[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQJWFDJX1gX87yw56_5tTPCt_Jp4TqoihqcT2Wzd3FFc":3,"$f5OMpQ7azpApL4PcmJa4xrwsvsDej7yGHvNk59XF0zL0":183,"$fYrETINEyGYXcgy8NZXdc_UOdFrTeRcmrSVaLawfxnuU":188},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":134,"fingerprints":162},"email-me","Email Me","1.0","robertkay","https:\u002F\u002Fprofiles.wordpress.org\u002Frobertkay\u002F","\u003Cp>Creates an email link from the shortcode [emailme] that spam bots don’t find.\u003Cbr \u002F>\nBy default it uses your wp admin email but you can specify as parameters either:\u003Cbr \u002F>\n  – ‘name’ (for the first portion of the email before the @ symbo)\u003Cbr \u002F>\n  – ‘addr’ for the full email\u003Cbr \u002F>\n  – ‘display’ for what the link should actually display in between the \u003Ca> tags.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If your wp-admin panel email (check your General Setting panel)\u003Cbr \u002F>\nis: info@freedomonlineservices.net then\u003Cbr \u002F>\nExamples: [emailme] => info@freedomonlineservices.net\u003Cbr \u002F>\n          [emailme name=’dave’] => dave@freedomonlineservices.net\u003Cbr \u002F>\n          [emailme addr=’someoneelse@somewhereelse.fake’] => someoneelse@somewhereelse.fake\u003Cbr \u002F>\n          [emailme display=”info at freedomonlineservices dot net”] => info at freedomonlineservices dot net (but linked to the actual email!)\u003Cbr \u002F>\nNote you can also set the ‘display’ option to an image tag if you use single quotes.\u003C\u002Fp>\n\u003Cp>More docs at http:\u002F\u002Ffreedomonlineservices.net\u002Fresources\u002Fhomegrown\u002Femailme-wp-plugin\u002F\u003Cbr \u002F>\nLive examples at http:\u002F\u002Fwww.freedomonlineservices.net\u002Fpluginshowroom\u002Femailme-plugin\u002F\u003C\u002Fp>\n","Creates an email link from the shortcode [emailme] that spam bots don't find. Has clever parameters for convenience...",30,2933,0,"2013-01-07T06:50:00.000Z","3.5.2","3.0.1","",[19,20,21,22],"email","javascript","obfuscate","shortlink","http:\u002F\u002Ffreedomonlineservices.net\u002Fresources\u002Fhomegrown\u002Femailme-wp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-me.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":33,"computed_at":34},3,90,84,"2026-05-20T06:55:41.396Z",[36,54,78,99,114],{"slug":37,"name":38,"version":39,"author":17,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":17,"tags":48,"homepage":51,"download_link":52,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":53},"hikari-email-url-obfuscator","Hikari Email & URL Obfuscator","0.08.10","https:\u002F\u002Fprofiles.wordpress.org\u002Fshidouhikari\u002F","\u003Cp>Spam is website publishers #1 concern, we wanna share our and our visitors’ emails to those who should have access to them, but don’t want spam harvesters stealing them and sending garbage to us. A lot of techniques had been developed to hide our emails from these delinquents, while having them shown to real people.\u003C\u002Fp>\n\u003Cp>And together with spam harvesting, on 15 June 2009, Matt Cutts, a well known software engineer of Google, announced that Google Bot will no longer ignore nofollowed links for PageRank, and now we lose PR\u002Flink juice for every link we add to our pages, even if we use rel=”nofollow” on them. So, now we must hide links from Search Engines too!\u003C\u002Fp>\n\u003Cp>I’ve been searching for an ultimate obfuscation solution for both emails and URLs, that would be user-friendly for me the content publisher, and for my visitors. I’ve seen a lot of solutions, some that inspired me, but none that would fit my needs. It was time to start coding 🙂\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002FHikari.ws\u002Femail-url-obfuscator\u002F\" rel=\"nofollow ugc\">Hikari Email & URL Obfuscator\u003C\u002Fa> plugin obfuscates emails and URL links, to hide them from spam harvesters and Search Endigne crawlers. It  uses ROT13 or cc8b to encode each link while PHP is building the page, then uses JavaScript to decode it and show it to the user. If JavaScript is not available, it uses CSS to hide them.\u003C\u002Fp>\n\u003Cp>It doesn’t use shortcodes, it works directly over HTML links, parsing and obfuscating them. By default it filters all texts in posts, comments, comments authors and text widgets, but you can manually use it anywhere you want.\u003C\u002Fp>\n\u003Cp>Basically, Hikari Email & URL Obfuscator plugin searches for links that contain URLs and emails on their \u003Ccode>href\u003C\u002Fcode> atrribute. For each found link, it is replaced by an obfuscated string, and a JavaScript function is called, having in its parameters the required data for JavaScript to decode and recreate the original link.\u003C\u002Fp>\n\u003Cp>The obfuscated string is then merged back by CSS to a readable URL\u002Femail text, so that human visitors can read it while spam harvesters and searchbots will not be able to detect it as a valid email\u002FURL.\u003C\u002Fp>\n\u003Cp>And, for JavaScript-enabled visitors, this string is replaced by a link with the exact same behavior and attributes of your original link, so that they can interact with it as if there was no obfuscation in place!\u003Cbr \u002F>\n(Really, there is no way to diferenciate an obfuscated link generated by JavaScript from the original link, unless the HTML document’ source is verified or a development tool as FireBug is used!)\u003C\u002Fp>\n\u003Cp>It uses 4 obfuscation techniques, 2 JavaScript solutions and 2 CSS alternatives for JavaScript-disabled browsers.\u003C\u002Fp>\n\u003Cp>For CSS, it may \u003Cem>revert\u003C\u002Fem> the link string while PHP is building the page and then CSS reverts it back. Or it may add garbage text between the link, and CSS prevents this extra text from being rendered, so any user-agent that doesn’t use CSS can’t find the link but browsers show it clearly.\u003C\u002Fp>\n\u003Cp>Now, when JavaScript is available, it is delivered with the original link, encoded using \u003Cstrong>ROT13\u003C\u002Fstrong> or \u003Cstrong>cc8b\u003C\u002Fstrong> by PHP. The link is then decoded back by JavaScript and added to the page, so that real users don’t even notice the original link was replaced.\u003C\u002Fp>\n\u003Cp>And, disregarding the used technique, we content publishers must do nothing different while building our content, just activate the plugin and it does everything else for us 🙂\u003C\u002Fp>\n\u003Cp>I dedicate Hikari Email & URL Obfuscator to \u003Cstrong>Ju\u003C\u002Fstrong>, my beloved frient ^-^\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cem>Works instantly, no need to edit your posts to have your links obfuscated\u003C\u002Fem>: Hikari Email & URL Obfuscator plugin automatically detects them and starts obfuscating as soon as it is activated.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unobstructive JavaScript\u003C\u002Fstrong>: links are obfuscated and shown for visitors with and without JavaScript, forget those “you must enabled javascript to see this email” messages!\u003C\u002Fli>\n\u003Cli>\u003Cem>They are real links!\u003C\u002Fem>: any attribute you can use in an \u003Ccode>\u003Ca>\u003C\u002Fcode> tag you also can use in obfuscated links (JavaScript version only).\u003C\u002Fli>\n\u003Cli>\u003Cem>Customization\u003C\u002Fem>: CSS doesn’t let we have real links, but we can at least choose if our obfuscated text will have email only, text only, or both!\u003C\u002Fli>\n\u003Cli>\u003Cem>XHTML 1.1 valid\u003C\u002Fem>: obfuscated links and JavaScript code are valid even in XHTML 1.1 standard. It makes the plugin valid inclusive in HTML 4.0, XHTML 1.0 Strict, XHTML 1.0 Transitional and HTML5!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advantages over other obfuscation solutions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Your visitors will see your emails and URLs \u003Cem>even if they keep JavaScript disabled\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>\u003Cem>Automatic\u003C\u002Fem>: you don’t need to take special actions to start obfuscating, as using shortcodes in place of links or an external tool to get your obfuscation code. Just normally use your links in your posts and let the plugin do the rest!\u003C\u002Fli>\n\u003Cli>\u003Cem>Sitewide\u003C\u002Fem>: instantly works in your existing posts, pages, comments and text widgets, just after you activate it.\u003C\u002Fli>\n\u003Cli>\u003Cem>Diversity\u003C\u002Fem>: for each link, it randomly chooses between 2 CSS and 2 JavaScript obfuscation methods, making it harder for spammers to crack it.\u003C\u002Fli>\n\u003Cli>\u003Cem>Extensible\u003C\u002Fem>: you can call it manually, and add it to other plugins and themes filters.\u003C\u002Fli>\n\u003Cli>\u003Cem>Customizable\u003C\u002Fem>: use custom parameters to force or avoid specific links from being obfuscated, and to define how non-JavaScript obfuscation will behave.\u003C\u002Fli>\n\u003C\u002Ful>\n","Email and normal links are obfuscated, hiding them from spambots. It automatically encodes each link, then uses JavaScript to decode and show them.",50,18640,"2010-10-14T05:01:00.000Z","3.0.5","2.8.0",[19,20,21,49,50],"page-rank","spam","http:\u002F\u002FHikari.ws\u002Femail-url-obfuscator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhikari-email-url-obfuscator.zip","2026-04-06T09:54:40.288Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":17,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":13,"last_vuln_date":77,"fetched_at":27},"email-address-obfuscation","Email Address Obfuscation","1.2.0","Neotrendy","https:\u002F\u002Fprofiles.wordpress.org\u002Fneotrendy\u002F","\u003Cp>A lightweight plugin that protects email addresses from email-harvesting bots, by converting email addresses characters to HTML entities. Hide email from Spam Bots using a shortcode \u003Ccode>[obfuscate_email]\u003C\u002Fcode> and built-in WordPress function \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fantispambot\u002F\" title=\"antispambot\" rel=\"nofollow ugc\">antispambot()\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate plain email address\u003C\u002Fli>\n\u003Cli>Obfuscate href mailto link in HTML anchor element\u003C\u002Fli>\n\u003Cli>Support for custom CSS class\u003C\u002Fli>\n\u003Cli>Support for email subject\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Obfuscate plain email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Create clickable email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Add CSS class to the HTML anchor element\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true class=\"my-class another-class\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Obfuscate email address with email subject\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email='your@email.com?subject=My custom email subject']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode parameter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> required – Email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>link\u003C\u002Fcode> optional – Set true if you want to create clickable email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> optional – Add space separated list of classes.\u003C\u002Fli>\n\u003C\u002Ful>\n","Email Address Obfuscation prevents email harvesting by hiding email address appearing in your pages, while remaining visible to your site visitors.",2000,10983,100,4,"2025-11-28T10:30:00.000Z","6.9.4","2.5","5.6",[71,19,21,72,73],"anti-spam","obfuscation","protect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-obfuscation.1.2.0.zip",99,1,"2024-12-03 23:42:14",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":17,"tags":93,"homepage":96,"download_link":97,"security_score":75,"vuln_count":76,"unpatched_count":13,"last_vuln_date":98,"fetched_at":27},"pixelines-email-protector","Pixeline's Email Protector","1.4.0","pixeline","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixeline\u002F","\u003Cp>This plugin provides an unobtrusive yet efficient protection against email harvesters \u002F spambots. Here is a \u003Ca href=\"https:\u002F\u002Fpixeline.be\u002Fblog\u002Femail-protector-demo-4258.html\" rel=\"nofollow ugc\">demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Post\u002Fpage authors may write email addresses in their article in the usual format (“john@doe.com”) without exposing them to spam email harvesters. The plugin takes care of the obfuscation, implementing a graceful degradation technique focusing on usability so as to protect your email addresses from harvesters while keeping them usable to your human visitors.\u003C\u002Fp>\n\u003Cp>The plugin replaces any email address found in posts, pages, comments and excerpts, and replace them by a bit of html markup that should deceive most email harvesters: \u003Ccode>\u003Cspan class=\"email\">john(replace the parenthesis by @)doe.com\u003C\u002Fspan>\u003C\u002Fcode>.\u003Cbr \u002F>\nIf javascript is available, it will display a clickable link and display the original email to the human user. Maximum usability, maximum protection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpixelines-email-protector\u002F\" rel=\"ugc\">rate the plugin\u003C\u002Fa> if you like it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Write your email addresses inside your posts and pages as usual. When the plugin is activated, it will replace them by a human-readable html string that explains how to deduce the email address, and if javascript is available (99.9% of the time), the original email address will be displayed as a clickable mailto: link. For example:\u003Cbr \u002F>\n    Hello john@doe.com. How are you today?\u003Cbr \u002F>\nwill become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Cp>Additionally, you can specify what the mailto: link should look like by sticking a parenthesis inside of which you put the visible link text, like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Hello john@doe.com(John Doe). How are you today?\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>will become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Ch4>inside a theme\u003C\u002Fh4>\n\u003Cp>If you need to protect emails inside your Theme’s files (like the footer.php for example), you can use the function safe_email() like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode> echo safe_email('you@domain.com'); \u003Ch3>Contribute\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Github repo: https:\u002F\u002Fgithub.com\u002Fpixeline\u002Fpixeline-email-protector\u003C\u002Fp>\n","Write email addresses without worrying about spambots and email harvesters.",900,21586,86,8,"2025-09-06T20:47:00.000Z","6.8.5","2.7",[94,19,95,21,50],"address","harvest","https:\u002F\u002Fpixeline.be","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixelines-email-protector.1.4.0.zip","2025-09-09 00:00:00",{"slug":100,"name":101,"version":6,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":43,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":107,"tested_up_to":108,"requires_at_least":16,"requires_php":17,"tags":109,"homepage":17,"download_link":113,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"tg-email-protection","TG Email Protection","Ashok Dhamija","https:\u002F\u002Fprofiles.wordpress.org\u002Fashokdhamija\u002F","\u003Cp>Unsolicited email or email spam is a huge problem that netizens have to face on daily basis. It is estimated that about 90% of all emails sent are spam mails. It was estimated that spam cost businesses to the order of $100 billion in the year 2007 [source: Wikipedia]. Spammers use email harvesting spambots or email spider software to automatically collect email addresses displayed on websites. Therefore, displaying email addresses on your websites can be an invitation to the spammers to collect your email addresses and then start sending you spam mail. At the same, it may be necessary to show your contact email addresses to the genuine visitors to your website. So, what is the solution?\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides a solution to this issue. Obfuscate or hide the email addresses from the spambots or email spider software, while at the same time displaying the same email addresses to the genuine visitors. Thus, while genuine visitors can see your contact and support email addresses and other email addresses displayed on your websites, the email spider software and spambots cannot automatically harvest your email addresses. For this to happen, obfuscation is used to hide the email addresses included in your WordPress website or blog from spambots and email spider software. This plugin uses different methods to achieve this twin objective in order to fight spam mail and to protect your email addresses. More methods of obfuscating email addresses to conceal them from email spambots may be added to the plugin in future.\u003C\u002Fp>\n\u003Cp>How does the plugin obfuscate an email address? In fact, the plugin uses fast and efficient search of the content being delivered, to search for all email addresses in your content and then to obfuscate them on-the-fly. It happens whenever a page is about to be delivered to your visitor. The contents of your database are NOT changed by the plugin. What the plugin does is something like this: when a visitor requests a post or page to be displayed in the browser (by visiting its URL), WordPress extracts the relevant contents from the database; it is at this time that this plugin steps in and filters these contents in a fast and efficient manner, searching and obfuscating the email addresses found in such contents which have already been extracted or copied from the database. Thus, the contents of your database are not changed at all by this plugin. Only the (copy of the) contents being shown to the visitors are shown in a different (obfuscated) manner. While the visitor will still see the email address as usual, it will be obfuscated or hidden from the email spambots and spider software.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Two options to obfuscate email addresses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin offers two different options for obfuscating your email addresses, while at the same time displaying them to the genuine visitors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select to automatically obfuscate all email addresses shown on your website. When this option is selected, the plugin will obfuscate all email addresses in your content being delivered to the visitors on-the-fly. When this option is selected, you may still separately and individually disable (or enable) obfuscation of email addresses from specific parts of your contents being delivered, such as the main contents, title, excerpts and comments of the post or page, and also from the blog description \u002F information and widget texts. Email addresses in mailto: format are also supported with this option.\u003C\u002Fli>\n\u003Cli>Use a shortcode to selectively protect or obfuscate each individual email address that you want. Shortcode can be used only when the above setting for automatic obfuscation of email addresses on the website is NOT selected; otherwise, shortcode will NOT do anything. So, please use shortcode only with this understanding. This is for the obvious reason that where you have already selected the option to obfuscate all email addresses on your website, all email addresses are in any case being obfuscated so that there is no need to use shortcode to obfuscate an individual email address.  To use shortcode, use format like this: [tgemail]person@example.com[\u002Ftgemail], where person@example.com is the email being obfuscated. Put this shortcode in any of your posts, pages or widgets, wherever you want to display the email address. Please do NOT use shortcode for email in mailto: format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Additional options of changing @ and . (DOT) symbols in email addresses:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>TG Email Protection plugin provides you an additional (optional) measure to further obfuscate the email addresses by replacing the @ and . (DOT) symbols in email addresses by something like ‘ (AT) ‘ and ‘ (DOT) ‘ respectively or some other similar text to be chosen by you. While a user can obviously understand what such text stands for, an email spambot may not be able to know that, more so if you use your own custom text which can properly explain its purpose of replacing the @ and . (DOT) symbols in email addresses.\u003C\u002Fp>\n\u003Cp>Once installed, the settings of the TG Email Protection plugin would be available for being changed from the ‘TG Email Protection’ option in the ‘Settings’ menu on the admin screen (back-end) of your WordPress website or blog.\u003C\u002Fp>\n\u003Cp>Detailed instructions have been provided on the settings \u002F options page of TG Email Protection plugin in the admin area. Each setting has been explained in detail.\u003C\u002Fp>\n\u003Cp>You can use this plugin and test the results of obfuscating the email addresses from spambots. In our extensive tests conducted with several email spiders and spambot software, we have found that this plugin is completely successful in hiding the email addresses from the spammers by using innovative and randomized techniques.\u003C\u002Fp>\n\u003Cp>This plugin works on all WordPress websites or blogs. It is a very light-weight plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About the plugin and our other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has been developed by \u003Ca href=\"http:\u002F\u002Ftilakmarg.com\u002Fdr-ashok-dhamija\u002F\" rel=\"nofollow ugc\">Ashok Dhamija\u003C\u002Fa>, who has also developed few other plugins, such as the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-facebook-comments\u002F\" rel=\"ugc\">TG Facebook Comments\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-copy-protection\u002F\" rel=\"ugc\">TG Copy Protection\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftg-customized-tags\u002F\" rel=\"ugc\">TG Customized Tags\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect email addresses from being harvested by spammers and spambots, obfuscating them. Your visitors can still see email addresses.",2320,"2015-08-12T02:33:00.000Z","4.2.39",[19,110,111,21,112],"email-obfuscation","email-protection","obfuscator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftg-email-protection.1.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":64,"num_ratings":76,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":132,"download_link":133,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"cf7-support-deprecated-settings","Contact Form 7: Support Deprecated Settings","0.4","Dave McHale","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmchale\u002F","\u003Cp>Contact Form 7 no longer supports the \u003Ccode>on_sent_ok\u003C\u002Fcode> and \u003Ccode>on_submit\u003C\u002Fcode> settings available on the Additional Settings screen as of version 5.0 of CF7. Both settings were deprecated before this release, which was why this plugin was first created. \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002Fadditional-settings\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fcontactform7.com\u002Fadditional-settings\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is meant to be a band-aid to quickly get your Additional Settings working. It reads the Additional Settings data and adds a javascript block when the form is output on the page, using DOM Events as suggested by the CF7 author. \u003Ca href=\"https:\u002F\u002Fcontactform7.com\u002Fdom-events\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fcontactform7.com\u002Fdom-events\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Provide continued support for on_sent_ok and on_submit within Contact Form 7's Additional Settings",10,1587,"2018-02-02T21:38:00.000Z","4.9.29","4.0","5.3",[129,130,19,131,20],"contact","contact-form","form","https:\u002F\u002Fgithub.com\u002Fdmchale\u002Fcf7-support-deprecated-settings","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-support-deprecated-settings.0.4.zip",{"attackSurface":135,"codeSignals":146,"taintFlows":153,"riskAssessment":154,"analyzedAt":161},{"hooks":136,"ajaxHandlers":137,"restRoutes":138,"shortcodes":139,"cronEvents":145,"entryPointCount":76,"unprotectedCount":13},[],[],[],[140],{"tag":141,"callback":142,"file":143,"line":144},"emailme","shortcode_email","emailme.php",34,[],{"dangerousFunctions":147,"sqlUsage":148,"outputEscaping":150,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":152},[],{"prepared":13,"raw":13,"locations":149},[],{"escaped":13,"rawEcho":13,"locations":151},[],[],[],{"summary":155,"deductions":156},"The \"email-me\" v1.0 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and proper output escaping are excellent indicators of secure coding practices. Furthermore, the plugin has no recorded vulnerabilities, including CVEs, which suggests a history of secure development or effective patching.\n\nHowever, the analysis reveals a significant area of concern: the lack of nonce and capability checks across all entry points. While the attack surface is currently small, with only one shortcode and no AJAX handlers or REST API routes, this absence of authentication and authorization checks creates a potential weakness. If the shortcode's functionality were to be expanded or new, unprotected entry points were introduced in future versions without these checks, it could lead to unauthorized actions or data exposure.\n\nIn conclusion, while the current version of \"email-me\" is likely secure due to its limited functionality and lack of known vulnerabilities, its reliance on unchecked entry points presents a latent risk. The developers should prioritize implementing robust nonce and capability checks on all shortcodes and any future additions to the plugin's attack surface to ensure continued security.",[157,159],{"reason":158,"points":122},"Missing nonce checks on entry points",{"reason":160,"points":122},"Missing capability checks on entry points","2026-03-16T22:37:39.543Z",{"wat":163,"direct":168},{"assetPaths":164,"generatorPatterns":165,"scriptPaths":166,"versionParams":167},[],[],[],[],{"cssClasses":169,"htmlComments":170,"htmlAttributes":172,"restEndpoints":173,"jsGlobals":174,"shortcodeOutput":178},[],[171],"\u003C!-- -->",[],[],[175,176,177],"var name","var domain","var disp",[179,180,181,182],"\u003Cscript language=\"JavaScript\">","document.write(\"\u003Ca href=\\\"mailto:\" + name + \"@\" + domain + \"\\\">\");","document.write(disp + \"\u003C\u002Fa>\");","\u003C\u002Fscript>",{"error":184,"url":185,"statusCode":186,"statusMessage":187,"message":187},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Femail-me\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":189},[]]