[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$facnSxSnVdK26mjm7cuFaUoIET3wGnJGVU_MAPgL3auU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":139,"fingerprints":262},"comment-recovery","Comment Recovery","1.1","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>Ever lost your comments by fooling around with your Database?\u003Cbr \u002F>\nSo did I. Now this is a comments recovery plugin.\u003Cbr \u002F>\nJust paste the E-mail sources of your \u003Cstrong>new comment notification emails\u003C\u002Fstrong> and save.\u003C\u002Fp>\n","Recovers lost comments by copy\u002Fpasteing your new comment notification emails",10,2824,0,"2007-08-20T08:53:00.000Z","2.2","1.5","",[19,20,21,22],"admin","comments","email","recovery","http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-recovery.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"wpdprx",9,180,88,30,86,"2026-04-04T10:36:59.302Z",[38,58,79,95,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":34,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"comment-admin-notifier","Comment Admin Notifier","1.1.3","Jordi Cabot","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftmodeling\u002F","\u003Cp>In the \u003Cem>Settings->Discussion\u003C\u002Fem> page, authors of a post can use the checkbox \u003Cem>Email me whenever – Anyone posts a comment\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>But this does not send an email as well to the site admins. In blogs where you have a number of guest authors, you may want to be informed about all the new comments so you can respond (if the author is missing) or just participate in the discussion.\u003C\u002Fp>\n\u003Cp>As a site admin myself, I was missing many comments. This means plenty of missing opportunities to engage with your audience.\u003C\u002Fp>\n\u003Cp>To solve this situation, the plugin adds a new checkbox in the \u003Cem>Discussion\u003C\u002Fem> page. If checked, admins will get an alert email for new comments.\u003C\u002Fp>\n","With this plugin, admin users get an email alert every time a new comment is posted on ANY post in the site.",1712,100,1,"2022-07-09T15:49:00.000Z","6.0.11","4.3","5.6",[19,54,55,20,21],"alert","comment","https:\u002F\u002Fgithub.com\u002Fjcabot\u002Fcomment-admin-notifier","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-admin-notifier.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":47,"num_ratings":48,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"digest","Digest Notifications","3.0.0","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>When you have lots of new user sign-ups or comments every day, it’s very distracting to receive a single email for each new event.\u003C\u002Fp>\n\u003Cp>With this plugin you get a daily, weekly, or monthly digest of your website’s activity. The digest includes the following events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Core Updates\u003C\u002Fli>\n\u003Cli>New comments that need to be moderated (depending on your settings under ‘Settings’ -> ‘Discussion’)\u003C\u002Fli>\n\u003Cli>New user sign-ups\u003C\u002Fli>\n\u003Cli>Password resets by users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002Fdigest\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Please submit pull requests to the develop branch.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" rel=\"nofollow ugc\">required\u003C\u002Fa>.\u003C\u002Fp>\n","Get a daily, weekly, or monthly digest of what's happening on your site instead of receiving a single email each time.",20,7192,"2024-11-18T14:34:00.000Z","6.7.5","6.0","7.4",[19,20,73,74,75],"emails","notification","updates","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fdigest-notifications\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigest.3.0.0.zip",92,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":13,"downloaded":87,"rating":47,"num_ratings":48,"last_updated":17,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":17,"download_link":93,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":94},"notify-all-admins-on-comment","Notify All Admins on Comment","1.0.1","hugowporg","https:\u002F\u002Fprofiles.wordpress.org\u002Fhugowporg\u002F","\u003Cp>By default, WordPress only sends new comment notifications to the post author and the main site administrator email. This can cause delays in comment moderation on sites with multiple administrators.\u003C\u002Fp>\n\u003Cp>Notify All Admins on Comment solves this simple problem with a zero-configuration setup. Once activated, it sends a copy of the moderation email to every user with the ‘Administrator’ role, ensuring the entire team is aware of new comments instantly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, secure, and follows WordPress best practices.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important Requirement:\u003C\u002Fstrong> This plugin relies on WordPress’s \u003Ccode>wp_mail()\u003C\u002Fcode> function to send email notifications.\u003Cbr \u002F>\nTo work properly, your WordPress environment must have a \u003Cstrong>working SMTP configuration\u003C\u002Fstrong> or email delivery service (such as SendGrid, Mailgun, or a plugin like WP Mail SMTP).\u003Cbr \u002F>\nIf SMTP is not properly configured or is blocked (common in development or staging environments), the plugin will not be able to send notifications. In such cases, WordPress’s default behavior (notifying only the main admin) will apply.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>If this plugin helped you, consider supporting it 🙌\u003Cbr \u002F>\n👉 Donate: https:\u002F\u002Fdonate.stripe.com\u002FfZu4gA7WCbvI4KJabDeZ200\u003C\u002Fp>\n","A simple plugin that ensures all site administrators are notified of new comments, not just the main site admin.",340,"6.8.5","5.0","7.0",[19,20,21,92],"notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotify-all-admins-on-comment.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":52,"tags":110,"homepage":114,"download_link":115,"security_score":78,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"change-admin-email-setting-without-outbound-email","Change Admin Email","4.1","johndeebdd","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohndeebdd\u002F","\u003Cp>This plugin allows an administrator to change the “site admin email”, without sending a confirmation email from the server. This can be useful for testing purposes, localhost setups, or any other situation where outbound email is disabled on the site. A new “feature” of WordPress 4.9 is that the administrator cannot change the site admin email without outgoing email setup on the server. This plugin restores the administrator’s ability to change this setting without sending a confirmation email. Note that the “site admin email” is the global email used for admin purposes on the site. It is the “from” address when the site sends an email. The “site admin email” may be different from the administrator’s personal user email, which is associated with the administrator’s user account.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once activated, an administrator can change the admin email from the Settings >> General page. You can request a test email be sent to the new email address. The test email is sent from our servers. You can view our privacy policy here: at https:\u002F\u002Fgeneralchicken.guru\u002Fprivacy-policy-2\u002F .\u003C\u002Fp>\n","This plugin allows an administrator to change the \"site admin email\", without sending a confirmation email from the server.",50000,389556,96,137,"2024-10-07T17:30:00.000Z","6.6.5","4.9",[111,112,21,113],"admin_email","change_admin_email","rollback","https:\u002F\u002Fgeneralchicken.guru\u002Fchange-admin-email\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-admin-email-setting-without-outbound-email.4.1.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":52,"tags":131,"homepage":135,"download_link":136,"security_score":105,"vuln_count":137,"unpatched_count":13,"last_vuln_date":138,"fetched_at":27},"disqus-comment-system","Disqus Comment System","3.1.4","Disqus","https:\u002F\u002Fprofiles.wordpress.org\u002Fdisqus\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdisqus.com\u002F\" rel=\"nofollow ugc\">Disqus\u003C\u002Fa> is the web’s most popular commenting system trusted by millions of publishers to increase reader engagement, grow audience and traffic, and monetize content. Disqus helps publishers of all sizes engage directly with their audiences to build loyalty, retain readers, and foster thriving communities.\u003C\u002Fp>\n\u003Cp>The Disqus for WordPress plugin lets site owners and developers easily add Disqus to their sites, replacing the default WordPress comment system. Disqus installs in minutes and automatically imports your existing comments.\u003C\u002Fp>\n\u003Cp>In addition to our free-to-use, ad-supported Basic plan, we also offer ad-optional subscription plans that come with more advanced features and access to priority support. Please see our \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">pricing page\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW: \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpolls\" rel=\"nofollow ugc\">Disqus Polls\u003C\u002Fa>\u003C\u002Fstrong> – Engage your audiences with interactive polls, and seamlessly install them on your site.\u003C\u002Fp>\n\u003Ch4>Why Disqus?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple one-click installation that seamlessly integrates with WordPress without ever needing to edit a single line of code or losing any of your existing comments\u003C\u002Fli>\n\u003Cli>Keep users engaged on your site longer with a commenting experience readers love\u003C\u002Fli>\n\u003Cli>Bring users back to your site with web and email notifications and personalized digests\u003C\u002Fli>\n\u003Cli>Improve SEO ranking with user generated content\u003C\u002Fli>\n\u003Cli>Keep spam out with our best-in-class anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Single profile for commenting on over 4 million sites including social login support for Facebook, Twitter, and Google accounts\u003C\u002Fli>\n\u003Cli>Trusted by sites like ABC News, Entertainment Weekly, and Rotten Tomatoes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Disqus Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Syncs comments automatically to WordPress for backup and flexibility if you ever decide to switch to a different platform\u003C\u002Fli>\n\u003Cli>Loads asynchronously with advanced caching so that Disqus doesn’t affect your site’s performance\u003C\u002Fli>\n\u003Cli>Monetization options to grow revenue\u003C\u002Fli>\n\u003Cli>Export comments to WordPress-compatible XML to backup or migrate to another system\u003C\u002Fli>\n\u003Cli>Analytics dashboard for measuring overall engagement on your site\u003C\u002Fli>\n\u003Cli>Mobile responsive design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NEW: Disqus Polls\u003C\u002Fstrong> – Create and embed interactive polls directly on your site to boost engagement and gather insights from your audience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Engagement Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Realtime comments system with fun discussion interactions: voting, photo and video upload, rich media embed (Youtube, Twitter, Vimeo, and more), spoiler tags, mentions\u003C\u002Fli>\n\u003Cli>Comment text formatting (e.g. bold, link, italics, quote) using HTML tags as well as code syntax highlighting\u003C\u002Fli>\n\u003Cli>Threaded comment display (nested 3 levels) with ability to collapse individual threads\u003C\u002Fli>\n\u003Cli>Sort discussion by oldest, newest, and best comments\u003C\u002Fli>\n\u003Cli>Flexible login options – Social login with Facebook, Twitter, and Google, SSO, and guest commenting support\u003C\u002Fli>\n\u003Cli>Instant activity notifications, email notifications, and digests pull readers back in\u003C\u002Fli>\n\u003Cli>User profiles that show you recent comment history and frequented communities\u003C\u002Fli>\n\u003Cli>Recommendations widget that shows where active discussions are happening elsewhere on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Moderation Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Automated pre-moderation controls to flag comments based on links, user reputation\u003C\u002Fli>\n\u003Cli>Moderate directly in the discussion, via email, or moderation panel\u003C\u002Fli>\n\u003Cli>Email notifications for newly posted comments, replies\u003C\u002Fli>\n\u003Cli>Moderation Panel that lets you search, filter, sort, and manage your comments\u003C\u002Fli>\n\u003Cli>Self-moderation tools like user blocking, comment flagging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Search our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fportal\u002Farticles\u002F472005\" rel=\"nofollow ugc\">Knowledge Base\u003C\u002Fa> for solutions to common troubleshooting questions\u003C\u002Fli>\n\u003Cli>Check out our support community, \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fhome\u002Fchannel\u002Fdiscussdisqus\u002F\" rel=\"nofollow ugc\">Discuss Disqus\u003C\u002Fa>, to see if your question has been answered\u003C\u002Fli>\n\u003Cli>Talk to our Support team at \u003Ca href=\"disqus.com\u002Fsupport\" rel=\"nofollow ugc\">disqus.com\u002Fsupport\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Visit our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fen\u002Fportal\u002Farticles\u002F1264625-getting-started\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> page to learn the basics of Disqus\u003C\u002Fli>\n\u003C\u002Ful>\n","Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.",40000,4455999,54,219,"2026-01-15T17:47:00.000Z","6.9.4","4.4",[20,132,21,133,134],"disqus","engagement","threaded","https:\u002F\u002Fdisqus.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-comment-system.3.1.4.zip",5,"2014-09-17 00:00:00",{"attackSurface":140,"codeSignals":156,"taintFlows":187,"riskAssessment":249,"analyzedAt":261},{"hooks":141,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[142,148],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","init","dprx_comment_rec_init_locale","comment-recovery.php",12,{"type":143,"name":149,"callback":150,"file":146,"line":151},"admin_menu","dprx_comment_rec_add_admin_pages",19,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":161,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":186},[],{"prepared":159,"raw":13,"locations":160},3,[],{"escaped":13,"rawEcho":147,"locations":162},[163,166,168,170,171,172,174,176,178,180,182,184],{"file":146,"line":164,"context":165},39,"raw output",{"file":146,"line":167,"context":165},168,{"file":146,"line":169,"context":165},172,{"file":146,"line":169,"context":165},{"file":146,"line":169,"context":165},{"file":146,"line":173,"context":165},175,{"file":146,"line":175,"context":165},178,{"file":146,"line":177,"context":165},181,{"file":146,"line":179,"context":165},184,{"file":146,"line":181,"context":165},187,{"file":146,"line":183,"context":165},190,{"file":146,"line":185,"context":165},200,[],[188,232],{"entryPoint":189,"graph":190,"unsanitizedCount":230,"severity":231},"dprx_comment_rec_options_page (comment-recovery.php:25)",{"nodes":191,"edges":224},[192,197,202,206,211,214,219,222],{"id":193,"type":194,"label":195,"file":146,"line":196},"n0","source","$_POST",38,{"id":198,"type":199,"label":200,"file":146,"line":164,"wp_function":201},"n1","sink","echo() [XSS]","echo",{"id":203,"type":194,"label":204,"file":146,"line":205},"n2","$_POST (x2)",50,{"id":207,"type":199,"label":208,"file":146,"line":209,"wp_function":210},"n3","get_results() [SQLi]",51,"get_results",{"id":212,"type":194,"label":195,"file":146,"line":213},"n4",82,{"id":215,"type":199,"label":216,"file":146,"line":217,"wp_function":218},"n5","query() [SQLi]",89,"query",{"id":220,"type":194,"label":221,"file":146,"line":167},"n6","$_SERVER['REQUEST_URI'] (x2)",{"id":223,"type":199,"label":200,"file":146,"line":167,"wp_function":201},"n7",[225,227,228,229],{"from":193,"to":198,"sanitized":226},false,{"from":203,"to":207,"sanitized":226},{"from":212,"to":215,"sanitized":226},{"from":220,"to":223,"sanitized":226},6,"high",{"entryPoint":233,"graph":234,"unsanitizedCount":230,"severity":231},"\u003Ccomment-recovery> (comment-recovery.php:0)",{"nodes":235,"edges":244},[236,237,238,239,240,241,242,243],{"id":193,"type":194,"label":195,"file":146,"line":196},{"id":198,"type":199,"label":200,"file":146,"line":164,"wp_function":201},{"id":203,"type":194,"label":204,"file":146,"line":205},{"id":207,"type":199,"label":208,"file":146,"line":209,"wp_function":210},{"id":212,"type":194,"label":195,"file":146,"line":213},{"id":215,"type":199,"label":216,"file":146,"line":217,"wp_function":218},{"id":220,"type":194,"label":221,"file":146,"line":167},{"id":223,"type":199,"label":200,"file":146,"line":167,"wp_function":201},[245,246,247,248],{"from":193,"to":198,"sanitized":226},{"from":203,"to":207,"sanitized":226},{"from":212,"to":215,"sanitized":226},{"from":220,"to":223,"sanitized":226},{"summary":250,"deductions":251},"The \"comment-recovery\" plugin v1.1 presents a mixed security posture. On the positive side, the plugin has no known vulnerabilities (CVEs) and demonstrates good practices by exclusively using prepared statements for its SQL queries and not making external HTTP requests or performing file operations. It also boasts a small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed. However, significant concerns arise from the static analysis.  A critical weakness is the complete lack of output escaping for all 12 identified output points. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without proper sanitization. Furthermore, the taint analysis reveals two flows with unsanitized paths, indicating potential vulnerabilities where data could be improperly handled or lead to unexpected behavior, although they are not categorized as critical or high severity by the provided data.  The absence of nonce and capability checks, while not directly tied to an exposed attack surface in this version, leaves the door open for future vulnerabilities if new entry points are introduced without corresponding security measures. The lack of any recorded vulnerability history is a positive indicator, suggesting diligent maintenance or a lack of prior exploitation, but it does not negate the current code-level risks.\n\nIn conclusion, while \"comment-recovery\" v1.1 has strengths in its SQL handling and limited attack surface, the pervasive lack of output escaping and the presence of unsanitized taint flows are significant security concerns that require immediate attention. The absence of checks for nonces and capabilities, while not immediately exploitable, represents a potential future risk.",[252,255,257,259],{"reason":253,"points":254},"0% output escaping",15,{"reason":256,"points":11},"2 flows with unsanitized paths",{"reason":258,"points":137},"0 nonce checks",{"reason":260,"points":137},"0 capability checks","2026-03-17T01:34:54.999Z",{"wat":263,"direct":268},{"assetPaths":264,"generatorPatterns":265,"scriptPaths":266,"versionParams":267},[],[],[],[],{"cssClasses":269,"htmlComments":271,"htmlAttributes":272,"restEndpoints":291,"jsGlobals":292,"shortcodeOutput":293},[270],"wrap",[],[273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290],"name=\"dprx_comment_rec_save\"","id=\"dprx_comment_rec_save\"","name=\"dprx_comment_rec\"","id=\"dprx_comment_rec\"","name=\"dprx_comment_rec_postid\"","id=\"dprx_comment_rec_postid\"","name=\"dprx_comment_rec_date\"","id=\"dprx_comment_rec_date\"","name=\"dprx_comment_rec_author\"","id=\"dprx_comment_rec_author\"","name=\"dprx_comment_rec_aip\"","id=\"dprx_comment_rec_aip\"","name=\"dprx_comment_rec_aemail\"","id=\"dprx_comment_rec_aemail\"","name=\"dprx_comment_rec_aurl\"","id=\"dprx_comment_rec_aurl\"","name=\"dprx_comment_rec_comment\"","id=\"dprx_comment_rec_comment\"",[],[],[]]