[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0-dypTCcf2ZTgtMwezuxBrwTQklj2KXxJVrjwCTNxcw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":154,"fingerprints":283},"email-2-image","Email to Image","4.1","andur","https:\u002F\u002Fprofiles.wordpress.org\u002Fanduriell\u002F","\u003Cp>This plugin is used to prevent spiders collect email addresses from your blog for the sending of spam. Actually spambots are crawling the web in a nonstop to collect as many email addresses as possible. That could make your personal or commercial email that you could put in your blog spammed from those crawlers. Also is a security risk because allow automatons to try by brute force access to your blog in an automatic way.\u003C\u002Fp>\n\u003Cp>This will be solve with this plug. The email addresses will be swap with a highly efective and optimiced way for images. The name, and meaning will be encripted so, only a human could read those. I think this could be the perfect protection for your email without using the very complex way Recaptcha uses.\u003C\u002Fp>\n\u003Cp>The page will not show the emails, not int the excerpt or comments, widgets, feeds neither.\u003C\u002Fp>\n\u003Cp>The names are encripted so it will be more dificult to recognice the emails.\u003C\u002Fp>\n\u003Cp>If you like this plugin and have some sugestion or wish some new function just drop by my page and live a comment: \u003Ca href=\"http:\u002F\u002Farturoemilio.es\" rel=\"nofollow ugc\">Comment about my plugin in my homepage\u003C\u002Fa>.\u003Cbr \u002F>\nIf you found any bug or see any weird behavior in your blog, please use the wordpress forums, i check them regulary \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Femail-2-image\" rel=\"ugc\">Suport or Bugs Reports\u003C\u002Fa>.\u003C\u002Fp>\n","Avoid to get the email addresses in your blog to be indexed by spambots in a fancy and very efective way.",10,4652,20,1,"2014-08-31T18:25:00.000Z","3.9.40","2.8","",[20,21,22,23,24],"email","email-image","email-spam","image","spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-2-image.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"anduriell",30,84,"2026-04-04T18:12:39.559Z",[37,62,87,107,132],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":27,"last_vuln_date":61,"fetched_at":29},"wp-mail-logging","WP Mail Logging","1.16.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>WP Mail Logging is the most popular plugin for logging emails sent from your WordPress site. Simply activate it and it will work immediately, no extra configuration is needed.\u003C\u002Fp>\n\u003Ch3>Are your WordPress emails not being sent or delivered?\u003C\u002Fh3>\n\u003Cp>Use this plugin to log all outgoing emails from your WordPress site. If there are any errors when sending the email from your site, our email logs will catch that error and display it to you.\u003C\u002Fp>\n\u003Cp>This will allow you to debug and fix your email sending issue.\u003C\u002Fp>\n\u003Ch3>Did a client not receive your email?\u003C\u002Fh3>\n\u003Cp>Our email logs allow you to resend any email that was sent from your site. No more lost emails!\u003C\u002Fp>\n\u003Ch3>Do you just want to keep a record of all emails sent from your site?\u003C\u002Fh3>\n\u003Cp>By default, WordPress and your web host do not log, store or keep track of emails sent from your website.\u003C\u002Fp>\n\u003Cp>This plugin will allow you to do just that. Our email logs will store every email that is sent from your WordPress site.\u003C\u002Fp>\n\u003Cp>You can search and view a particular email log, inspect its content or attachments, and even resend that email.\u003C\u002Fp>\n\u003Ch3>What email information is logged?\u003C\u002Fh3>\n\u003Cp>All emails sent from your WordPress site are logged. And here is the information that is stored:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Subject\u003C\u002Fli>\n\u003Cli>Email Content (HTML or text)\u003C\u002Fli>\n\u003Cli>Email Attachments\u003C\u002Fli>\n\u003Cli>Email Headers (to, from, reply-to, cc, bcc, …)\u003C\u002Fli>\n\u003Cli>Error Message (in case there was an error while attempting to send the email)\u003C\u002Fli>\n\u003Cli>IP Address of originating server (can be enabled in the settings)\u003C\u002Fli>\n\u003Cli>Date and Time of the email\u003C\u002Fli>\n\u003Cli>Receiver (the TO email address)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why are my logged emails still not delivered to the inbox?\u003C\u002Fh3>\n\u003Cp>There are a lot of steps that emails have to make in order to be delivered to the recipient’s inbox.\u003C\u002Fp>\n\u003Cp>When your WordPress site sends an email, there’s no guarantee it will be delivered.\u003C\u002Fp>\n\u003Cp>This is what the email’s journey looks like:\u003C\u002Fp>\n\u003Col>\n\u003Cli>WordPress creates an email\u003C\u002Fli>\n\u003Cli>WordPress passes the email to your website host and that email gets logged by our plugin\u003C\u002Fli>\n\u003Cli>The host server takes the email and sends it (SMTP or Mail Transfer Agent)\u003C\u002Fli>\n\u003Cli>Recipient server receives or blocks the email\u003C\u002Fli>\n\u003Cli>If the email is accepted, the spam filter decides if it goes to the inbox or the spam folder\u003C\u002Fli>\n\u003Cli>Recipients see the email and might open it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin does not track delivery after step 2.\u003C\u002Fp>\n\u003Cp>If you have deliverability issues, we suggest installing the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>WP Mail SMTP fixes WordPress email deliverability problems, you can choose between 12 email providers (Gmail, Outlook, SendLayer, Mailgun, …) to resolve your email sending issue and it’s super easy to set up. WP Mail SMTP is trusted by more than 3 million websites.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>The plugin was created and launched in 2014 by \u003Ca href=\"https:\u002F\u002Fno3x.de\u002F\" rel=\"nofollow ugc\">Christian Zöller\u003C\u002Fa>.\u003C\u002Fp>\n","Log, view, and resend all emails sent from your WordPress site. Great for resolving email sending issues or keeping a copy for auditing.",300000,4360548,94,349,"2026-02-19T07:13:00.000Z","6.9.4","5.3","7.4",[54,20,55,56,24],"deliverability","email-log","smtp","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-logging\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-logging.1.16.0.zip",89,6,"2026-02-27 17:58:35",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":50,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":83,"download_link":84,"security_score":85,"vuln_count":14,"unpatched_count":27,"last_vuln_date":86,"fetched_at":29},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,280578,88,19,"2025-12-18T08:01:00.000Z","6.7","8.3",[78,79,80,81,82],"antispam","email-encryption","mail","privacy","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip",99,"2025-12-04 20:35:36",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":70,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":50,"requires_at_least":99,"requires_php":52,"tags":100,"homepage":104,"download_link":105,"security_score":106,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"stop-wp-emails-going-to-spam","Stop WP Emails Going to Spam","2.2.1","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Emails generated from within WordPress often end up in your spam or junk folder, This plugin helps you sort that out. The default settings of this plugin can often be enough to solve your problem.\u003C\u002Fp>\n\u003Cp>When using the default PHP mailer in WordPress, especially on shared servers, emails will often be set to spam or junk by receiving email systems. This can be very frustrating and important notifications can be missed by you or your clients.\u003C\u002Fp>\n\u003Cp>Why does this happen? One problem is the “envelope sender” not being set, and many hosts will recommend that you install a plugin to set the “envelope sender”, this is the main purpose of this plugin.\u003C\u002Fp>\n\u003Cp>Along with setting the “envelope sender” this plugin also displays your Sender Permitted From (SPF) and checks your server IP is in the SPF record, if there is one.\u003C\u002Fp>\n\u003Cp>Optionally this plugin allows you to change the name and email address of the default WordPress notification email easily.\u003C\u002Fp>\n\u003Cp>If you use an SMTP email plugin or use an API based transactional email plugin, this plugin will add no value; it is built to support the default PHP mailer only.\u003C\u002Fp>\n\u003Ch4>PHP 8.0 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Checks email SPF health\u003C\u002Fli>\n\u003Cli>Checks if your IP is blacklisted\u003C\u002Fli>\n\u003Cli>Set envelope sender when missing\u003C\u002Fli>\n\u003Cli>Allows you to change the default WordPress sending email\u003C\u002Fli>\n\u003Cli>Allows you to change the default WordPress sending email name\u003C\u002Fli>\n\u003Cli>Allows you to set the sending email domain\u003C\u002Fli>\n\u003C\u002Ful>\n","Fixes WordPress emails going to spam\u002Fjunk folders. The default settings often resolve the issue.",165353,96,51,"2025-12-15T13:14:00.000Z","4.8.1",[20,101,102,103,24],"envelope-sender","phpmail","phpmailer","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-wp-emails-going-to-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-wp-emails-going-to-spam.2.2.1.zip",100,{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":130,"unpatched_count":14,"last_vuln_date":131,"fetched_at":29},"wp-mailto-links","WP Mailto Links – Protect Email Addresses","3.1.4","Online Optimisation","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineoptimisation\u002F","\u003Cp>Protect and encode email addresses safely from spambots, spamming and other robots. Easy to use out-of-the-box without any configuration.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full page protection for emails\u003C\u002Fli>\n\u003Cli>Instant results (No confiruation needed)\u003C\u002Fli>\n\u003Cli>Protects mailto links, plain emails, email input fields, RSS feeds and much more\u003C\u002Fli>\n\u003Cli>Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)\u003C\u002Fli>\n\u003Cli>Exclude posts and pages from protection\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to mailto-links\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to png images\u003C\u002Fli>\n\u003Cli>Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more\u003C\u002Fli>\n\u003Cli>Deactivate CSS directions manually for backwards compatibility\u003C\u002Fli>\n\u003Cli>Shortcode support: \u003Ccode>[wpml_mailto]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Template tag support: \u003Ccode>wpml_mailto()\u003C\u002Fcode> and \u003Ccode>wpml_filter()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin combines the best email protection methods (CSS, PHP and JavaScript techniques).\u003C\u002Fp>\n\u003Ch4>Free Website Check\u003C\u002Fh4>\n\u003Cp>We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by \u003Ca href=\"https:\u002F\u002Fironikus.com\u002Femail-checker\u002F\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. After activating the plugin, all options are already set for protecting your emails and mailto links.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. All settings are default set to protect your email addresses automatically with the best method available.\u003Cbr \u002F>\nIf you want to manually create protected mailto links, just use the shortcode (\u003Ccode>[wpml_mailto]\u003C\u002Fcode>) within your posts or use the template tags (\u003Ccode>wpml_mailto()\u003C\u002Fcode> or \u003Ccode>wpml_filter()\u003C\u002Fcode>) in your theme files.\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpml_mailto email=”…”]…[\u002Fwpml_mailto]`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your posts:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Cp>It’s also possible to add attributes to the mailto link, like a target:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com” target=”_blank”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpmt_protect]…[\u002Fwpmt_protect]`\u003C\u002Fh4>\n\u003Cp>Protect content using our plugin that is not encodedby default (E.g. some ajax loaded values):\u003Cbr \u002F>\n    [wpmt_protect]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Cp>It’s also possible to customize the encoding type using “protect_using”. Possible values: char_encode, strong_method, without_javascript, with_javascript:\u003Cbr \u002F>\n    [wpmt_protect protect_using=”…”]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Ch4>Template tag `wpml_mailto( $email [, $display] [, $attrs] )`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your template like:\n    \u003C\u002Fp>\n\u003Ch4>Template tag `wpml_filter( $content )`\u003C\u002Fh4>\n\u003Cp>Filter given content to protect mailto links, shortcodes and plain emails (according to the settings in admin):\n    \u003C\u002Fp>\n","Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.",9000,186787,92,33,"2023-09-22T16:55:00.000Z","6.2.9","4.7","5.3.2",[78,20,124,125,126],"email-address","hide","mailto","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mailto-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mailto-links.3.1.4.zip",62,2,"2025-09-22 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":96,"num_ratings":142,"last_updated":143,"tested_up_to":50,"requires_at_least":144,"requires_php":52,"tags":145,"homepage":18,"download_link":151,"security_score":152,"vuln_count":130,"unpatched_count":27,"last_vuln_date":153,"fetched_at":29},"bbpress-notify-nospam","bbPress Notify (No-Spam)","3.0.3","useStrict","https:\u002F\u002Fprofiles.wordpress.org\u002Fusestrict\u002F","\u003Cp>\u003Cstrong>bbPress Notify (No-Spam)\u003C\u002Fstrong> is the ultimate notification plugin for \u003Cstrong>bbPress\u003C\u002Fstrong> and \u003Cstrong>BuddyBoss\u003C\u002Fstrong> forums.\u003Cbr \u002F>\nIt replaces the limited default subscription system with a flexible, no-spam solution that gives your users \u003Cstrong>personalized, reliable email updates\u003C\u002Fstrong> about new topics and replies.\u003C\u002Fp>\n\u003Cp>Stop flooding inboxes. With bbpnns you control exactly who gets notified, when, and how. Perfect for community managers, membership sites, and anyone who wants professional-grade forum notifications.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>📧 \u003Cstrong>Send professional emails\u003C\u002Fstrong> — Choose HTML, plain text, or multipart with image support.\u003C\u002Fli>\n\u003Cli>🎯 \u003Cstrong>Target the right audience\u003C\u002Fstrong> — Notify by user roles (admins, moderators, members, etc.).\u003C\u002Fli>\n\u003Cli>🚀 \u003Cstrong>Faster performance\u003C\u002Fstrong> — Background notifications prevent post-submission timeouts.\u003C\u002Fli>\n\u003Cli>🧪 \u003Cstrong>Preview before sending\u003C\u002Fstrong> — Dry-run mode shows exactly who will receive notifications.\u003C\u002Fli>\n\u003Cli>🔌 \u003Cstrong>Developer-friendly\u003C\u002Fstrong> — Dozens of filters and actions for easy customization.\u003C\u002Fli>\n\u003Cli>✅ \u003Cstrong>BuddyBoss compatible\u003C\u002Fstrong> — Works out of the box with BuddyBoss forums.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fusestrict.net\u002Fbbpress-notify-no-spam-documentation\u002F\" rel=\"nofollow ugc\">📖 View the full documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 Looking for advanced features like digests, reply-by-email, and membership integrations? \u003Ca href=\"https:\u002F\u002Fusestrict.net\u002Fbbpress-notify-premium\u002F?utm_source=wporg-readme&utm_medium=plugin&utm_campaign=top\" rel=\"nofollow ugc\">See bbPress Notify Premium\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Premium Add-Ons\u003C\u002Fh3>\n\u003Cp>Take bbpnns to the next level with powerful extensions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Reply by Email\u003C\u002Fstrong> – Post new topics or replies directly from your inbox.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Mailer\u003C\u002Fstrong> – Send notifications to thousands of users reliably — no timeouts, no dropped emails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Digests\u003C\u002Fstrong> – Give users daily, weekly, or monthly summaries to reduce inbox noise.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Opt-Out\u003C\u002Fstrong> – One-click unsubscribe options for CAN-SPAM and CASL compliance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership & LMS Bridges\u003C\u002Fstrong> – Running a membership or LMS site? Keep notifications in sync with your access control layer. Supports BuddyPress, MemberPress, LearnDash, AccessAlly, Private Groups, and more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 Browse all premium add-ons here: \u003Ca href=\"https:\u002F\u002Fusestrict.net\u002Fbbpress-notify-premium\u002F?utm_source=wporg-readme&utm_medium=plugin&utm_campaign=bbpnns\" rel=\"nofollow ugc\">bbPress Notify Premium\u003C\u002Fa>\u003C\u002Fp>\n","Powerful, customizable email notifications for bbPress and BuddyBoss forums — without the spam.",3000,291519,39,"2026-03-11T19:58:00.000Z","3.1",[146,147,148,149,150],"bbpress","buddyboss","email-notification","forum-notifications","no-spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress-notify-nospam.3.0.3.zip",98,"2025-07-19 00:00:00",{"attackSurface":155,"codeSignals":193,"taintFlows":221,"riskAssessment":268,"analyzedAt":282},{"hooks":156,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":27,"unprotectedCount":27},[157,163,166,171,174,177,180,183,186],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","menu","emailtoimage.php",34,{"type":158,"name":164,"callback":165,"file":161,"line":142},"admin_notices","emailtoimageerr",{"type":167,"name":168,"callback":169,"file":161,"line":170},"filter","the_content","em",272,{"type":167,"name":172,"callback":169,"file":161,"line":173},"the_excerpt",273,{"type":167,"name":175,"callback":169,"priority":13,"file":161,"line":176},"comment_text",274,{"type":167,"name":178,"callback":169,"file":161,"line":179},"widget_text",275,{"type":167,"name":181,"callback":169,"file":161,"line":182},"author_email",276,{"type":167,"name":184,"callback":169,"file":161,"line":185},"comment_email",277,{"type":167,"name":187,"callback":169,"file":161,"line":188},"the_content_rss",278,[],[],[],[],{"dangerousFunctions":194,"sqlUsage":204,"outputEscaping":206,"fileOperations":208,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":220},[195,199,202],{"fn":196,"file":161,"line":197,"context":198},"create_function",109,"create_function(",{"fn":196,"file":161,"line":200,"context":201},117,"$xx = create_function(",{"fn":196,"file":161,"line":203,"context":198},127,{"prepared":27,"raw":27,"locations":205},[],{"escaped":207,"rawEcho":208,"locations":209},8,5,[210,213,215,217,218],{"file":161,"line":211,"context":212},75,"raw output",{"file":161,"line":214,"context":212},76,{"file":161,"line":216,"context":212},83,{"file":161,"line":34,"context":212},{"file":161,"line":219,"context":212},90,[],[222,253],{"entryPoint":223,"graph":224,"unsanitizedCount":208,"severity":252},"opt (emailtoimage.php:51)",{"nodes":225,"edges":247},[226,231,236,239,243,245],{"id":227,"type":228,"label":229,"file":161,"line":230},"n0","source","$_POST (x2)",57,{"id":232,"type":233,"label":234,"file":161,"line":129,"wp_function":235},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":237,"type":228,"label":238,"file":161,"line":211},"n2","$_SERVER['REQUEST_URI']",{"id":240,"type":233,"label":241,"file":161,"line":211,"wp_function":242},"n3","echo() [XSS]","echo",{"id":244,"type":228,"label":229,"file":161,"line":230},"n4",{"id":246,"type":233,"label":241,"file":161,"line":216,"wp_function":242},"n5",[248,250,251],{"from":227,"to":232,"sanitized":249},false,{"from":237,"to":240,"sanitized":249},{"from":244,"to":246,"sanitized":249},"medium",{"entryPoint":254,"graph":255,"unsanitizedCount":208,"severity":267},"\u003Cemailtoimage> (emailtoimage.php:0)",{"nodes":256,"edges":263},[257,258,259,260,261,262],{"id":227,"type":228,"label":229,"file":161,"line":230},{"id":232,"type":233,"label":234,"file":161,"line":129,"wp_function":235},{"id":237,"type":228,"label":238,"file":161,"line":211},{"id":240,"type":233,"label":241,"file":161,"line":211,"wp_function":242},{"id":244,"type":228,"label":229,"file":161,"line":230},{"id":246,"type":233,"label":241,"file":161,"line":216,"wp_function":242},[264,265,266],{"from":227,"to":232,"sanitized":249},{"from":237,"to":240,"sanitized":249},{"from":244,"to":246,"sanitized":249},"low",{"summary":269,"deductions":270},"The 'email-2-image' plugin v4.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interactions by exclusively using prepared statements and appears to have no known historical vulnerabilities, suggesting a generally stable and secure past. The absence of a large attack surface through AJAX, REST API, shortcodes, or cron events is also a significant strength.\n\nHowever, several concerns arise from the static analysis. The presence of 'create_function' is a notable risk, as this function is deprecated and can lead to severe security vulnerabilities if used with untrusted input. Additionally, a substantial portion of output (38%) is not properly escaped, creating a potential for cross-site scripting (XSS) vulnerabilities, especially if dynamic content is involved. The taint analysis also revealed flows with unsanitized paths, indicating potential issues with file handling or directory traversal if these paths are derived from user input.\n\nWhile the plugin has no recorded CVEs, the identified code signals like 'create_function' and unescaped output, coupled with unsanitized path flows, represent inherent risks that could be exploited. The lack of nonce and capability checks, though seemingly mitigated by a limited attack surface, still represents a weakness in general security hardening. In conclusion, while the plugin has a clean vulnerability history and good database practices, the identified code signals and taint analysis findings introduce specific risks that require attention.",[271,273,276,278,280],{"reason":272,"points":11},"Dangerous function 'create_function' used",{"reason":274,"points":275},"Significant unescaped output detected",7,{"reason":277,"points":207},"Taint flows with unsanitized paths",{"reason":279,"points":208},"Missing nonce checks",{"reason":281,"points":208},"Missing capability checks","2026-03-17T00:33:34.123Z",{"wat":284,"direct":290},{"assetPaths":285,"generatorPatterns":287,"scriptPaths":288,"versionParams":289},[286],"\u002Fwp-content\u002Fplugins\u002Femail-2-image\u002Fselect.jpg",[],[],[],{"cssClasses":291,"htmlComments":293,"htmlAttributes":295,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":310},[292],"colorpicker301",[294],"Copyright 2009  Arturo Emilio  (email : admin@arturoemilio.es)",[296],"onclick=\"showColorGrid3('txtcl','none');\"",[],[299,300,301,302,303,304,305,306,307,308,309],"getScrollY","gett6op6","getLeft6","nocol1","clos1","tt6","hm6","setCCbldID6","setCCbldSty6","putOBJxColor6","showColorGrid3",[]]