[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiU5H3JElm3YHSFTR67D9j4wwoP5vXuPPIjcJE9Hzmj0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":134,"fingerprints":238},"contact-commenter","Contact Commenter","0.8","moallemi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoallemi\u002F","\u003Cp>This Plugin lets you send email messages to individual or a group of commenters. It lets Administrator to see who has wrote more comments on his post and mail to commenters.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s New in version 0.8\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* New HTML Editor for admin page\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Persian - [Reza Moallemi](http:\u002F\u002Fwww.moallemi.ir\u002F)\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This Plugin lets you send email messages to individual or a group of commenters.",10,5098,0,"2011-03-18T19:47:00.000Z","3.1.4","2.8","",[19,20,21,22,23],"admin","comment","comments","mail","%da%a9%d8%a7%d9%88%d8%b4%da%af%d8%b1","http:\u002F\u002Fwww.moallemi.ir\u002Fen\u002Fblog\u002F2009\u002F09\u002F20\u002Fcontact-commenter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-commenter.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},6,90,88,30,86,"2026-04-05T17:30:42.422Z",[38,58,79,95,111],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":34,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"comment-admin-notifier","Comment Admin Notifier","1.1.3","Jordi Cabot","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftmodeling\u002F","\u003Cp>In the \u003Cem>Settings->Discussion\u003C\u002Fem> page, authors of a post can use the checkbox \u003Cem>Email me whenever – Anyone posts a comment\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>But this does not send an email as well to the site admins. In blogs where you have a number of guest authors, you may want to be informed about all the new comments so you can respond (if the author is missing) or just participate in the discussion.\u003C\u002Fp>\n\u003Cp>As a site admin myself, I was missing many comments. This means plenty of missing opportunities to engage with your audience.\u003C\u002Fp>\n\u003Cp>To solve this situation, the plugin adds a new checkbox in the \u003Cem>Discussion\u003C\u002Fem> page. If checked, admins will get an alert email for new comments.\u003C\u002Fp>\n","With this plugin, admin users get an email alert every time a new comment is posted on ANY post in the site.",1712,100,1,"2022-07-09T15:49:00.000Z","6.0.11","4.3","5.6",[19,54,20,21,55],"alert","email","https:\u002F\u002Fgithub.com\u002Fjcabot\u002Fcomment-admin-notifier","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-admin-notifier.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":47,"num_ratings":48,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"digest","Digest Notifications","3.0.0","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>When you have lots of new user sign-ups or comments every day, it’s very distracting to receive a single email for each new event.\u003C\u002Fp>\n\u003Cp>With this plugin you get a daily, weekly, or monthly digest of your website’s activity. The digest includes the following events:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>New Core Updates\u003C\u002Fli>\n\u003Cli>New comments that need to be moderated (depending on your settings under ‘Settings’ -> ‘Discussion’)\u003C\u002Fli>\n\u003Cli>New user sign-ups\u003C\u002Fli>\n\u003Cli>Password resets by users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002Fdigest\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Please submit pull requests to the develop branch.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" rel=\"nofollow ugc\">required\u003C\u002Fa>.\u003C\u002Fp>\n","Get a daily, weekly, or monthly digest of what's happening on your site instead of receiving a single email each time.",20,7192,"2024-11-18T14:34:00.000Z","6.7.5","6.0","7.4",[19,21,73,74,75],"emails","notification","updates","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fdigest-notifications\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigest.3.0.0.zip",92,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":93,"download_link":94,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"comment-recovery","Comment Recovery","1.1","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>Ever lost your comments by fooling around with your Database?\u003Cbr \u002F>\nSo did I. Now this is a comments recovery plugin.\u003Cbr \u002F>\nJust paste the E-mail sources of your \u003Cstrong>new comment notification emails\u003C\u002Fstrong> and save.\u003C\u002Fp>\n","Recovers lost comments by copy\u002Fpasteing your new comment notification emails",2824,"2007-08-20T08:53:00.000Z","2.2","1.5",[19,21,55,92],"recovery","http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-recovery.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":13,"downloaded":103,"rating":47,"num_ratings":48,"last_updated":17,"tested_up_to":104,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":17,"download_link":109,"security_score":47,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":110},"notify-all-admins-on-comment","Notify All Admins on Comment","1.0.1","hugowporg","https:\u002F\u002Fprofiles.wordpress.org\u002Fhugowporg\u002F","\u003Cp>By default, WordPress only sends new comment notifications to the post author and the main site administrator email. This can cause delays in comment moderation on sites with multiple administrators.\u003C\u002Fp>\n\u003Cp>Notify All Admins on Comment solves this simple problem with a zero-configuration setup. Once activated, it sends a copy of the moderation email to every user with the ‘Administrator’ role, ensuring the entire team is aware of new comments instantly.\u003C\u002Fp>\n\u003Cp>This plugin is lightweight, secure, and follows WordPress best practices.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important Requirement:\u003C\u002Fstrong> This plugin relies on WordPress’s \u003Ccode>wp_mail()\u003C\u002Fcode> function to send email notifications.\u003Cbr \u002F>\nTo work properly, your WordPress environment must have a \u003Cstrong>working SMTP configuration\u003C\u002Fstrong> or email delivery service (such as SendGrid, Mailgun, or a plugin like WP Mail SMTP).\u003Cbr \u002F>\nIf SMTP is not properly configured or is blocked (common in development or staging environments), the plugin will not be able to send notifications. In such cases, WordPress’s default behavior (notifying only the main admin) will apply.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>If this plugin helped you, consider supporting it 🙌\u003Cbr \u002F>\n👉 Donate: https:\u002F\u002Fdonate.stripe.com\u002FfZu4gA7WCbvI4KJabDeZ200\u003C\u002Fp>\n","A simple plugin that ensures all site administrators are notified of new comments, not just the main site admin.",340,"6.8.5","5.0","7.0",[19,21,55,108],"notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotify-all-admins-on-comment.1.0.1.zip","2026-03-15T10:48:56.248Z",{"slug":112,"name":113,"version":15,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":52,"tags":125,"homepage":129,"download_link":130,"security_score":131,"vuln_count":132,"unpatched_count":13,"last_vuln_date":133,"fetched_at":28},"disqus-comment-system","Disqus Comment System","Disqus","https:\u002F\u002Fprofiles.wordpress.org\u002Fdisqus\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdisqus.com\u002F\" rel=\"nofollow ugc\">Disqus\u003C\u002Fa> is the web’s most popular commenting system trusted by millions of publishers to increase reader engagement, grow audience and traffic, and monetize content. Disqus helps publishers of all sizes engage directly with their audiences to build loyalty, retain readers, and foster thriving communities.\u003C\u002Fp>\n\u003Cp>The Disqus for WordPress plugin lets site owners and developers easily add Disqus to their sites, replacing the default WordPress comment system. Disqus installs in minutes and automatically imports your existing comments.\u003C\u002Fp>\n\u003Cp>In addition to our free-to-use, ad-supported Basic plan, we also offer ad-optional subscription plans that come with more advanced features and access to priority support. Please see our \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">pricing page\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW: \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpolls\" rel=\"nofollow ugc\">Disqus Polls\u003C\u002Fa>\u003C\u002Fstrong> – Engage your audiences with interactive polls, and seamlessly install them on your site.\u003C\u002Fp>\n\u003Ch4>Why Disqus?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple one-click installation that seamlessly integrates with WordPress without ever needing to edit a single line of code or losing any of your existing comments\u003C\u002Fli>\n\u003Cli>Keep users engaged on your site longer with a commenting experience readers love\u003C\u002Fli>\n\u003Cli>Bring users back to your site with web and email notifications and personalized digests\u003C\u002Fli>\n\u003Cli>Improve SEO ranking with user generated content\u003C\u002Fli>\n\u003Cli>Keep spam out with our best-in-class anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Single profile for commenting on over 4 million sites including social login support for Facebook, Twitter, and Google accounts\u003C\u002Fli>\n\u003Cli>Trusted by sites like ABC News, Entertainment Weekly, and Rotten Tomatoes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Disqus Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Syncs comments automatically to WordPress for backup and flexibility if you ever decide to switch to a different platform\u003C\u002Fli>\n\u003Cli>Loads asynchronously with advanced caching so that Disqus doesn’t affect your site’s performance\u003C\u002Fli>\n\u003Cli>Monetization options to grow revenue\u003C\u002Fli>\n\u003Cli>Export comments to WordPress-compatible XML to backup or migrate to another system\u003C\u002Fli>\n\u003Cli>Analytics dashboard for measuring overall engagement on your site\u003C\u002Fli>\n\u003Cli>Mobile responsive design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NEW: Disqus Polls\u003C\u002Fstrong> – Create and embed interactive polls directly on your site to boost engagement and gather insights from your audience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Engagement Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Realtime comments system with fun discussion interactions: voting, photo and video upload, rich media embed (Youtube, Twitter, Vimeo, and more), spoiler tags, mentions\u003C\u002Fli>\n\u003Cli>Comment text formatting (e.g. bold, link, italics, quote) using HTML tags as well as code syntax highlighting\u003C\u002Fli>\n\u003Cli>Threaded comment display (nested 3 levels) with ability to collapse individual threads\u003C\u002Fli>\n\u003Cli>Sort discussion by oldest, newest, and best comments\u003C\u002Fli>\n\u003Cli>Flexible login options – Social login with Facebook, Twitter, and Google, SSO, and guest commenting support\u003C\u002Fli>\n\u003Cli>Instant activity notifications, email notifications, and digests pull readers back in\u003C\u002Fli>\n\u003Cli>User profiles that show you recent comment history and frequented communities\u003C\u002Fli>\n\u003Cli>Recommendations widget that shows where active discussions are happening elsewhere on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Moderation Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Automated pre-moderation controls to flag comments based on links, user reputation\u003C\u002Fli>\n\u003Cli>Moderate directly in the discussion, via email, or moderation panel\u003C\u002Fli>\n\u003Cli>Email notifications for newly posted comments, replies\u003C\u002Fli>\n\u003Cli>Moderation Panel that lets you search, filter, sort, and manage your comments\u003C\u002Fli>\n\u003Cli>Self-moderation tools like user blocking, comment flagging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Search our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fportal\u002Farticles\u002F472005\" rel=\"nofollow ugc\">Knowledge Base\u003C\u002Fa> for solutions to common troubleshooting questions\u003C\u002Fli>\n\u003Cli>Check out our support community, \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fhome\u002Fchannel\u002Fdiscussdisqus\u002F\" rel=\"nofollow ugc\">Discuss Disqus\u003C\u002Fa>, to see if your question has been answered\u003C\u002Fli>\n\u003Cli>Talk to our Support team at \u003Ca href=\"disqus.com\u002Fsupport\" rel=\"nofollow ugc\">disqus.com\u002Fsupport\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Visit our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fen\u002Fportal\u002Farticles\u002F1264625-getting-started\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> page to learn the basics of Disqus\u003C\u002Fli>\n\u003C\u002Ful>\n","Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.",40000,4455999,54,219,"2026-01-15T17:47:00.000Z","6.9.4","4.4",[21,126,55,127,128],"disqus","engagement","threaded","https:\u002F\u002Fdisqus.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-comment-system.3.1.4.zip",96,5,"2014-09-17 00:00:00",{"attackSurface":135,"codeSignals":161,"taintFlows":196,"riskAssessment":224,"analyzedAt":237},{"hooks":136,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[137,143,148,153],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","contact_commenter_menu","contact-commenter.php",14,{"type":144,"name":145,"callback":146,"file":141,"line":147},"filter","admin_head","cc_showTinyMCE",236,{"type":138,"name":149,"callback":150,"priority":151,"file":141,"line":152},"admin_footer","cc_admin_form_private",9999,277,{"type":144,"name":154,"callback":155,"priority":151,"file":141,"line":156},"comment_text","cc_admin_private_text",278,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":168,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":195},[],{"prepared":13,"raw":48,"locations":164},[165],{"file":141,"line":166,"context":167},121,"$wpdb->get_results() with variable interpolation",{"escaped":13,"rawEcho":169,"locations":170},12,[171,174,176,178,180,182,184,186,187,189,191,193],{"file":141,"line":172,"context":173},60,"raw output",{"file":141,"line":175,"context":173},97,{"file":141,"line":177,"context":173},101,{"file":141,"line":179,"context":173},125,{"file":141,"line":181,"context":173},126,{"file":141,"line":183,"context":173},127,{"file":141,"line":185,"context":173},128,{"file":141,"line":185,"context":173},{"file":141,"line":188,"context":173},129,{"file":141,"line":190,"context":173},135,{"file":141,"line":192,"context":173},285,{"file":141,"line":194,"context":173},294,[],[197,215],{"entryPoint":198,"graph":199,"unsanitizedCount":48,"severity":214},"contact_commenter_options (contact-commenter.php:34)",{"nodes":200,"edges":211},[201,206],{"id":202,"type":203,"label":204,"file":141,"line":205},"n0","source","$_POST",46,{"id":207,"type":208,"label":209,"file":141,"line":172,"wp_function":210},"n1","sink","echo() [XSS]","echo",[212],{"from":202,"to":207,"sanitized":213},false,"medium",{"entryPoint":216,"graph":217,"unsanitizedCount":48,"severity":223},"\u003Ccontact-commenter> (contact-commenter.php:0)",{"nodes":218,"edges":221},[219,220],{"id":202,"type":203,"label":204,"file":141,"line":205},{"id":207,"type":208,"label":209,"file":141,"line":172,"wp_function":210},[222],{"from":202,"to":207,"sanitized":213},"low",{"summary":225,"deductions":226},"The \"contact-commenter\" plugin v0.8 exhibits a concerning security posture due to significant deviations from standard WordPress security practices, despite a clean vulnerability history. The static analysis reveals a complete lack of essential security checks for all identified entry points, which are currently zero. Specifically, the absence of nonce checks, capability checks, and proper output escaping is alarming, as is the presence of raw SQL queries. While the \"attack surface\" is reported as zero, this is likely due to the absence of specific components like AJAX handlers, REST API routes, or shortcodes, rather than an inherent security. The taint analysis showing flows with unsanitized paths, even without critical or high severity, points to potential vulnerabilities if new entry points were introduced or existing code was modified.\n\nThe plugin's vulnerability history is currently clean, which is a positive sign. However, this lack of history does not negate the risks identified in the code analysis. It might indicate that the plugin is not widely used, has not been subjected to thorough security audits, or that the potential vulnerabilities have not yet been exploited or discovered. The absence of proper input validation and output escaping, combined with raw SQL, creates a fertile ground for cross-site scripting (XSS) and SQL injection vulnerabilities should an attacker find a way to leverage these weaknesses. Therefore, while the plugin might appear safe due to its past, the current codebase presents significant risks that require immediate attention.",[227,229,231,233,235],{"reason":228,"points":11},"SQL queries not using prepared statements",{"reason":230,"points":169},"No output escaping for outputs",{"reason":232,"points":11},"No nonce checks",{"reason":234,"points":11},"No capability checks",{"reason":236,"points":11},"Taint flows with unsanitized paths","2026-03-17T00:47:23.141Z",{"wat":239,"direct":244},{"assetPaths":240,"generatorPatterns":241,"scriptPaths":242,"versionParams":243},[],[],[],[],{"cssClasses":245,"htmlComments":247,"htmlAttributes":248,"restEndpoints":249,"jsGlobals":250,"shortcodeOutput":251},[246],"cc-input",[],[],[],[],[]]