[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2x7cgyGF_p8a2HEymAjnGWqwPT1Nuc5S590Jt0iCx84":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":52,"analysis":150,"fingerprints":244},"comment-approved-notifier-extended","Comment Approved Notifier Extended","5.4","ufukart","https:\u002F\u002Fprofiles.wordpress.org\u002Fufukart\u002F","\u003Cp>\u003Cstrong>Comment Approved Notifier Extended\u003C\u002Fstrong> is a lightweight WordPress plugin with a single focus: automatically notify comment authors when their comments are approved.\u003C\u002Fp>\n\u003Ch4>🎯 Single Purpose, Zero Bloat\u003C\u002Fh4>\n\u003Cp>This plugin does ONE thing and does it well:\u003Cbr \u002F>\n* Sends customizable email notifications when comments are approved\u003Cbr \u002F>\n* No unnecessary features, no performance overhead\u003Cbr \u002F>\n* Clean, efficient code following WordPress best practices\u003C\u002Fp>\n\u003Ch4>✨ Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Notifications\u003C\u002Fstrong> – Instantly notifies users when their comment is approved\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Templates\u003C\u002Fstrong> – Personalize email subject and body with shortcodes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Email Design\u003C\u002Fstrong> – Beautiful, responsive HTML email template\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dark Mode Support\u003C\u002Fstrong> – Email template adapts to user preferences\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong> – Built with WordPress security standards (nonce verification, data sanitization, validation)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong> – Fully translatable with .pot file included\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Minimal database queries, no bloat\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Clean, well-documented code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🎨 Available Shortcodes\u003C\u002Fh4>\n\u003Cp>Personalize your emails with these shortcodes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[commentauthor]\u003C\u002Fcode> – Comment author’s name\u003C\u002Fli>\n\u003Cli>\u003Ccode>[commentedposttitle]\u003C\u002Fcode> – Title of the post\u003C\u002Fli>\n\u003Cli>\u003Ccode>[commentaddress]\u003C\u002Fcode> – Direct link to the comment\u003C\u002Fli>\n\u003Cli>\u003Ccode>[commentcontent]\u003C\u002Fcode> – The comment text\u003C\u002Fli>\n\u003Cli>\u003Ccode>[blogname]\u003C\u002Fcode> – Your site name\u003C\u002Fli>\n\u003Cli>\u003Ccode>[blogurl]\u003C\u002Fcode> – Your site URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔒 Security First\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Email validation with \u003Ccode>is_email()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Nonce verification for form submissions\u003C\u002Fli>\n\u003Cli>Data sanitization with \u003Ccode>sanitize_text_field()\u003C\u002Fcode> and \u003Ccode>wp_kses_post()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Output escaping for security\u003C\u002Fli>\n\u003Cli>ABSPATH checks\u003C\u002Fli>\n\u003Cli>Error logging for debugging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>💡 Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Improve user engagement by notifying commenters\u003C\u002Fli>\n\u003Cli>Build community by acknowledging contributions\u003C\u002Fli>\n\u003Cli>Increase return visits to your blog\u003C\u002Fli>\n\u003Cli>Professional communication with your audience\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🌍 Translation Ready\u003C\u002Fh4>\n\u003Cp>The plugin is fully translatable and includes:\u003Cbr \u002F>\n* Text domain: \u003Ccode>comment-approved-notifier-extended\u003C\u002Fcode>\u003Cbr \u002F>\n* .pot file for translations\u003Cbr \u002F>\n* RTL support\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data beyond what WordPress already stores for comments. It uses existing comment author email addresses to send notifications.\u003C\u002Fp>\n\u003Ch3>💝 Support This Plugin\u003C\u002Fh3>\n\u003Cp>If Comment Approved Notifier Extended has saved you time and frustration, please consider:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>⭐ \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-approved-notifier-extended\u002Freviews\u002F\" rel=\"ugc\">Leave a 5-star review\u003C\u002Fa>\u003C\u002Fstrong> – Help others discover this solution\u003C\u002Fli>\n\u003Cli>🐛 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcomment-approved-notifier-extended\u002F\" rel=\"ugc\">Report bugs or request features\u003C\u002Fa>\u003C\u002Fstrong> – We value your feedback\u003C\u002Fli>\n\u003Cli>☕ \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbuymeacoffee.com\u002Fufukart\" rel=\"nofollow ugc\">Buy me a coffee\u003C\u002Fa>\u003C\u002Fstrong> – Support continued development\u003C\u002Fli>\n\u003Cli>📢 \u003Cstrong>Share with others\u003C\u002Fstrong> – Help fellow WordPress users avoid the “Missed Schedule” nightmare\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports:\u003Cbr \u002F>\n* Visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcomment-approved-notifier-extended\u002F\" rel=\"ugc\">WordPress.org support forum\u003C\u002Fa>\u003Cbr \u002F>\n* Check the \u003Ca href=\"https:\u002F\u002Fwww.zumbo.net\u002Fcomment-approved-notifier-extended-wordpress-plugin\u002F\" rel=\"nofollow ugc\">plugin website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Original author: yakuphan\u003C\u002Fli>\n\u003Cli>Current maintainer: UfukArt\u003C\u002Fli>\n\u003Cli>Email template design: Responsive HTML email best practices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n","Zero bloat, single purpose plugin that automatically sends email notifications when comments are approved. Lightweight and focused.",500,9857,100,7,"2026-03-14T03:31:00.000Z","6.9.4","5.0","5.6",[20,21,22,23,24],"approve","approved-comment","comment","email","notification","https:\u002F\u002Fwww.zumbo.net\u002Fcomment-approved-notifier-extended-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-approved-notifier-extended.5.4.zip",99,1,0,"2025-03-27 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":14},"CVE-2025-30792","comment-approved-notifier-extended-authenticated-administrator-stored-cross-site-scripting","Comment Approved Notifier Extended \u003C= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Comment Approved Notifier Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=5.2","5.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-02 15:29:58",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc575f3f5-3a0b-4b88-9d9a-5e8212a02144?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":13,"avg_patch_time_days":14,"trust_score":13,"computed_at":51},3,6510,"2026-04-05T03:00:59.265Z",[53,72,93,113,131],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":16,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":70,"download_link":71,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"comment-reply-email-notification","Comment Reply Email Notification","1.39.0","Arno Welzel","https:\u002F\u002Fprofiles.wordpress.org\u002Fawelzel\u002F","\u003Cp>This plugin allows visitors to subscribe to get answers to their comments via e-mail.\u003C\u002Fp>\n\u003Ch3>Warning\u003C\u002Fh3>\n\u003Cp>This plugin uses the “wp_insert_comment” hook, therefore, everytime a comment is created, a notification is likely to be sent. If you are importing comments into your blog, it’s a good idea to disable this plugin.\u003C\u002Fp>\n\u003Ch3>Sending e-mails does not work?\u003C\u002Fh3>\n\u003Cp>The plugin uses the standard WordPress e-mail function. If you have problems getting e-mails sent, you might try using plugins like https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F to improve sending e-mails from your site.\u003C\u002Fp>\n\u003Ch3>Customizing the layout of the checkboxes\u003C\u002Fh3>\n\u003Cp>The label next to the checkboxes don’t contain a whitespace. Depending on your theme you might want to add a custom style like this to get a space between the checkbox and the label:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>input#cren_subscribe_to_comment, input#cren_gdpr {\n  margin-right: 0.5em;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The plugin does not add this style be default as it depends on your theme if this is neccessary.\u003C\u002Fp>\n\u003Ch3>Customizing the email template\u003C\u002Fh3>\n\u003Cp>To customize the email template, copy the “templates” folder to your theme folder (a child theme should be used to avoid losing the custom templates when the theme is updated). The plugin will look for templates on the “\u002Fwp-content\u002Fthemes\u002F[THEME]\u002Ftemplates\u002Fcren\u002F” folder; if a custom template is not found, then it will fallback to the default template.\u003C\u002Fp>\n\u003Cp>Templates folder on GitHub: https:\u002F\u002Fgithub.com\u002Farnowelzel\u002Fworpdress-comment-reply-email-notification\u002Ftree\u002Fmaster\u002Ftemplates\u003C\u002Fp>\n\u003Ch3>Changing the subscription checkbox label\u003C\u002Fh3>\n\u003Cp>The checkbox label can be changed with the \u003Ccode>cren_comment_checkbox_label\u003C\u002Fcode> filter. This way you can update the text to your taste and keep the plugin updated.\u003C\u002Fp>\n\u003Ch3>Changing the GDPR checkbox label\u003C\u002Fh3>\n\u003Cp>The GDPR checkbox label can be changed with the \u003Ccode>cren_gdpr_checkbox_label\u003C\u002Fcode> filter. This way you can update the text to your taste and keep the plugin updated.\u003C\u002Fp>\n\u003Ch3>Modifiying HTML output\u003C\u002Fh3>\n\u003Cp>Using the filters \u003Ccode>cren_gdpr_checkbox_html\u003C\u002Fcode> and \u003Ccode>cren_comment_subscribe_html\u003C\u002Fcode> you can modify the HTML output of the checkboxes if needed.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('cren_gdpr_checkbox_html', function(string $html_output, string $label_text, string $privacy_policy_url): string {\n    $html_output = '\u003Cdiv class=\"comment-form-gdpr-consent form-check mb-3\">\u003Cinput id=\"cren_gdpr\" class=\"form-check-input\" name=\"cren_gdpr\" type=\"checkbox\" value=\"yes\" required checked>\u003Clabel for=\"cren_gdpr\" class=\"form-check-label\">' . $label_text . '\u003Cspan class=\"text-danger fw-bold\">*\u003C\u002Fspan> (\u003Ca href=\"' . $privacy_policy_url . '\" title=\"Privacy Policy\" target=\"_blank\" rel=\"internal\">Privacy Policy\u003C\u002Fa>)\u003C\u002Flabel>\u003C\u002Fdiv>';\n\n    return $html_output;\n}, 10, 3);\n\nadd_filter('cren_comment_subscribe_html', function(string $html_output, string $label_text, bool $checked_default): string {\n    $checked = $checked_default ? 'checked' : '';\n    $html_output = '\u003Cdiv class=\"comment-form-email-consent form-check mb-3\">\u003Cinput id=\"cren_subscribe_to_comment\" class=\"form-check-input\" name=\"cren_subscribe_to_comment\" type=\"checkbox\" value=\"on\" ' . $checked . '>\u003Clabel for=\"cren_subscribe_to_comment\" class=\"form-check-label\">' . $label_text . '\u003C\u002Flabel>\u003C\u002Fdiv>';\n\n    return $html_output;\n}, 10, 3);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin allows visitors to subscribe to get answers to their comments via e-mail.",3000,106835,96,32,"2025-12-13T08:26:00.000Z","4.4.0","",[22,23,24,69],"reply","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-reply-email-notification\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-reply-email-notification.1.39.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":67,"tags":87,"homepage":90,"download_link":91,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"comment-email-reply","Comment Email Reply","1.0.4","kilozwo","https:\u002F\u002Fprofiles.wordpress.org\u002Fkilozwo\u002F","\u003Cp>Simply notifies comment-author via email if someone replies to his comment. Zero Configuration.\u003C\u002Fp>\n","Simply notifies comment-author via email if someone replies to his comment. Zero Configuration.",600,10901,90,15,"2015-04-06T11:37:00.000Z","4.1.42","3.0.1",[88,89,23,24,69],"author","comments","http:\u002F\u002Fkilozwo.de\u002Fwordpress-comment-email-reply-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-email-reply.1.0.4.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":67,"tags":107,"homepage":111,"download_link":112,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"comment-approved","Comment Approved","1.6.1","nielsvanrenselaar","https:\u002F\u002Fprofiles.wordpress.org\u002Fnielsvanrenselaar\u002F","\u003Cp>This WordPress plugin will sent out a customizable notification to a user that has left an comment on your site after approval of the comment.\u003C\u002Fp>\n\u003Cp>It’s a tiny plugin which I hope to expand in the near future. Let me know if you miss something.\u003C\u002Fp>\n\u003Cp>Icon by Max Steenbergen \u002F maxsteenbergen.com\u003C\u002Fp>\n","Notify a user when their comment is approved.",20931,92,14,"2018-11-20T15:06:00.000Z","4.9.29","3.0",[108,109,22,110,24],"approval","approved","message","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-approved\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-approved.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":122,"num_ratings":83,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":67,"tags":126,"homepage":127,"download_link":128,"security_score":27,"vuln_count":129,"unpatched_count":29,"last_vuln_date":130,"fetched_at":31},"comment-reply-email","Comment Reply Email","1.6.0","treeflips","https:\u002F\u002Fprofiles.wordpress.org\u002Ftreeflips\u002F","\u003Cp>This simple plugin automatically sends a notification email to commenters when someone replies to their comment. This feature can be enabled automatically by the site admin, or through an opt-in\u002Fopt-out checkbox below comment section on frontend.\u003C\u002Fp>\n\u003Cp>It’s best to use it with an email-sending plugin like WP Mail SMTP, and with SMTP or transactional email service like SendGrid or Mailgun. Sending from your server via PHPmailer can cause deliverability issues (email notfications caught in spam).\u003C\u002Fp>\n\u003Cp>I loved the original plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomment-reply-notification\u002F\" rel=\"ugc\">Comment Reply Notification\u003C\u002Fa> (by @denishua) for its simplicity but it was abandoned and stopped working years ago. So I forked and revived it to work with the latest PHP and WordPress. I also improved some wording, removed unnecessary author links in the email notifications, and also keep it more updated. Credits to Denis who first hacked it 5 years ago, and later Walter for fixing string escapes.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Feature modes – disabled, author\u002Fadmin replies only, automatically, checkbox opt-in.\u003C\u002Fli>\n\u003Cli>Edit email notification – subject and message.\u003C\u002Fli>\n\u003Cli>[year] shortcode for dynamic year in email templates.\u003C\u002Fli>\n\u003Cli>Developer-friendly hook for adding custom shortcodes.\u003C\u002Fli>\n\u003Cli>Fixes issue with email notifications for moderated comments.\u003C\u002Fli>\n\u003Cli>Can delete plugin options – after deactivation.\u003C\u002Fli>\n\u003C\u002Ful>\n","Commenters can receive email notifications of replies to their comments.",15548,94,"2025-06-27T20:16:00.000Z","6.8.5","4.0",[22,23,24,69],"https:\u002F\u002Fwpjohnny.com\u002Fcomment-reply-email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-reply-email.zip",2,"2024-07-05 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":11,"downloaded":139,"rating":13,"num_ratings":28,"last_updated":140,"tested_up_to":141,"requires_at_least":18,"requires_php":142,"tags":143,"homepage":148,"download_link":149,"security_score":92,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-comment-notification","WP Comment Notification","1.4","WpExperts Hub","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpexpertshub\u002F","\u003Cp>🔹 Manage your wordpress comment notification emails.\u003Cbr \u002F>\n🔹 Send email notifications to other users or multiple different emails.\u003Cbr \u002F>\n🔹 Add Comma separated email list in settings to send email notifications.\u003C\u002Fp>\n\u003Ch3>Acknowledgements\u003C\u002Fh3>\n\u003Cp>Thanks to every donor, supporter, and bug reporter!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is Free Software, released and licensed under the GPL, version 2 (http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html).\u003Cbr \u002F>\nYou may use it free of charge for any purpose.\u003C\u002Fp>\n","Send email notification to predefined email ids when someone comments on your blog.",8779,"2022-07-30T07:40:00.000Z","6.0.11","7.2",[144,145,146,24,147],"comment-emails","comments-notification","manage-comments-notification","wordpress-comments","https:\u002F\u002Fwpexpertshub.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-comment-notification.zip",{"attackSurface":151,"codeSignals":175,"taintFlows":196,"riskAssessment":235,"analyzedAt":243},{"hooks":152,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":29,"unprotectedCount":29},[153,159,163,167],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","init","cane_load_textdomain","comment-approved-notifier-extended.php",28,{"type":154,"name":160,"callback":161,"file":157,"line":162},"admin_enqueue_scripts","cane_admin_enqueue",109,{"type":154,"name":164,"callback":165,"file":157,"line":166},"admin_menu","cane_admin_menu",123,{"type":154,"name":168,"callback":169,"file":157,"line":170},"comment_unapproved_to_approved","cane_send_email",387,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":29,"externalRequests":29,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":195},[],{"prepared":29,"raw":29,"locations":178},[],{"escaped":180,"rawEcho":181,"locations":182},29,5,[183,186,188,190,193],{"file":157,"line":184,"context":185},198,"raw output",{"file":157,"line":187,"context":185},211,{"file":157,"line":189,"context":185},374,{"file":191,"line":192,"context":185},"templates\\email-template-1.php",91,{"file":191,"line":194,"context":185},106,[],[197,224],{"entryPoint":198,"graph":199,"unsanitizedCount":29,"severity":223},"cane_admin_page (comment-approved-notifier-extended.php:128)",{"nodes":200,"edges":219},[201,206,212,214],{"id":202,"type":203,"label":204,"file":157,"line":205},"n0","source","$_POST (x2)",143,{"id":207,"type":208,"label":209,"file":157,"line":210,"wp_function":211},"n1","sink","update_option() [Settings Manipulation]",146,"update_option",{"id":213,"type":203,"label":204,"file":157,"line":205},"n2",{"id":215,"type":208,"label":216,"file":157,"line":217,"wp_function":218},"n3","echo() [XSS]",197,"echo",[220,222],{"from":202,"to":207,"sanitized":221},true,{"from":213,"to":215,"sanitized":221},"low",{"entryPoint":225,"graph":226,"unsanitizedCount":29,"severity":223},"\u003Ccomment-approved-notifier-extended> (comment-approved-notifier-extended.php:0)",{"nodes":227,"edges":232},[228,229,230,231],{"id":202,"type":203,"label":204,"file":157,"line":205},{"id":207,"type":208,"label":209,"file":157,"line":210,"wp_function":211},{"id":213,"type":203,"label":204,"file":157,"line":205},{"id":215,"type":208,"label":216,"file":157,"line":217,"wp_function":218},[233,234],{"from":202,"to":207,"sanitized":221},{"from":213,"to":215,"sanitized":221},{"summary":236,"deductions":237},"The \"comment-approved-notifier-extended\" plugin version 5.4 exhibits a generally good security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with open attack vectors, along with the use of prepared statements for SQL queries and a high percentage of properly escaped output, are strong indicators of secure coding practices. The presence of nonce and capability checks further reinforces this. Taint analysis shows no critical or high severity flows, suggesting that unsanitized user input is not being processed in a way that could lead to immediate compromise.\n\nHowever, the plugin's vulnerability history is a significant concern. While there are no currently unpatched vulnerabilities, the existence of one known CVE, specifically a Cross-Site Scripting (XSS) vulnerability reported in March 2025, indicates that past security flaws have been present. The fact that this was a medium severity XSS suggests that while not critical, it could still pose a risk if not properly addressed. The pattern of past vulnerabilities, even if resolved, warrants continued vigilance and suggests a need for thorough code reviews to prevent recurrence.\n\nIn conclusion, the current version of \"comment-approved-notifier-extended\" appears to be relatively secure due to its minimal attack surface and good coding practices. Nevertheless, the historical presence of a medium severity XSS vulnerability necessitates a cautious approach. While the static analysis is positive, the plugin's track record suggests that ongoing monitoring and prompt patching of any future discovered vulnerabilities are crucial for maintaining a secure environment.",[238,241],{"reason":239,"points":240},"One known medium severity CVE for XSS",8,{"reason":242,"points":181},"Vulnerability history indicates past XSS issues","2026-03-16T19:34:05.010Z",{"wat":245,"direct":252},{"assetPaths":246,"generatorPatterns":249,"scriptPaths":250,"versionParams":251},[247,248],"\u002Fwp-content\u002Fplugins\u002Fcomment-approved-notifier-extended\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcomment-approved-notifier-extended\u002Fassets\u002Fjs\u002Fadmin.js",[],[],[],{"cssClasses":253,"htmlComments":262,"htmlAttributes":263,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":267},[254,255,256,257,258,259,260,261],"cane-wrap","cane-header","cane-container","cane-main","cane-card","cane-card-header","cane-card-body","cane-form-group",[],[264],"id=\"cane-settings-form\"",[],[],[]]