WP-Safety

DeBounce Email Validator Security & Risk Analysis

wordpress.org/plugins/debounce-io-email-validator

Real-time email validation for WordPress forms. Block invalid, disposable, and risky emails to keep your database clean and improve deliverability.

300 active installs v5.8.7 PHP 7.0+ WP 3.0.1+ Updated Jan 21, 2026
disposable-emailemail-checkeremail-validationemail-verificationspam-prevention
92
A · Safe
CVEs total4
Unpatched0
Last CVEApr 9, 2025
Download
Safety Verdict

Is DeBounce Email Validator Safe to Use in 2026?

Generally Safe

Score 92/100

DeBounce Email Validator has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Apr 9, 2025Updated 2mo ago
Risk Assessment

The debounce-io-email-validator plugin v5.8.7 exhibits a mixed security posture. On the positive side, static analysis reveals no unprotected entry points and strong adherence to secure coding practices such as using prepared statements for all SQL queries, implementing nonce checks and capability checks for most operations, and properly escaping a high percentage of output. The limited attack surface, consisting of 5 REST API routes with permission callbacks, is also a good sign.

However, the plugin's vulnerability history is a significant concern. With a total of 4 known CVEs, including one critical and three medium-severity vulnerabilities, it suggests a pattern of recurring security weaknesses. The common vulnerability types reported – CSRF, PHP Remote File Inclusion, and Cross-site Scripting – are serious issues that attackers often target. While there are currently no unpatched vulnerabilities, the presence of past critical and medium issues warrants caution.

A notable concern from the static analysis is one flow with an unsanitized path, which could potentially lead to security issues if not handled with extreme care, even if it didn't register as a critical or high severity taint flow. The presence of file operations and external HTTP requests, while not inherently insecure, adds to the potential attack surface that needs to be managed diligently, especially given the plugin's history. Overall, while the current version shows improvements in secure coding practices, the historical vulnerability record necessitates ongoing vigilance and a thorough review of how past issues were addressed.

Key Concerns

  • History of 1 critical vulnerability
  • History of 3 medium vulnerabilities
  • Flow with unsanitized path detected
  • 1 file operation detected
  • 4 external HTTP requests detected
Vulnerabilities
4

DeBounce Email Validator Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
3

4 total CVEs

CVE-2025-32580medium · 6.1Cross-Site Request Forgery (CSRF)

DeBounce Email Validator <= 5.8.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025 Patched in 5.8.2 (125d)
CVE-2025-31098critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

DeBounce Email Validator <= 5.7 - Unauthenticated Local File Inclusion

Apr 3, 2025 Patched in 5.71 (8d)
CVE-2024-13339medium · 6.1Cross-Site Request Forgery (CSRF)

DeBounce Email Validator <= 5.8.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Feb 18, 2025 Patched in 5.8.1 (260d)
CVE-2024-11463medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DeBounce Email Validator <= 5.6.5 - Reflected Cross-Site Scripting

Nov 22, 2024 Patched in 5.6.6 (151d)
Code Analysis
Analyzed Mar 16, 2026

DeBounce Email Validator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
10
129 escaped
Nonce Checks
5
Capability Checks
9
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

93% escaped139 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
admin_footer (src\class-debounce-admin.php:132)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

DeBounce Email Validator Attack Surface

Entry Points5
Unprotected0

REST API Routes 5

POST/wp-json/debounceio/checkEmailsrc\class-debounce-plugin.php:264
POST/wp-json/debounceio/updateCreditsrc\class-debounce-plugin.php:272
POST/wp-json/debounceio/reviewsrc\class-debounce-plugin.php:280
GET/wp-json/debounceio/logssrc\class-debounce-plugin.php:288
GET/wp-json/debounceio/getChartsrc\class-debounce-plugin.php:296
WordPress Hooks 27
actionafter_setup_themeplugin.php:20
actiongrunion_pre_message_sentplugin.php:123
filterwpcf7_validate_emailsrc\Checks\class-debounce-cf7.php:31
filterwpcf7_validate_email*src\Checks\class-debounce-cf7.php:32
filterelementor_pro/forms/validation/emailsrc\Checks\class-debounce-elementor-form.php:10
filterfluentform_validate_input_item_input_emailsrc\Checks\class-debounce-fluent-forms.php:10
filterfrm_validate_entrysrc\Checks\class-debounce-formidable-forms.php:10
filterforminator_custom_form_submit_errorssrc\Checks\class-debounce-forminator-forms.php:10
filtergform_field_validationsrc\Checks\class-debounce-gravity-forms.php:31
filteris_emailsrc\Checks\class-debounce-is-email.php:31
filterninja_forms_submit_datasrc\Checks\class-debounce-ninja-forms.php:31
actionpre_comment_on_postsrc\Checks\class-debounce-on-comment.php:10
filteris_emailsrc\Checks\class-debounce-on-comment.php:16
actionregistration_errorssrc\Checks\class-debounce-on-registration.php:32
actionwoocommerce_after_checkout_validationsrc\Checks\class-debounce-woocommerce.php:40
filterwpforms_process_after_filtersrc\Checks\class-debounce-wp-forms.php:31
filterwsf_action_email_email_validatesrc\Checks\class-debounce-wsforms.php:10
actionadmin_enqueue_scriptssrc\class-debounce-admin.php:12
actionadmin_menusrc\class-debounce-admin.php:13
actionadmin_footersrc\class-debounce-admin.php:14
actionadmin_noticessrc\class-debounce-admin.php:15
actionadmin_initsrc\class-debounce-admin.php:17
actionwp_enqueue_scriptssrc\class-debounce-plugin.php:250
actionrest_api_initsrc\class-debounce-plugin.php:259
filterdebounce_api_is_privatesrc\functions.php:15
actionwp_enqueue_scriptssrc\functions.php:16
actionwp_footersrc\functions.php:17
Maintenance & Trust

DeBounce Email Validator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 21, 2026
PHP min version7.0
Downloads23K

Community Trust

Rating78/100
Number of ratings16
Active installs300
Alternatives

DeBounce Email Validator Alternatives

QuickEmailVerification

QuickEmailVerification

quickemailverification

A
100

The QuickEmailVerification email verification plugin to avoid fake, bad and nonexistent emails.

200 No CVEs
ZeroBounce Email Verification & Validation

ZeroBounce Email Verification & Validation

zerobounce

A
92

ZeroBounce validates emails on your WordPress site in real-time, blocking invalid and risky emails to improve deliverability and reduce bounce rates.

1K 1 CVE
Antideo Email Validator

Antideo Email Validator

antideo-email-validator

B
75

Form email validation, Email Blacklist, Domain Blacklist, Form email check, Real time email validator Requires at least: 4.7 Tested up to: 6.9.

900 1 unpatched
Clearout Email Validator – Real-Time Email Verification on WordPress Forms

Clearout Email Validator – Real-Time Email Verification on WordPress Forms

clearout-email-validator

A
99

Block invalid emails like temporary, disposable, etc. with our real-time email verification. Verify email address during form-fill and stop form spam.

600 1 CVE
Dilli Email Validator

Dilli Email Validator

dilli-email-validator

A
100

Validates email addresses in real-time and blocks form submissions with invalid or fake emails. Reduce spam, fix typos, and capture quality leads.

100 No CVEs
Developer Profile

DeBounce Email Validator Developer Profile

debounce

1 plugin · 300 total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
136 days
View full developer profile
Detection Fingerprints

How We Detect DeBounce Email Validator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/debounce-io-email-validator/assets/css/admin.css/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.js/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.validate.js/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.admin.js
Script Paths
/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.js/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.validate.js/wp-content/plugins/debounce-io-email-validator/assets/js/debounce.admin.js
Version Parameters
debounce-io-email-validator/assets/css/admin.css?ver=debounce-io-email-validator/assets/js/debounce.js?ver=debounce-io-email-validator/assets/js/debounce.validate.js?ver=debounce-io-email-validator/assets/js/debounce.admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
debounce-noticedbbtndbbtn1dbbtn2lastpddbtn-close
Data Attributes
data-value
JS Globals
debounce_io_debounce_settings
REST Endpoints
/wp-json/debounceio/review
FAQ

Frequently Asked Questions about DeBounce Email Validator