Email Mentioned Security & Risk Analysis
wordpress.org/plugins/email-mentionedEmail Mentioned is a lightweight customizable -no coding needed- plugin to send an email to each user mentioned in comments.
Is Email Mentioned Safe to Use in 2026?
Generally Safe
Score 100/100Email Mentioned has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "email-mentioned" plugin v1.11 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points significantly limits the potential attack surface. Furthermore, the plugin demonstrates good development practices by exclusively using prepared statements for its single SQL query, eliminating the risk of SQL injection through this vector. There are also no recorded vulnerabilities (CVEs) for this plugin, which is a positive indicator of its past security.
However, a significant concern arises from the output escaping. With only 25% of its outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic data displayed to users that originates from user input or other untrusted sources, and is not properly escaped, could be exploited to inject malicious scripts.
While the plugin has no file operations or external HTTP requests, and the taint analysis reveals no unsanitized flows, the low percentage of properly escaped outputs remains a critical weakness. The single capability check, while present, doesn't mitigate the XSS risk if the underlying data being output is not escaped. In conclusion, the plugin has a minimal attack surface and no known historical vulnerabilities, but the poor output escaping practices introduce a tangible risk that needs to be addressed.
Key Concerns
- Low percentage of properly escaped outputs
Email Mentioned Security Vulnerabilities
Email Mentioned Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Email Mentioned Attack Surface
WordPress Hooks 4
Maintenance & Trust
Email Mentioned Maintenance & Trust
Maintenance Signals
Community Trust
Email Mentioned Alternatives
Comments Users Mentions
comments-users-mentions
Allows to mention Wordpress users in a comment. The mentioned users will receive a notification email.
Twitter Mentions As Comments
twitter-mentions-as-comments
Twitter Mentions as Comments scours Twitter for people talking about your site & silently inserts their Tweets alongside your existing comments.
AtMention in Comments
atmention-in-comments
A plugin that enables you to mention @comment__author in comments.
Twitter mentions in posts
twitter-mentions-in-posts
Show tweets about your posts right under them.
Disqus Comment System
disqus-comment-system
Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.
Email Mentioned Developer Profile
3 plugins · 30 total installs
How We Detect Email Mentioned
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
email-mentioned/style.css?ver=email-mentioned/js/main.js?ver=HTML / DOM Fingerprints
Copyright Raúl Antón CuadradoES: Al publicar un comentario manda correos electrónicos a todos los citados por displaynameES: Obtiene el user id a través del display_nameES: Administración y opciones