Email Confirmation for Restrict Content Pro Security & Risk Analysis

wordpress.org/plugins/email-confirmation-for-restrict-content-pro

This plugin allow you to add a confirmation email field for Restrict Content Pro register form and use the email as username.

10 active installs v1.0.2 PHP + WP 5.0+ Updated Nov 11, 2021
registration-formrestric-pagesrestrict-accessrestrict-content-prorestrict-posts
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Email Confirmation for Restrict Content Pro Safe to Use in 2026?

Generally Safe

Score 85/100

Email Confirmation for Restrict Content Pro has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The plugin "email-confirmation-for-restrict-content-pro" version 1.0.2 exhibits a generally positive security posture. The static analysis reveals no direct entry points like AJAX handlers, REST API routes, or shortcodes that are left unprotected, and there are no reported CVEs, indicating a good history of security. The code also shows a commitment to secure practices with 100% of SQL queries using prepared statements and a capability check in place.

However, there are areas for concern. The output escaping is only at 33% proper, meaning a significant portion of output may be vulnerable to Cross-Site Scripting (XSS) if not handled correctly elsewhere. The taint analysis identified one flow with an unsanitized path, which, although not flagged as critical or high severity, still represents a potential risk if that path involves user-controlled input. The absence of nonce checks on any potential implicit entry points or the lack of explicit documentation for how all entry points are secured could also be a blind spot.

In conclusion, while the plugin has strengths in its lack of known vulnerabilities and secure SQL practices, the insufficient output escaping and the presence of an unsanitized path in the taint analysis warrant attention. Addressing these areas would further strengthen the plugin's security.

Key Concerns

  • Low output escaping rate
  • Unsanitized path identified in taint analysis
Vulnerabilities
None known

Email Confirmation for Restrict Content Pro Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Email Confirmation for Restrict Content Pro Release Timeline

v1.0
ver1.0.2
Code Analysis
Analyzed Apr 16, 2026

Email Confirmation for Restrict Content Pro Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
1 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

33% escaped3 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
av_ecrcp_add_email (emailconfirmation-rcp.php:63)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Email Confirmation for Restrict Content Pro Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 7
actionadmin_initemailconfirmation-rcp.php:22
actionadmin_noticesemailconfirmation-rcp.php:25
actionplugins_loadedemailconfirmation-rcp.php:43
actionwp_enqueue_scriptsemailconfirmation-rcp.php:55
actionrcp_before_register_form_fieldsemailconfirmation-rcp.php:74
actionrcp_form_errorsemailconfirmation-rcp.php:90
filterrcp_user_registration_dataemailconfirmation-rcp.php:99
Maintenance & Trust

Email Confirmation for Restrict Content Pro Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedNov 11, 2021
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Email Confirmation for Restrict Content Pro Developer Profile

Ángel Vilches

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Email Confirmation for Restrict Content Pro

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/email-confirmation-for-restrict-content-pro/css/emailconfirmation-rcp.css

HTML / DOM Fingerprints

Shortcode Output
<label for="rcp_user_email2">Email</label> <input name="rcp_user_email2" id="rcp_user_email2" class="required" type="text" />
FAQ

Frequently Asked Questions about Email Confirmation for Restrict Content Pro