{"slug":179,"name":180,"version":181,"author":182,"author_profile":183,"description":184,"short_description":185,"active_installs":167,"downloaded":186,"rating":29,"num_ratings":29,"last_updated":187,"tested_up_to":188,"requires_at_least":189,"requires_php":152,"tags":190,"homepage":192,"download_link":193,"security_score":177,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"wp-mail-validator","WP-Mail-Validator","0.6.5","kimpenhaus","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimpenhaus\u002F","\u003Cp>WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>syntax of mail-addresses\u003C\u002Fli>\n\u003Cli>mailserver host\u003C\u002Fli>\n\u003Cli>mx-record of mailserver\u003C\u002Fli>\n\u003Cli>user-defined blacklist\u003C\u002Fli>\n\u003Cli>trashmail services\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once the plugin identifies a mail-address to be non existing on the mailserver or being on the blacklist or\u003Cbr \u002F>\nfrom trashmail service, any comment being made is moved to the spam area awaiting moderation from the blog owner.\u003C\u002Fp>\n\u003Ch3>Theme-Modification\u003C\u002Fh3>\n\u003Cp>WP-Mail-Validator comes with 3 theme functions that can be used:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>wp_mail_validator_info_label()\u003C\u002Fcode>: shows a protected by info label\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_version()\u003C\u002Fcode>: shows the current plugin version\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_mail_validator_fended_spam_attack_count()\u003C\u002Fcode>: shows the count of spam attackes fended\u003C\u002Fli>\n\u003C\u002Fol>\n","WP-Mail-Validator is an anti-spam plugin. It provides mail-address validation in 5 ways:",3235,"2020-04-13T17:37:00.000Z","5.4.19","5.2.0",[20,21,173,174,191],"trashmail","https:\u002F\u002Fgithub.com\u002Fkimpenhaus\u002Fwp-mail-validator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-validator.0.6.5.zip",{"attackSurface":195,"codeSignals":294,"taintFlows":607,"riskAssessment":653,"analyzedAt":665},{"hooks":196,"ajaxHandlers":257,"restRoutes":275,"shortcodes":276,"cronEvents":293,"entryPointCount":14,"unprotectedCount":28},[197,203,208,212,217,221,224,228,232,235,240,244,249,253,255],{"type":198,"name":199,"callback":200,"file":201,"line":202},"action","admin_head","cmeb_admin_head","cm-email-blacklist.php",103,{"type":198,"name":204,"callback":205,"priority":167,"file":206,"line":207},"activated_plugin","redirectAfterInstall","package\\cminds-free.php",31,{"type":198,"name":209,"callback":210,"file":206,"line":211},"admin_init","registerAdminActions",33,{"type":198,"name":213,"callback":214,"priority":215,"file":206,"line":216},"admin_menu","updateMenu",21,34,{"type":198,"name":218,"callback":219,"file":206,"line":220},"admin_enqueue_scripts","enqueueAdminStyles",35,{"type":198,"name":218,"callback":222,"file":206,"line":223},"enqueueAdminScripts",36,{"type":198,"name":225,"callback":226,"file":206,"line":227},"cminds_download_sysinfo","cminds_generate_sysinfo_download",48,{"type":198,"name":229,"callback":230,"file":206,"line":231},"init","cminds_get_actions",50,{"type":198,"name":229,"callback":233,"file":206,"line":234},"cminds_post_actions",51,{"type":236,"name":237,"callback":238,"priority":167,"file":206,"line":239},"filter","plugin_row_meta","add_plugin_meta_links",59,{"type":198,"name":241,"callback":242,"file":206,"line":243},"wp_dashboard_setup","addDashboardWidget",62,{"type":198,"name":245,"callback":246,"priority":247,"file":206,"line":248},"admin_footer","showDeactivationFeedbackDialog",11,157,{"type":236,"name":250,"callback":251,"file":206,"line":252},"wp_mail_content_type","cminds_set_content_type",311,{"type":236,"name":250,"callback":251,"file":206,"line":254},2073,{"type":236,"name":250,"callback":251,"file":206,"line":256},2164,[258,263,267,271],{"action":259,"nopriv":52,"callback":260,"hasNonce":52,"hasCapCheck":261,"file":206,"line":262},"cm-submit-uninstall-reason","submitUninstallReason",true,147,{"action":264,"nopriv":52,"callback":265,"hasNonce":52,"hasCapCheck":52,"file":206,"line":266},"cm-submit-registration-email","submitRegistrationEmail",148,{"action":268,"nopriv":52,"callback":269,"hasNonce":52,"hasCapCheck":52,"file":206,"line":270},"cm-submit-deregistration","submitDeregistration",149,{"action":272,"nopriv":52,"callback":273,"hasNonce":52,"hasCapCheck":52,"file":206,"line":274},"cm-submit-registration-skip","submitRegistrationSkip",150,[],[277,281,285,289],{"tag":278,"callback":279,"file":206,"line":280},"cminds_free_registration","showRegistration",54,{"tag":282,"callback":283,"file":206,"line":284},"cminds_free_guide","showGuide",55,{"tag":286,"callback":287,"file":206,"line":288},"cminds_upgrade_box","showUpgrade",56,{"tag":290,"callback":291,"file":206,"line":292},"cminds_free_activation","showActivation",57,[],{"dangerousFunctions":295,"sqlUsage":296,"outputEscaping":298,"fileOperations":29,"externalRequests":605,"nonceChecks":28,"capabilityChecks":49,"bundledLibraries":606},[],{"prepared":29,"raw":29,"locations":297},[],{"escaped":299,"rawEcho":300,"locations":301},115,154,[302,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,336,338,340,342,344,346,348,350,352,354,356,358,360,362,363,364,366,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,492,495,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,527,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,574,576,578,580,582,584,585,587,589,591,593,595,597,599,601,603],{"file":206,"line":303,"context":304},194,"raw output",{"file":206,"line":306,"context":304},304,{"file":206,"line":308,"context":304},409,{"file":206,"line":310,"context":304},427,{"file":206,"line":312,"context":304},440,{"file":206,"line":314,"context":304},441,{"file":206,"line":316,"context":304},455,{"file":206,"line":318,"context":304},544,{"file":206,"line":320,"context":304},631,{"file":206,"line":322,"context":304},788,{"file":206,"line":324,"context":304},791,{"file":206,"line":326,"context":304},802,{"file":206,"line":328,"context":304},822,{"file":206,"line":330,"context":304},829,{"file":206,"line":332,"context":304},843,{"file":206,"line":334,"context":304},852,{"file":206,"line":334,"context":304},{"file":206,"line":337,"context":304},855,{"file":206,"line":339,"context":304},1118,{"file":206,"line":341,"context":304},1142,{"file":206,"line":343,"context":304},1205,{"file":206,"line":345,"context":304},1539,{"file":206,"line":347,"context":304},1552,{"file":206,"line":349,"context":304},1555,{"file":206,"line":351,"context":304},1563,{"file":206,"line":353,"context":304},1573,{"file":206,"line":355,"context":304},1807,{"file":206,"line":357,"context":304},1876,{"file":206,"line":359,"context":304},1884,{"file":206,"line":361,"context":304},1887,{"file":206,"line":361,"context":304},{"file":206,"line":361,"context":304},{"file":206,"line":365,"context":304},1889,{"file":206,"line":365,"context":304},{"file":206,"line":368,"context":304},1912,{"file":206,"line":370,"context":304},1915,{"file":206,"line":372,"context":304},1936,{"file":206,"line":374,"context":304},2397,{"file":206,"line":376,"context":304},2401,{"file":206,"line":378,"context":304},2422,{"file":206,"line":380,"context":304},2423,{"file":206,"line":382,"context":304},2424,{"file":206,"line":384,"context":304},2425,{"file":206,"line":386,"context":304},2426,{"file":206,"line":388,"context":304},2431,{"file":206,"line":390,"context":304},2544,{"file":206,"line":392,"context":304},2549,{"file":206,"line":394,"context":304},2555,{"file":206,"line":396,"context":304},2559,{"file":206,"line":398,"context":304},2564,{"file":206,"line":400,"context":304},2571,{"file":206,"line":402,"context":304},2578,{"file":206,"line":404,"context":304},2585,{"file":206,"line":406,"context":304},2592,{"file":206,"line":408,"context":304},2599,{"file":206,"line":410,"context":304},2606,{"file":206,"line":412,"context":304},2613,{"file":206,"line":414,"context":304},2620,{"file":206,"line":416,"context":304},2629,{"file":206,"line":418,"context":304},2631,{"file":206,"line":420,"context":304},2635,{"file":206,"line":422,"context":304},2637,{"file":206,"line":424,"context":304},2640,{"file":206,"line":426,"context":304},2645,{"file":206,"line":428,"context":304},2650,{"file":206,"line":430,"context":304},2655,{"file":206,"line":432,"context":304},2660,{"file":206,"line":434,"context":304},2665,{"file":206,"line":436,"context":304},2670,{"file":206,"line":438,"context":304},2675,{"file":206,"line":440,"context":304},2749,{"file":206,"line":442,"context":304},2753,{"file":206,"line":444,"context":304},2754,{"file":206,"line":446,"context":304},2756,{"file":206,"line":448,"context":304},2757,{"file":206,"line":450,"context":304},2758,{"file":206,"line":452,"context":304},2760,{"file":206,"line":454,"context":304},2763,{"file":206,"line":456,"context":304},2767,{"file":206,"line":458,"context":304},2770,{"file":206,"line":460,"context":304},2771,{"file":206,"line":462,"context":304},2772,{"file":206,"line":464,"context":304},2773,{"file":206,"line":466,"context":304},2774,{"file":206,"line":468,"context":304},2775,{"file":206,"line":470,"context":304},2776,{"file":206,"line":472,"context":304},2782,{"file":206,"line":474,"context":304},2791,{"file":206,"line":476,"context":304},2794,{"file":206,"line":478,"context":304},2798,{"file":206,"line":480,"context":304},2819,{"file":206,"line":482,"context":304},2836,{"file":206,"line":484,"context":304},2849,{"file":206,"line":486,"context":304},2870,{"file":206,"line":488,"context":304},2893,{"file":490,"line":491,"context":304},"package\\views\\deactivation_feedback_modal.php",32,{"file":493,"line":494,"context":304},"package\\views\\registration.php",42,{"file":493,"line":243,"context":304},{"file":493,"line":497,"context":304},234,{"file":493,"line":499,"context":304},238,{"file":493,"line":501,"context":304},328,{"file":493,"line":503,"context":304},351,{"file":493,"line":505,"context":304},398,{"file":493,"line":507,"context":304},402,{"file":493,"line":509,"context":304},407,{"file":493,"line":511,"context":304},413,{"file":513,"line":14,"context":304},"package\\views\\userguide_free.php",{"file":513,"line":515,"context":304},13,{"file":513,"line":517,"context":304},292,{"file":513,"line":519,"context":304},335,{"file":513,"line":521,"context":304},359,{"file":513,"line":523,"context":304},382,{"file":513,"line":525,"context":304},392,{"file":513,"line":505,"context":304},{"file":513,"line":505,"context":304},{"file":513,"line":529,"context":304},411,{"file":513,"line":531,"context":304},420,{"file":513,"line":533,"context":304},433,{"file":513,"line":535,"context":304},434,{"file":513,"line":537,"context":304},447,{"file":513,"line":539,"context":304},462,{"file":513,"line":541,"context":304},482,{"file":513,"line":543,"context":304},483,{"file":513,"line":545,"context":304},496,{"file":513,"line":547,"context":304},503,{"file":513,"line":549,"context":304},504,{"file":513,"line":551,"context":304},517,{"file":513,"line":553,"context":304},524,{"file":513,"line":555,"context":304},525,{"file":513,"line":557,"context":304},538,{"file":513,"line":559,"context":304},545,{"file":513,"line":561,"context":304},546,{"file":513,"line":563,"context":304},559,{"file":513,"line":565,"context":304},566,{"file":513,"line":567,"context":304},567,{"file":513,"line":569,"context":304},580,{"file":513,"line":571,"context":304},587,{"file":513,"line":573,"context":304},588,{"file":513,"line":575,"context":304},601,{"file":513,"line":577,"context":304},609,{"file":513,"line":579,"context":304},610,{"file":513,"line":581,"context":304},623,{"file":513,"line":583,"context":304},630,{"file":513,"line":320,"context":304},{"file":513,"line":586,"context":304},644,{"file":513,"line":588,"context":304},651,{"file":513,"line":590,"context":304},652,{"file":513,"line":592,"context":304},665,{"file":513,"line":594,"context":304},672,{"file":513,"line":596,"context":304},673,{"file":513,"line":598,"context":304},686,{"file":513,"line":600,"context":304},692,{"file":513,"line":602,"context":304},693,{"file":513,"line":604,"context":304},694,5,[],[608,623,633],{"entryPoint":609,"graph":610,"unsanitizedCount":49,"severity":42},"cminds_system_info_content (package\\cminds-free.php:2723)",{"nodes":611,"edges":621},[612,616],{"id":613,"type":614,"label":615,"file":206,"line":456},"n0","source","$_SERVER['SERVER_SOFTWARE']",{"id":617,"type":618,"label":619,"file":206,"line":456,"wp_function":620},"n1","sink","echo() [XSS]","echo",[622],{"from":613,"to":617,"sanitized":52},{"entryPoint":624,"graph":625,"unsanitizedCount":29,"severity":632},"cminds_generate_sysinfo_download (package\\cminds-free.php:2886)",{"nodes":626,"edges":630},[627,629],{"id":613,"type":614,"label":628,"file":206,"line":488},"$_POST['cminds-sysinfo']",{"id":617,"type":618,"label":619,"file":206,"line":488,"wp_function":620},[631],{"from":613,"to":617,"sanitized":261},"low",{"entryPoint":634,"graph":635,"unsanitizedCount":29,"severity":632},"\u003Ccminds-free> (package\\cminds-free.php:0)",{"nodes":636,"edges":649},[637,640,641,643,645,647],{"id":613,"type":614,"label":638,"file":206,"line":639},"$_POST",278,{"id":617,"type":618,"label":619,"file":206,"line":332,"wp_function":620},{"id":642,"type":614,"label":615,"file":206,"line":456},"n2",{"id":644,"type":618,"label":619,"file":206,"line":456,"wp_function":620},"n3",{"id":646,"type":614,"label":628,"file":206,"line":488},"n4",{"id":648,"type":618,"label":619,"file":206,"line":488,"wp_function":620},"n5",[650,651,652],{"from":613,"to":617,"sanitized":261},{"from":642,"to":644,"sanitized":261},{"from":646,"to":648,"sanitized":261},{"summary":654,"deductions":655},"The \"cm-email-blacklist\" v1.6.4 plugin exhibits a mixed security posture. On the positive side, it makes good use of prepared statements for SQL queries and includes nonce checks on some entry points.  However, significant concerns arise from its attack surface, particularly with three out of four AJAX handlers lacking authentication checks, making them vulnerable to unauthorized actions. Additionally, while the taint analysis shows no critical or high severity flows, one flow with an unsanitized path warrants attention for potential injection vulnerabilities. The plugin's vulnerability history, with three previously disclosed medium-severity CVEs for Cross-Site Scripting and CSRF, and the most recent vulnerability dated in the future (implying potential for future undiscovered issues or misrepresentation), suggests a pattern of past security weaknesses that, while currently patched, could indicate ongoing development or maintenance practices that may overlook certain security considerations.",[656,658,660,662],{"reason":657,"points":14},"AJAX handlers without authentication checks",{"reason":659,"points":605},"Output escaping is not consistently applied",{"reason":661,"points":605},"One unsanitized path in taint analysis",{"reason":663,"points":664},"Past medium severity vulnerabilities",9,"2026-03-16T19:16:50.745Z",{"wat":667,"direct":676},{"assetPaths":668,"generatorPatterns":671,"scriptPaths":672,"versionParams":673},[669,670],"\u002Fwp-content\u002Fplugins\u002Fcm-email-blacklist\u002Fassets\u002Fcss\u002Fcm-email-blacklist.css","\u002Fwp-content\u002Fplugins\u002Fcm-email-blacklist\u002Fassets\u002Fjs\u002Fcm-email-blacklist.js",[],[670],[674,675],"cm-email-blacklist\u002Fassets\u002Fcss\u002Fcm-email-blacklist.css?ver=","cm-email-blacklist\u002Fassets\u002Fjs\u002Fcm-email-blacklist.js?ver=",{"cssClasses":677,"htmlComments":679,"htmlAttributes":680,"restEndpoints":681,"jsGlobals":682,"shortcodeOutput":683},[678],"cmseparator",[],[],[],[],[],{"error":261,"url":685,"statusCode":686,"statusMessage":687,"message":687},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcm-email-blacklist\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":689,"versions":690},7,[691,699,707,715,723,731,739],{"version":692,"download_url":693,"svn_tag_url":694,"released_at":39,"has_diff":52,"diff_files_changed":695,"diff_lines":39,"trac_diff_url":696,"vulnerabilities":697,"is_current":52},"1.6.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.6.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.6.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.6.1&new_path=%2Fcm-email-blacklist%2Ftags%2F1.6.2",[698],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":700,"download_url":701,"svn_tag_url":702,"released_at":39,"has_diff":52,"diff_files_changed":703,"diff_lines":39,"trac_diff_url":704,"vulnerabilities":705,"is_current":52},"1.6.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.6.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.6.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.6.0&new_path=%2Fcm-email-blacklist%2Ftags%2F1.6.1",[706],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":708,"download_url":709,"svn_tag_url":710,"released_at":39,"has_diff":52,"diff_files_changed":711,"diff_lines":39,"trac_diff_url":712,"vulnerabilities":713,"is_current":52},"1.6.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.6.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.6.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.5.9&new_path=%2Fcm-email-blacklist%2Ftags%2F1.6.0",[714],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":716,"download_url":717,"svn_tag_url":718,"released_at":39,"has_diff":52,"diff_files_changed":719,"diff_lines":39,"trac_diff_url":720,"vulnerabilities":721,"is_current":52},"1.5.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.5.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.5.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.5.8&new_path=%2Fcm-email-blacklist%2Ftags%2F1.5.9",[722],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":724,"download_url":725,"svn_tag_url":726,"released_at":39,"has_diff":52,"diff_files_changed":727,"diff_lines":39,"trac_diff_url":728,"vulnerabilities":729,"is_current":52},"1.5.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.5.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.5.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.5.7&new_path=%2Fcm-email-blacklist%2Ftags%2F1.5.8",[730],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":732,"download_url":733,"svn_tag_url":734,"released_at":39,"has_diff":52,"diff_files_changed":735,"diff_lines":39,"trac_diff_url":736,"vulnerabilities":737,"is_current":52},"1.5.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.5.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.5.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcm-email-blacklist%2Ftags%2F1.5.6&new_path=%2Fcm-email-blacklist%2Ftags%2F1.5.7",[738],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41},{"version":67,"download_url":740,"svn_tag_url":741,"released_at":39,"has_diff":52,"diff_files_changed":742,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":743,"is_current":52},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcm-email-blacklist.1.5.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcm-email-blacklist\u002Ftags\u002F1.5.6\u002F",[],[744],{"id":35,"url_slug":36,"title":37,"severity":42,"cvss_score":43,"vuln_type":45,"patched_in_version":41}]