[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnMoBzZG3hoDNJ6DlbSB37ex6ME4vb6psNexwTIpT2ys":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":45,"crawl_stats":35,"alternatives":49,"analysis":155,"fingerprints":250},"digitimber-cpanel-integration","DigiTimber cPanel Integration","1.4.8","DigiTimber","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitimber\u002F","\u003Cp>DigiTimber cPanel Integration allows users to access basic cPanel functionality from within WordPress. This plugin was created initially for our own users, but decided that with the lack of any other plugins in the list, we’d toss it out there for others. Hopefully its helpful to you and your users!\u003C\u002Fp>\n\u003Cp>Currently limited to email administration, but more is planned.\u003Cbr \u002F>\n– View a list of all email accounts for all domains.\u003Cbr \u002F>\n– Add a new email accounts to any domain registered in cpanel.\u003Cbr \u002F>\n– Update email account passwords and quotas.\u003Cbr \u002F>\n– Delete email accounts.\u003C\u002Fp>\n\u003Cp>In time we are hoping to add many functions from within the WordPress site that users would otherwise need to log into cPanel in order to access.\u003C\u002Fp>\n","DigiTimber cPanel Integration allows users to access basic cPanel functionality from within WordPress. This plugin was created initially for our own u &hellip;",100,7087,1,"2025-01-27T22:24:00.000Z","6.7.5","6.0","7.2",[19,20,21,22],"cpanel","email","mail","manage","https:\u002F\u002Fgithub.com\u002Fvexing-media\u002FDigiTimber-cPanel-Integration-WP-Plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdigitimber-cpanel-integration.zip",91,0,"2025-01-31 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2025-22690","digitimber-cpanel-integration-cross-site-request-forgery-to-stored-cross-site-scripting","DigiTimber cPanel Integration \u003C= 1.4.6 - Cross-Site Request Forgery to Stored Cross-site Scripting","The DigiTimber cPanel Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.4.6","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-02-03 14:42:02",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F937a1474-2fe8-40dd-86c3-2d839a7b9c07?source=api-prod",4,{"slug":46,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":44,"trust_score":47,"computed_at":48},"digitimber",94,"2026-04-04T22:30:50.198Z",[50,75,96,117,136],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":71,"download_link":72,"security_score":73,"vuln_count":13,"unpatched_count":26,"last_vuln_date":74,"fetched_at":28},"resend-welcome-email","Resend Welcome Email","1.1.9","Hudson Atwell","https:\u002F\u002Fprofiles.wordpress.org\u002Fadbox\u002F","\u003Cp>This tool was developed to quickly send a user a new password reset link via email when they are having trouble logging in.\u003C\u002Fp>\n\u003Ch4>Developers & Designers\u003C\u002Fh4>\n\u003Cp>This extension has a public GitHub page where users can contribute fixes and improvements.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fatwellpub\u002Fresend-welcome-email\" title=\"Follow & Contribute to core development on GitHub\" rel=\"nofollow ugc\">Follow Development on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fatwellpub\" title=\"Follow the developer on Twitter\" rel=\"nofollow ugc\">Follow Developer on Twitter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftiborepcek\u002F\" title=\"Tibor Repček on GitHub\" rel=\"nofollow ugc\">Tibor Repček\u003C\u002Fa> – translation into slovak language (slovenčina)\u003C\u002Fp>\n","Quickly send a new welcome email and password reset link for a user through the user's profile edit area.",1000,22239,74,9,"2018-02-24T07:40:00.000Z","4.9.29","4.3.1","5.3",[67,68,69,70],"support","user-management","users","welcome-email","http:\u002F\u002Fwww.twitter.com\u002Fatwellpub","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresend-welcome-email.1.1.9.zip",85,"2015-04-27 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":11,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":94,"download_link":95,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"wp-comment-notification","WP Comment Notification","1.4","WpExperts Hub","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpexpertshub\u002F","\u003Cp>🔹 Manage your wordpress comment notification emails.\u003Cbr \u002F>\n🔹 Send email notifications to other users or multiple different emails.\u003Cbr \u002F>\n🔹 Add Comma separated email list in settings to send email notifications.\u003C\u002Fp>\n\u003Ch3>Acknowledgements\u003C\u002Fh3>\n\u003Cp>Thanks to every donor, supporter, and bug reporter!\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is Free Software, released and licensed under the GPL, version 2 (http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html).\u003Cbr \u002F>\nYou may use it free of charge for any purpose.\u003C\u002Fp>\n","Send email notification to predefined email ids when someone comments on your blog.",500,8779,"2022-07-30T07:40:00.000Z","6.0.11","5.6",[89,90,91,92,93],"comment-emails","comments-notification","manage-comments-notification","notification","wordpress-comments","https:\u002F\u002Fwpexpertshub.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-comment-notification.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":86,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":115,"download_link":116,"security_score":73,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"events-manager-email-users","Events Manager – Email Users","4.8.2","Stonehenge Creations","https:\u002F\u002Fprofiles.wordpress.org\u002Fduisterdenhaag\u002F","\u003Cblockquote>\n\u003Cp>Requires \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fevents-manager\u002F\" rel=\"ugc\">Events Manager\u003C\u002Fa> (free plugin) to be installed & activated.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Send fully customizable HTML emails to all bookings of a specific event with a certain booking status – right from your Dashboard. Filter double bookings (or not).\u003C\u002Fp>\n\u003Cp>Did you ever need to send an email to all or certain bookings for a specific event? \u003Cstrong>GOOD NEWS! Now, you can.\u003C\u002Fstrong> By default Events Manager does not offer this option – that is the job of this add-on.\u003C\u002Fp>\n\u003Cp>Easily create an email once using any of the EM Placeholders and send a personalized version to every individual customer. Every email is sent to each recipient separately to help you with your GDPR compliance.\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Select the recipients type: Booking Contacts \u002F Attendees or both.\u003C\u002Fli>\n\u003Cli>Select which booking status to include in your recipients list.\u003C\u002Fli>\n\u003Cli>Use any type of Events Manager placeholders in your email message.\u003C\u002Fli>\n\u003Cli>Easy-to-use wildcards to target individual attendee details in emails.\u003C\u002Fli>\n\u003Cli>Every email is sent to each recipient individually to help you be GDPR compliant.\u003C\u002Fli>\n\u003Cli>Send HTML emails completely styled to your personal liking.\u003C\u002Fli>\n\u003Cli>Adds a plain text version to HTML emails to prevent being marked as spam by some servers.\u003C\u002Fli>\n\u003Cli>MultiSite compatible: all settings are neatly saved per blog.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MultiSite:\u003C\u002Fstrong> Set outgoing email credentials per blog.\u003Cbr \u002F>\n\u003Cem>(A truly missing feature in the original EM plugin!)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Version available\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>This free version can be used without restrictions or time limit.\u003C\u002Fstrong>\u003Cbr \u002F>\nThere is also a very \u003Ca href=\"https:\u002F\u002Fwww.stonehengecreations.nl\u002Fcreations\u002Fstonehenge-em-email-pro\" rel=\"nofollow ugc\">extended Premium version\u003C\u002Fa> available, with features like attachments, PDF tickets, QR Codes, Follow-up Emails and Track Changes. More info can be found in the plugin settings page.\u003Cbr \u002F>\n\u003Cstrong>Upgrading is 100% optional.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>US English (default)\u003C\u002Fli>\n\u003Cli>Dutch (always included in the download)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is ready to be translated, all texts are defined in the .pot file which is included in the download. Any contributions to localize this plugin are very welcome!\u003C\u002Fp>\n","Free add-on for Events Manager. Send fully customizable HTML emails to all bookings of a specific event per booking status.",200,11690,92,12,"2022-03-16T06:37:00.000Z","5.4","7.3",[112,20,113,114],"booking","events-manager","smtp","https:\u002F\u002Fwww.stonehengecreations.nl\u002Fcreations\u002Fevents-manager-email-users\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fevents-manager-email-users.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":104,"downloaded":125,"rating":11,"num_ratings":126,"last_updated":127,"tested_up_to":15,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":134,"download_link":135,"security_score":106,"vuln_count":26,"unpatched_count":26,"last_vuln_date":35,"fetched_at":28},"wf-cpanel-email-accounts","WebFacing™ – Email Accounts management for cPanel®","5.3.6","Knut Sparhell","https:\u002F\u002Fprofiles.wordpress.org\u002Fknutsp\u002F","\u003Cp>🕸️ By \u003Ca href=\"https:\u002F\u002Fwebfacing.eu\u002F\" rel=\"nofollow ugc\">WebFacing™\u003C\u002Fa>. Read, send, show, manage, list, create, add, remove or delete email accounts, old messages, forwarders and autoresponders.\u003Cbr \u002F>\nOne click read, send and manage all your emails without a login step. Update notification recipients. Backup and download your complete cPanel® account.\u003C\u002Fp>\n\u003Cp>This plugin requires your site is hosted on a cPanel® equipped server.\u003C\u002Fp>\n\u003Cp>It uses it’s UAPI through shell access by default, or via HTTP API. Using without \u003Ccode>shell_exec\u003C\u002Fcode> initially requires a temporary access token generated in the cPanel® native interface.\u003C\u002Fp>\n\u003Ch3>Translation ready. Ready translations are\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Norwegian (bokmål)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Current features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>NEW:\u003C\u002Fstrong> Dashboard widget with three live graphic server memory usage and server load gauge charts (can eassily be minimized or hidden via Screen Options or programatically)\u003C\u002Fli>\n\u003Cli>WP Block for frontend access user’s own Webmail\u003C\u002Fli>\n\u003Cli>Bulk entry of forwarders and email accounts (as free trial only, very limited use)\u003C\u002Fli>\n\u003Cli>Screen Options to select visible forms on New Email screen, saved for as user option (and per site for Multisite)\u003C\u002Fli>\n\u003Cli>Shortcode \u003Ccode>[wf_cpanel_email_webmail]\u003C\u002Fcode> or as \u003Ccode>[wf_cpanel_email_webmail]\u003C\u002Fcode>My Email\u003Ccode>[\u002Fwf_cpanel_email_webmail]\u003C\u002Fcode> for frontend access user’s own Webmail\u003C\u002Fli>\n\u003Cli>cPanel® API Tokens Management – needed in case \u003Ccode>shell_exec\u003C\u002Fcode> is not available or when accessing a remote server\u003C\u002Fli>\n\u003Cli>Backup complete cPanel® hosting account to file, and download it\u003C\u002Fli>\n\u003Cli>Restore account backup files by extracting it to a folder (experimental)\u003C\u002Fli>\n\u003Cli>Semi automated migration to new email server, including setup of new accounts for users, with sending setup instructions, passwords and links to setup guides for most common email clients\u003C\u002Fli>\n\u003Cli>Add 10 single Email Accounts per week (without Pro nag) — actually unlimited\u003C\u002Fli>\n\u003Cli>Remove single\u002Fmultiple Email Accounts\u003C\u002Fli>\n\u003Cli>List mailboxes with number of messages for each box\u003C\u002Fli>\n\u003Cli>Remove old messages from mailboxes (older than 52 weeks as default)\u003C\u002Fli>\n\u003Cli>Shrink a mailbox (empty it)\u003C\u002Fli>\n\u003Cli>Change storage quota for for email accounts\u003C\u002Fli>\n\u003Cli>Add 20 forwarders per week (without Pro nag) — actually unlimited\u003C\u002Fli>\n\u003Cli>Add\u002Fremove single\u002Fmultiple Email Failure addresses or Blackhole addresses\u003C\u002Fli>\n\u003Cli>Add\u002Fdelete\u002Fedit email autoresponders (for, subject, body, from, start, stop, interval)\u003C\u002Fli>\n\u003Cli>Send single cPanel® Email Account Instruction (Client Setup) to specfied address\u003C\u002Fli>\n\u003Cli>Send multipe cPanel® Email Account Instructions (Client Setups) to yourself for distribution\u003C\u002Fli>\n\u003Cli>Open your cPanel® Webmail app for selected account (single click\u002Ftap – no further login needed!)\u003C\u002Fli>\n\u003Cli>Set\u002Fchange Email Account passwords\u003C\u002Fli>\n\u003Cli>Set Default Email Address (catch-all) as forwarder, failure or blackhole\u003C\u002Fli>\n\u003Cli>View\u002Fchange Notification\u002FContact Email Addresses\u003C\u002Fli>\n\u003Cli>Access for any user to view and read their \u003Cem>own\u003C\u002Fem> emails, if given the \u003Ccode>cpanel\u003C\u002Fcode> capability (Use custom code or a Roles\u002FCapabilities Manager plugin)\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support for subdomain email addresses when the main domain is a subdomain (only)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In case the \u003Ccode>shell_exec\u003C\u002Fcode> function is disabled in your server PHP configuration, create a token in native cPanel® interface and add \u003Cem>one\u003C\u002Fem> of these lines to your \u003Ccode>wp-config.php\u003C\u002Fcode> file, \u003Ccode>functions.php\u003C\u002Fcode> in your child theme, in Must-use plugin or a custom regular plugin\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>const WF_CPANEL_API_TOKEN = 'my-temp-api-token';\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>define( 'WF_CPANEL_API_TOKEN', 'my-temp-api-token' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>See \u003Ca href=\"https:\u002F\u002Fdocs.cpanel.net\u002Fcpanel\u002Fsecurity\u002Fmanage-api-tokens-in-cpanel\u002F\" rel=\"nofollow ugc\">Manage API Tokens in cPanel®\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>The \u003Ccode>WF_CPANEL_API_TOKEN\u003C\u002Fcode> constant may be removed when a new token is created and activated from the plugin admin page\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to set the default visibility for users on New Email screen (users may still set their own preferences):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter( 'wf-cpanel-email-new-email_user-option', static function( bool $default, string $option, int $user_id ) {\u003Cbr \u002F>\nif ( $option === 'wc-show-new-blackhole' \u002F*or by $user_id*\u002F ) {\u003Cbr \u002F>\n$default = true\u002F*false*\u002F;\u003Cbr \u002F>\n}\u003Cbr \u002F>\nreturn $default;\u003Cbr \u002F>\n}, 10, 3 );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to allow other users than those with \u003Ccode>manage_options\u003C\u002Fcode> capability to manage email adresses, single- or multisite, \u003Cem>one\u003C\u002Fem> of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_capability', static fn( string $cap ): string => $my_cpanel_email_cap );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_capability', static fn( string $cap ) => 'edit_published_pages' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to allow other users than those with \u003Ccode>manage_options\u003C\u002Fcode> capability to see the dashboard widget, or remove it, \u003Cem>one\u003C\u002Fem> of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_widget_capability', static fn( string $cap ): string => $my_cpanel_widget_cap );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_widget_capability', static fn( string $cap ) => 'edit_published_pages' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_widget_capability', static fn( string $cap ) => 'do_not_allow' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to alter the refresh interval in seconds for the dashboard widget, \u003Cem>one\u003C\u002Fem> of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_widget_interval', static fn( int $interval ): int => $my_cpanel_widget_interval );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_widget_interval', static fn( int $interval ) => 45 );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Option to limit email addresses to current site domain, even for single site admins, \u003Cem>one\u003C\u002Fem> of the following\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>const WF_CPANEL_EMAIL_SITE_DOMAIN_ONLY = true;\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>define( 'WF_CPANEL_EMAIL_SITE_DOMAIN_ONLY', true );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_site_domain_only', '__return_true' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_site_domain_only', fn() => true );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Multisite Network: Option not to limit email addresses to current subsite domain, for site admins that are not network (super) admins, \u003Cem>one\u003C\u002Fem> of the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>const WF_CPANEL_EMAIL_SITE_DOMAIN_ONLY = false;\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>define( 'WF_CPANEL_EMAIL_SITE_DOMAIN_ONLY', false );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_site_domain_only', '__return_false' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>add_filter( 'wf_cpanel_email_site_domain_only', fn() => false );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Many optional parameters and API filters for the shortcode output, see \u003Ccode>includes\u002FShortCode.php\u003C\u002Fcode> until further tested and documented\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you want to access another user on the server, use \u003Cem>one\u003C\u002Fem> of the following\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>const WF_CPANEL_USER = 'my-username';\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>define( 'WF_CPANEL_USER', 'my-username' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>If you want to access a remote server, use \u003Cem>one\u003C\u002Fem> of the following\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>const WF_CPANEL_HOST = 'my-host';\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>define( 'WF_CPANEL_HOST', 'my-host' );\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>using \u003Ccode>WF_CPANEL_HOST\u003C\u002Fcode>requires \u003Ccode>WF_CPANEL_USER\u003C\u002Fcode> to also be defined\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Automaticallly create new accounts when a new user is registered?\u003Cbr \u002F>\n    add_action( ‘user_register’, static function( int $user_id, array $userdata ): void {\u003Cbr \u002F>\n            \u002F\u002F What to do just after the registraton here, like this (adds an email address that forwards to all users, a mailing list):\u003Cbr \u002F>\n            if ( method_exists( ‘WebFacing\\cPanel\\UAPI’, ‘add_forwarder’ ) ) {\u003Cbr \u002F>\n                \\WebFacing\\cPanel\\UAPI::add_forwarder( ‘all-users@yoursite.tld, ‘$userdata[‘user_email’] );\u003Cbr \u002F>\n            }\u003Cbr \u002F>\n        }, 2 );\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Site Health\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tests and information\u003C\u002Fli>\n\u003Cli>Check auto detecting and current email routing in an extra Site Health tab (to any email address sent from your server)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Possible future features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Scheduled automatic removal of old messages in\u002Ffrom mailboxes\u003C\u002Fli>\n\u003Cli>Import migration list for create account, send instructions and password to current address\u003C\u002Fli>\n\u003Cli>Delete \u003Cem>selected\u003C\u002Fem> email messages from mailboxes (by selectd message age etc.)\u003C\u002Fli>\n\u003Cli>Suspend\u002Funsuspend incoming\u002Foutgoing for email accounts (if requested)\u003C\u002Fli>\n\u003Cli>Suspend\u002Funsuspend \u003Cem>login\u003C\u002Fem> to email accounts (if requested)\u003C\u002Fli>\n\u003Cli>Domain level email forwarding\u003C\u002Fli>\n\u003Cli>Domain Managament\u003C\u002Fli>\n\u003Cli>DNS Zone editing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limitations, security, privacy – be warned\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Maximum New Forwarders = 20, Maximum New Accounts = 5, weekly reset\u003C\u002Fli>\n\u003Cli>Trial: Maximum New Forwarders as \u003Cstrong>bulk entry\u003C\u002Fstrong> = 4, Maximum New Accounts as \u003Cstrong>bulk entry\u003C\u002Fstrong> = 2\u003C\u002Fli>\n\u003Cli>Now works without shell access! Will not work at all if \u003Ccode>shell_exec\u003C\u002Fcode> is disabled in \u003Ccode>php.ini\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Works only for admins, or other users with a custom \u003Ccode>cpanel\u003C\u002Fcode> capability and email on site domain (so far)\u003C\u002Fli>\n\u003Cli>Any admin (if multisite, only network admins), or user with the filtered capability, on a site, can fully access \u003Cem>any\u003C\u002Fem> account on the cPanel® server instance\u003C\u002Fli>\n\u003Cli>No AYS warnings for delete actions\u003C\u002Fli>\n\u003Cli>If several sites\u002Fadmins share the same cPanel® account, without being part of a WP Multisite network, no bulletproof separation, because of the way the cPanel® UAPI CLI works, with or without this plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Addon\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Pro Addon plugin was released May 1, 2023 at https:\u002F\u002Fwebfacing.eu\u002Fplugin\u002Fwf-cpanel-email-accounts-pro\u002F and will unlock \u003Cstrong>in bulk entry\u003C\u002Fstrong> new forwarders and new accounts to the numbers in the purchesed license\u003C\u002Fli>\n\u003C\u002Ful>\n","WebFacing™ - Email Accounts management for cPanel®",22999,8,"2025-01-10T22:12:00.000Z","6.5","8.1",[131,132,19,20,133],"auto-reply","backup","membership","https:\u002F\u002Fwebfacing.eu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwf-cpanel-email-accounts.5.3.zip",{"slug":137,"name":138,"version":78,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":11,"downloaded":142,"rating":26,"num_ratings":26,"last_updated":143,"tested_up_to":15,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":152,"download_link":153,"security_score":25,"vuln_count":13,"unpatched_count":26,"last_vuln_date":154,"fetched_at":28},"leadboxer","LeadBoxer","https:\u002F\u002Fprofiles.wordpress.org\u002Fleadboxer\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.leadboxer.com\" rel=\"nofollow ugc\">LeadBoxer\u003C\u002Fa> is a Lead Generation platform that helps you with online Lead Identification, Qualification and Lead Management.\u003C\u002Fp>\n\u003Cp>Connect all your lead data points together, including profile and behavioral tracking to discover new sales opportunities for your organization.\u003C\u002Fp>\n","This plugin can be used to add the LeadBoxer tracking code to a Wordpress site",4113,"2025-01-31T11:41:00.000Z","3.0.1","",[147,148,149,150,151],"email-tracking","lead-generation","lead-management","visitor-identification","website-identification","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fleadboxer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleadboxer.1.4.zip","2024-11-18 00:00:00",{"attackSurface":156,"codeSignals":168,"taintFlows":215,"riskAssessment":241,"analyzedAt":249},{"hooks":157,"ajaxHandlers":164,"restRoutes":165,"shortcodes":166,"cronEvents":167,"entryPointCount":26,"unprotectedCount":26},[158],{"type":159,"name":160,"callback":161,"file":162,"line":163},"action","admin_menu","digitimber_cpanel_menu","digitimber-cpanel.php",21,[],[],[],[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":172,"fileOperations":26,"externalRequests":13,"nonceChecks":44,"capabilityChecks":26,"bundledLibraries":214},[],{"prepared":26,"raw":26,"locations":171},[],{"escaped":44,"rawEcho":173,"locations":174},19,[175,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212],{"file":162,"line":176,"context":177},188,"raw output",{"file":162,"line":179,"context":177},222,{"file":162,"line":181,"context":177},244,{"file":162,"line":183,"context":177},246,{"file":162,"line":185,"context":177},257,{"file":162,"line":187,"context":177},299,{"file":162,"line":189,"context":177},336,{"file":162,"line":191,"context":177},339,{"file":162,"line":193,"context":177},340,{"file":162,"line":195,"context":177},342,{"file":162,"line":197,"context":177},359,{"file":162,"line":199,"context":177},418,{"file":162,"line":201,"context":177},419,{"file":162,"line":203,"context":177},421,{"file":162,"line":205,"context":177},437,{"file":162,"line":207,"context":177},453,{"file":162,"line":209,"context":177},512,{"file":162,"line":211,"context":177},527,{"file":162,"line":213,"context":177},533,[],[216,233],{"entryPoint":217,"graph":218,"unsanitizedCount":26,"severity":232},"dt_cpanel_email (digitimber-cpanel.php:229)",{"nodes":219,"edges":229},[220,224],{"id":221,"type":222,"label":223,"file":162,"line":181},"n0","source","$_POST['email']",{"id":225,"type":226,"label":227,"file":162,"line":181,"wp_function":228},"n1","sink","echo() [XSS]","echo",[230],{"from":221,"to":225,"sanitized":231},true,"low",{"entryPoint":234,"graph":235,"unsanitizedCount":26,"severity":232},"\u003Cdigitimber-cpanel> (digitimber-cpanel.php:0)",{"nodes":236,"edges":239},[237,238],{"id":221,"type":222,"label":223,"file":162,"line":181},{"id":225,"type":226,"label":227,"file":162,"line":181,"wp_function":228},[240],{"from":221,"to":225,"sanitized":231},{"summary":242,"deductions":243},"The digitimber-cpanel-integration plugin, version 1.4.8, exhibits a generally good security posture based on the static analysis. The absence of dangerous functions, raw SQL queries, file operations, and a lack of critical or high severity taint flows are positive indicators.  The presence of nonce checks, even with a limited number of total flows, is also a good practice.  However, a significant concern arises from the low percentage of properly escaped output (17%). This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected and executed within the WordPress environment.\n\nThe plugin's vulnerability history reveals a single medium severity CVE, which has since been patched. While this is a positive sign that vulnerabilities are addressed, the historical presence of a CVE, even a medium one, coupled with the identified output escaping issues, suggests a need for continued vigilance.  The current lack of unpatched vulnerabilities is reassuring, but the static analysis findings highlight potential weaknesses that could be exploited if not addressed.\n\nIn conclusion, the plugin demonstrates strengths in its limited attack surface and secure handling of core functionalities like SQL and file operations. However, the prevalent issue of unescaped output presents a substantial risk that warrants immediate attention to prevent potential XSS attacks. While the vulnerability history is not alarming, it serves as a reminder that proactive security measures are crucial.",[244,246],{"reason":245,"points":107},"Low percentage of properly escaped output",{"reason":247,"points":248},"Past medium severity CVE",5,"2026-03-16T20:40:11.862Z",{"wat":251,"direct":260},{"assetPaths":252,"generatorPatterns":255,"scriptPaths":256,"versionParams":257},[253,254],"\u002Fwp-content\u002Fplugins\u002Fdigitimber-cpanel-integration\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fdigitimber-cpanel-integration\u002Fjs\u002Fdt-cpanel.js",[],[254],[258,259],"digitimber-cpanel-integration\u002Fcss\u002Fstyle.css?ver=","digitimber-cpanel-integration\u002Fjs\u002Fdt-cpanel.js?ver=",{"cssClasses":261,"htmlComments":265,"htmlAttributes":266,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":273},[262,263,264],"dt-cpanel-settings-page","dt-cpanel-email","dt-top-level-handle",[],[267,268],"data-cpanel-username","data-cpanel-password",[],[271,272],"dtcpanel","dt_cpanel_js_vars",[]]