[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWJjGKFsHGg9nUUMc9qo3oRh1fVFIv3ut00na-VdB5E8":3,"$f9fnffGo2JJ3zzQpvMOYokKppLN9br_88mwd-kArMUj0":213,"$fFsv_b9HUKKu_57Rpiwul4ixNNoynNddA1-iz_eA5OdA":218},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":35,"analysis":138,"fingerprints":192},"email-trap","Email Trap","1.0.1","soliddigital","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoliddigital\u002F","\u003Cp>An email trap that sends emails to the address of your choice. Built for use on staging or development environments, to stop WordPress or its plugins from sending emails out to anyone except the site administrator. Good for testing aspects of your WordPress site that rely emails being sent.\u003C\u002Fp>\n\u003Cp>To use the plugin, simply activate it.\u003C\u002Fp>\n\u003Cp>You can dynamically disable the plugin using the email_trap_enable filter.\u003C\u002Fp>\n","An email trap that sends emails to one address of your choice (the WP Admin Email by default).",0,1050,"2021-04-03T06:17:00.000Z","5.7.15","3.7","",[18,19,20],"email","security","trap","http:\u002F\u002Fsoliddigital.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-trap.1.0.1.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},6,470,93,30,89,"2026-05-20T02:36:43.553Z",[36,62,81,100,119],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":23,"vuln_count":59,"unpatched_count":11,"last_vuln_date":60,"fetched_at":61},"aryo-activity-log","Activity Log – Monitor & Record User Changes","2.11.2","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cstrong>AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If someone is trying to hack your site\u003C\u002Fli>\n\u003Cli>When a post was published, and who published it\u003C\u002Fli>\n\u003Cli>If a plugin\u002Ftheme was activated\u002Fdeactivated\u003C\u002Fli>\n\u003Cli>Suspicious admin activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.\u003C\u002Fp>\n\u003Cp>If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New! Introducing Email Logging\u003C\u002Fstrong> – Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Export to CSV\u003C\u002Fstrong> – Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Privacy and GDPR Compliance\u003C\u002Fstrong> – We provide the tools to help you adhere to GDPR compliance standards, including Export\u002FErasure of data via the WordPress Privacy Tools.\u003C\u002Fp>\n\u003Ch3>With the Activity Log you can record:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> – Core updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pages\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tags\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomies\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menus\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comments\u003C\u002Fstrong> – Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – Login, logout, login failed, update profile, registered, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins\u003C\u002Fstrong> – Installed, updated, activated, deactivated, changed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Themes\u003C\u002Fstrong> – Installed, updated, deleted, activated, changed (Editor and Customizer)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets\u003C\u002Fstrong> – Added to sidebar, deleted from sidebar, order widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setting\u003C\u002Fstrong> – General, writing, reading, discussion, media, permalinks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options\u003C\u002Fstrong> – Extended custom settings for 3rd party plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u003C\u002Fstrong> – Exported activity log file\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Track products, orders, customers, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Forums, topics, replies, taxonomies, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emails sent from WordPress site\u003C\u002Fstrong> – Sending successful, sending failed\u003C\u002Fli>\n\u003Cli>There’s more, of course, but you get the point…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each event recorded by the activity log, the following details are also logged:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date and time of occurrence\u003C\u002Fli>\n\u003Cli>User and user role responsible for the change\u003C\u002Fli>\n\u003Cli>Source IP address from which the change originated\u003C\u002Fli>\n\u003Cli>Affected object where the change occurred\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin doesn\\’t require any kind of setup; it works right out of the box (just another reason people love it)!\u003C\u002Fp>\n\u003Ch3>Data Storage and Performance Optimization\u003C\u002Fh3>\n\u003Cp>In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website’s performance, ensuring seamless operation even during peak traffic periods.\u003C\u002Fp>\n\u003Ch3>Uninstall Clean-up\u003C\u002Fh3>\n\u003Cp>We understand the importance of maintaining a clean and efficient database environment. That’s why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What users have to say\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>“Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fblog.hubspot.com\u002Fwebsite\u002F8-best-plugins-tracking-user-activity-wordpress\" rel=\"nofollow ugc\">HubSpot.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Fplugins\u002Fwordpress-activity-log-plugins\u002F\" rel=\"nofollow ugc\">WPAstra.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.malcare.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Malcare.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Fbest-free-wordpress-plugins-july-2014\" rel=\"nofollow ugc\">ManageWP.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fartdriver.com\u002Fblog\u002Fwordpress-site-hacked-solution-time\" rel=\"nofollow ugc\">Artdriver.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.freshtechtips.com\u002F2014\u002F01\u002Fbest-audit-trail-plugins-for-wordpress.html\" rel=\"nofollow ugc\">FreshTechTips.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Ftips-tricks\u002F5-best-ways-to-monitor-wordpress-activity-via-the-dashboard\" rel=\"nofollow ugc\">ElegantThemes.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributions:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Would you like to contribute to this plugin?\u003C\u002Fstrong> You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpojome\u002Factivity-log\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. And, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.",200000,4007371,86,74,"2024-11-12T14:55:00.000Z","6.7.5","6.0","7.0",[53,54,55,19,56],"activity-log","audit-log","email-log","user-log","https:\u002F\u002Factivitylog.io\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faryo-activity-log.2.11.2.zip",9,"2024-11-20 17:10:23","2026-04-16T10:56:18.058Z",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":11,"num_ratings":11,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":16,"tags":75,"homepage":79,"download_link":80,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":61},"update-notifier","Update Notifier","1.4.1","Jon Cave","https:\u002F\u002Fprofiles.wordpress.org\u002Fduck_\u002F","\u003Cp>If you don’t check your admin panel on your WordPress install very often (maybe because you prefer to use remote publishing) or you want to make sure\u003Cbr \u002F>\nthat your clients’ WordPress installations are updated, then this is the plugin for you. You don’t have to login to your admin panel regularly,\u003Cbr \u002F>\nsuscribe to an RSS feed, or do anything apart from installing this plugin to be notified when an update to WordPress is released.\u003C\u002Fp>\n\u003Cp>All you have to do is install Update Notifier and forget it until you receive an email telling you to update.\u003C\u002Fp>\n\u003Cp>To change Update Notifier’s options, go to Update Notifier under the main Settings menu. From there you can add a secondary email address\u003Cbr \u002F>\nwhich will also receive update notifications and you can activate update notifications for themes and plugins.\u003C\u002Fp>\n","Sends email notifications if a new version of WordPress available. Notifications about updates for plugins and themes can also be sent.",700,18185,"2010-09-20T12:13:00.000Z","3.0.5","3.0",[76,18,77,19,78],"admin","notification","upgrade","http:\u002F\u002Flionsgoroar.co.uk\u002Fwordpress\u002Fupdate-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notifier.1.4.1.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":91,"num_ratings":29,"last_updated":92,"tested_up_to":51,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":98,"download_link":99,"security_score":91,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":61},"host-header-injection-fix","Host Header Injection Fix","3.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>👉 Enables custom headers for WP email notifications\u003C\u002Fp>\n\u003Cp>👉 Also provides a “set it and forget it” security fix for WP \u003C 5.5\u003C\u002Fp>\n\u003Cp>👉 Uses only 50KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As of WordPress 5.5, this plugin no longer is necessary to fix the \u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">host-header security issue\u003C\u002Fa> reported in \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">Ticket #25239\u003C\u002Fa> \u003Cstrong>finally\u003C\u002Fstrong> is fixed, and mentioned in this post \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2020\u002F07\u002Fwordpress-5-5-beta-4\u002F\" rel=\"ugc\">WordPress 5.5 Beta 4\u003C\u002Fa>. Thank You WordPress devs!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is this plugin still useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Yes, it enables you to choose the “From”, “Name”, and “Return-Path” headers for all WP notification emails. And for versions of WordPress less than 5.5, this plugin continues to fix the host-header injection security issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This simple plugin does three things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sets custom From, Name, and Return-Path for WP notifications\u003C\u002Fli>\n\u003Cli>Fixes a security vulnerability in WordPress versions \u003C 5.5\u003C\u002Fli>\n\u003Cli>Fixes a bug where invalid email addresses may be generated (in WordPress versions \u003C 5.5)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Choose from the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use WordPress defaults (insecure for WP \u003C 5.5)\u003C\u002Fli>\n\u003Cli>Use “Email Address” from WP General Settings\u003C\u002Fli>\n\u003Cli>Use a custom name and address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plus there is an option to use the specified From address as the Return-Path header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The security issue fixed by this plugin has been known about since way back in WordPress version 2.3. There has been some talk about fixing, but nothing has been implemented. While the issue does not affect all sites, it does affect a good percentage of them, including some of my own projects. So, not wanting to get hacked, I decided to write my own solution. Hopefully this issue gets fixed in a future version of WordPress, and this plugin will become unnecessary.\u003C\u002Fp>\n\u003Cp>As a bonus, setting an explicit From address resolves a long-standing bug whereby an invalid email address is generated under the following conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A “From” address is not set, \u003C\u002Fli>\n\u003Cli>And the \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> is empty\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So by explicitly setting a “From” address, we prevent this bug from happening.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Issue\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>What is the security issue addressed by this plugin? Follows is a quick summary. To learn more in-depth, check out the resources linked in the next section.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP uses \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> to set the “From” header in email notifications\u003C\u002Fli>\n\u003Cli>This includes sensitive email notifications like password resets and user registration\u003C\u002Fli>\n\u003Cli>In some cases, an attacker could modify the “From” header and intercept the email\u003C\u002Fli>\n\u003Cli>Using the intercepted email, an attacker could gain access to your site and wreak havoc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Infos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This security vulnerability is well-known and has been around for a looong time. To learn more, check out these articles:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">WP Core Trac Ticket\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">Exploit Box Info\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.exploit-db.com\u002Fexploits\u002F41963\" rel=\"nofollow ugc\">Exploit Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Host Header Injection Fix is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Sets custom headers for WP notification emails. Also fixes a security issue with WP versions \u003C 5.5.",500,25533,100,"2026-03-27T17:15:00.000Z","4.7","5.6.20",[18,96,97,77,19],"headers","injection","https:\u002F\u002Fperishablepress.com\u002Fhost-header-injection-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-header-injection-fix.3.5.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":91,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":74,"requires_php":16,"tags":113,"homepage":117,"download_link":118,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":61},"mailtrap-for-wp","Mailtrap for WordPress","0.7","Eduardo Marcolino","https:\u002F\u002Fprofiles.wordpress.org\u002Feduardomarcolino\u002F","\u003Cp>\u003Cstrong>IMPORTANT: This is a 3d party and non-official plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin allows you to send all emails to your Mailtrap.io account.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fmailtrap.io\" rel=\"nofollow ugc\">Mailtrap\u003C\u002Fa> is a fake SMTP server solution that allows testing email notifications without sending them to the real users of your application. Not only does Mailtrap work as a powerful email test tool, it also lets you view your dummy emails online, forward them to your regular mailbox, share with the team and more! Mailtrap is a mail server test tool built by Railsware Products, Inc., a premium software development consulting company.\u003C\u002Fp>\n","Easily test your wordpress emails without spamming real customers using mailtrap.io.",400,21136,3,"2020-11-21T10:55:00.000Z","5.5.18",[18,114,115,101,116],"email-test","mailtrap","smtp","http:\u002F\u002Feduardomarcolino.com\u002Fplugins\u002Fmailtrap-for-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailtrap-for-wp.0.7.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":108,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":14,"requires_at_least":131,"requires_php":16,"tags":132,"homepage":136,"download_link":137,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":61},"wp-pgp-encrypted-emails","WP PGP Encrypted Emails","0.8.0","Meitar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeitar\u002F","\u003Cp>WP PGP Encrypted Emails can automatically sign and encrypt any email that WordPress sends to your site’s admin email address or your users’s email addresses. You give it a copy of the recipient’s OpenPGP public key and\u002For their S\u002FMIME certificate, and it does the rest. You can even automatically generate an OpenPGP signing keypair for your site to use.\u003C\u002Fp>\n\u003Cp>Encrypting outgoing emails protects your user’s privacy by ensuring that emails intended for them can be read only by them, and them alone. Moreover, signing those emails helps your users verify that email they receive purporting to be from your site was \u003Cem>actually\u003C\u002Fem> sent by your server, and not some imposter. If you’re a plugin or theme developer, you can encrypt and\u002For sign \u003Cem>arbitrary data\u003C\u002Fem> using this plugin’s OpenPGP and S\u002FMIME APIs, which are both built with familiar, standard WordPress filter hooks. This enables you to develop highly secure communication and publishing tools fully integrated with your WordPress install. See the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002F#readme\" rel=\"nofollow ugc\">\u003Ccode>README.markdown\u003C\u002Fcode>\u003C\u002Fa> file for details on cryptographic implementation and API usage.\u003C\u002Fp>\n\u003Cp>\u003Cem>Donations for this and my other free software plugins make up a chunk of my income. If you continue to enjoy this plugin, please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. 🙂 Thank you for your support!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Plugin features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Processes \u003Cem>all\u003C\u002Fem> email your site generates, automatically and transparently.\u003C\u002Fli>\n\u003Cli>Configure outbound signing: sign email sent to \u003Cem>all\u003C\u002Fem> recipients, or just savvy ones.\u003C\u002Fli>\n\u003Cli>Per-user encryption keys and certificates; user manages their own OpenPGP keys and S\u002FMIME certificates.\u003C\u002Fli>\n\u003Cli>Compatible with thousands (yes, thousands) of third-party contact form plugins.\u003C\u002Fli>\n\u003Cli>Full interoperability with all standards-compliant OpenPGP and S\u002FMIME implementations.\u003C\u002Fli>\n\u003Cli>Options to enforce further privacy best practices (e.g., removing \u003Ccode>Subject\u003C\u002Fcode> lines).\u003C\u002Fli>\n\u003Cli>Fully multisite compatible, out of the box. No additional configuration for large networks!\u003C\u002Fli>\n\u003Cli>No binaries to install or configure; everything you need is in the plugin itself.\u003C\u002Fli>\n\u003Cli>Bells and whistles included! For instance, visitors can encrypt comments on posts so only the author can read them.\u003C\u002Fli>\n\u003Cli>Built-in, customizable integration with popular third-party plugins, such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Always \u003Cstrong>FREE\u003C\u002Fstrong>. Replaces paid email encryption “upgrades,” and gets rid of yearly subscription fees. (\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">Donations\u003C\u002Fa> appreciated!)\u003C\u002Fli>\n\u003Cli>And \u003Cem>more\u003C\u002Fem>, of course. 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin works transparently for \u003Cem>all email\u003C\u002Fem> your site generates, and will also sign and encrypt outgoing email generated by other plugins (such as contact form plugins) or the built-in WordPress notification emails. All you have to do is add one or more OpenPGP keys or an S\u002FMIME certificate to the Email Encryption screen (WordPress Admin Dashboard → Settings → Email Encryption). Each user can opt to also remove envelope information such as email subject lines, which encryption schemes cannot protect. With this plugin, there’s no longer any need to pay for the “pro” version of your favorite contact form plugin to get the benefit of email privacy.\u003C\u002Fp>\n\u003Cp>Each of your site’s users can supply their own, personal OpenPGP public key and\u002For X.509 S\u002FMIME certificate for their own email address to have WordPress automatically encrypt any email destined for them. (They merely need to update their user profile.) They can choose which encryption method to use. Once set up, all future emails WordPress sends to that user will be encrypted using the standards-based OpenPGP or S\u002FMIME technologies.\u003C\u002Fp>\n\u003Cp>The OpenPGP-encrypted emails can be decrypted by any OpenPGP-compatible mail client, such as \u003Ca href=\"https:\u002F\u002Fgpgtools.org\u002F\" rel=\"nofollow ugc\">MacGPG\u003C\u002Fa> (macOS), \u003Ca href=\"https:\u002F\u002Fwww.gpg4win.org\u002F\" rel=\"nofollow ugc\">GPG4Win\u003C\u002Fa> (Windows), \u003Ca href=\"https:\u002F\u002Fwww.enigmail.net\u002F\" rel=\"nofollow ugc\">Enigmail\u003C\u002Fa> (cross-platform), \u003Ca href=\"https:\u002F\u002Fopenkeychain.org\u002F\" rel=\"nofollow ugc\">OpenKeychain\u003C\u002Fa> (Android), or \u003Ca href=\"https:\u002F\u002Fipgmail.com\u002F\" rel=\"nofollow ugc\">iPGMail\u003C\u002Fa> (iPhone\u002FiOS). For more information on reading encrypted emails, generating keys, and other uses for OpenPGP-compatible encryption, consult any (or all!) of the following guides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fssd.eff.org\u002Fen\u002Fmodule\u002Fintroduction-public-key-cryptography-and-pgp\" rel=\"nofollow ugc\">The Electronic Frontier Foundation’s Surveillance Self-Defense guide to PGP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhelp.riseup.net\u002Fen\u002Fgpg-best-practices\" rel=\"nofollow ugc\">RiseUp.net’s OpenPGP best practices guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.openpgp.org\u002F\" rel=\"nofollow ugc\">OpenPGP.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The S\u002FMIME-encrypted emails can be decrypted by any S\u002FMIME-compatible mail client. These include \u003Ca href=\"http:\u002F\u002Fsiber-sonic.com\u002Fmac\u002FMailSMIME\u002F\" rel=\"nofollow ugc\">Apple’s Mail on macOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-au\u002FHT202345\" rel=\"nofollow ugc\">iOS for iPhone and iPad\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fsupport.office.com\u002Fen-us\u002Farticle\u002FEncrypt-messages-by-using-S-MIME-in-Outlook-Web-App-2E57E4BD-4CC2-4531-9A39-426E7C873E26\" rel=\"nofollow ugc\">Microsoft Outlook\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.claws-mail.org\u002Ffaq\u002Findex.php\u002FS\u002FMIME_howto\" rel=\"nofollow ugc\">Claws Mail for GNU\u002FLinux\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>For developers, WP PGP Encrypted Emails provides \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#openpgp-api\" rel=\"nofollow ugc\">an easy to use API to both OpenPGP\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#smime-api\" rel=\"nofollow ugc\">S\u002FMIME\u003C\u002Fa> encryption, decryption, and integrity validation operations through the familiar \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\" rel=\"nofollow ugc\">WordPress plugin API\u003C\u002Fa> so you can use this plugin’s simple filter hooks to build custom OpenPGP- or S\u002FMIME-based encryption functionality into your own plugins and themes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security is a process, not a product. Using WP PGP Encrypted Emails does not guarantee that your site’s outgoing messages are invulnerable to every attacker, in every possible scenario, at all times. No single security measure, in isolation, can do that.\u003C\u002Fp>\n\u003Cp>Do not rely solely on this plugin for the security or privacy of your webserver. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-pgp-encrypted-emails\u002Ffaq\u002F\" rel=\"ugc\">Frequently Asked Questions\u003C\u002Fa> for more security advice and for more information about the rationale for this plugin.\u003Cbr \u002F>\nIf you like this plugin, \u003Cstrong>please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> for your use of the plugin\u003C\u002Fstrong> or, better yet, contributing directly to \u003Ca href=\"http:\u002F\u002FCyberbusking.org\u002F\" rel=\"nofollow ugc\">my Cyberbusking fund\u003C\u002Fa>. Your support is appreciated!\u003C\u002Fp>\n\u003Ch4>Themeing\u003C\u002Fh4>\n\u003Cp>Theme authors can use the following code snippets to integrate a WordPress theme with this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To link to a site’s OpenPGP signing public key: \u003Ccode>\u003C?php print admin_url( 'admin-ajax.php?action=download_pgp_signing_public_key' ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin hooks\u003C\u002Fh4>\n\u003Cp>This plugin offers additional functionality intended for other plugin developers or theme authors to make use of. This functionality is documented here.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Ch4>`wp_user_encryption_method`\u003C\u002Fh4>\n\u003Cp>Gets the user’s preferred encryption method (either \u003Ccode>pgp\u003C\u002Fcode> or \u003Ccode>smime\u003C\u002Fcode>), if they have provided both an OpenPGP public key and an S\u002FMIME certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved OpenPGP public key from their WordPress profile data, immediately usable in other \u003Ccode>openpgp_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`openpgp_enarmor`\u003C\u002Fh4>\n\u003Cp>Gets an ASCII-armored representation of an OpenPGP data structure (like a key, or an encrypted message).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to be armored.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$marker\u003C\u002Fcode> – The marker of the block (the text that follows \u003Ccode>-----BEGIN\u003C\u002Fcode>). Defaults to \u003Ccode>MESSAGE\u003C\u002Fcode>, but you should set this to a more appropriate value. If you are armoring a PGP public key, for instance, set this to \u003Ccode>PGP PUBLIC KEY BLOCK\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – An array of strings to apply as headers to the ASCII-armored block, usually used to insert comments or identify the OpenPGP client used. Defaults to \u003Ccode>array()\u003C\u002Fcode> (no headers).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: ASCII-armor a binary public key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$ascii_key = apply_filters('openpgp_enarmor', $public_key, 'PGP PUBLIC KEY BLOCK');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_key`\u003C\u002Fh4>\n\u003Cp>Gets a binary OpenPGP public key for use in later PGP operations from an ASCII-armored representation of that key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$key\u003C\u002Fcode> – The ASCII-armored PGP public key block.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Get a key saved as an ASCII string in the WordPress database option \u003Ccode>my_plugin_pgp_public_key\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$key = apply_filters('openpgp_key', get_option('my_plugin_pgp_public_key'));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.gnupg.org\u002Fgph\u002Fen\u002Fmanual\u002Fx135.html#AEN152\" rel=\"nofollow ugc\">Clearsigns\u003C\u002Fa> a message using a given private key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The message data to sign.\u003C\u002Fli>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use, obtained by passing the ASCII-armored private key through the \u003Ccode>openpgp_key\u003C\u002Fcode> filter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Sign a short string.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$message = 'This is a message to sign.';\n$signing_key = apply_filters('openpgp_key', $ascii_key);\n$signed_message = apply_filters('openpgp_sign', $message, $signing_key);\n\u002F\u002F $signed_message is now a clearsigned message\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts data to one or more PGP public keys or passphrases.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – Data to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$keys\u003C\u002Fcode> – Passphrases or keys to use to encrypt the data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Encrypt the content of a blog post.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F First, get the PGP public key(s) of the recipient(s)\n$ascii_key = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n[...snipped for length...]\n-----END PGP PUBLIC KEY BLOCK-----';\n$encryption_key = apply_filters('openpgp_key', $ascii_key);\n$encrypted_post = apply_filters('openpgp_encrypt', $post->post_content, $encryption_key);\n\u002F\u002F Now you can safely send or display $encrypted_post anywhere you like and only\n\u002F\u002F those who control the corresponding private key(s) can decrypt it.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>Signs a message (arbitrary data) with the given private key.\u003C\u002Fp>\n\u003Cp>Note that if your plugin uses the built-in WordPress core \u003Ccode>wp_mail()\u003C\u002Fcode> function and this plugin is active, your plugin’s outgoing emails are already automatically signed so you do not need to do anything. This filter is intended for use by plugin developers who want to create custom, trusted communiques between WordPress and some other system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$privatekey\u003C\u002Fcode> – The private key used for signing the message. The default is to use the private key automatically generated during plugin activation. The automatically generated keypair is intended to be a low-trust, single-purpose keypair for your website itself, so you probably do not need or want to use this argument yourself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Send a signed, encrypted JSON payload to a remote, insecure server.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$comment_data = get_comment(2); \u002F\u002F get a WP_Comment object with comment ID 2\n\u002F\u002F Create JSON payload\n$json = array('success' => true, 'action' => 'new_comment', 'data' => $comment_data);\n$url = 'http:\u002F\u002Finsecure.example.com\u002F';\n$response = wp_safe_remote_post($url, array(\n));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign_and_encrypt`\u003C\u002Fh4>\n\u003Cp>A convenience filter that applies \u003Ccode>openpgp_sign\u003C\u002Fcode> and then \u003Ccode>openpgp_encrypt\u003C\u002Fcode> to the result.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign and encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$recipient_keys_and_passphrases\u003C\u002Fcode> – Public key(s) of the recipient(s), or passphrases to encrypt to.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved S\u002FMIME public certificate from their WordPress profile data, immediately usable in other \u003Ccode>smime_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate`\u003C\u002Fh4>\n\u003Cp>Gets a PHP resource handle to an X.509 Certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>mixed\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode> – The certificate, either as a string to a file, or raw PEM-encoded certificate data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate_pem_encode`\u003C\u002Fh4>\n\u003Cp>Encodes (“exports”) a given X.509 certificate as PEM format.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>resource\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts a message as an S\u002FMIME email given a public certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$message\u003C\u002Fcode> – The message contents to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string|string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – The message headers for the encrypted part.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resource|array\u003C\u002Fcode> \u003Ccode>$certificates\u003C\u002Fcode> – The recipient’s certificate, or an array of recipient certificates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This filter returns an array with two keys, \u003Ccode>headers\u003C\u002Fcode> and \u003Ccode>message\u003C\u002Fcode>, wherein the message is encrypted.\u003C\u002Fp>\n\u003Cp>Example: send an encrypted email via \u003Ccode>wp_mail()\u003C\u002Fcode>. (You do not need to do this if the recipient is registered as your site’s user, because this plugin does that automatically. Only do this if you need to send S\u002FMIME encrypted email to an address not stored in WordPress’s own database.)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$cert = apply_filters( 'smime_certificate', get_option( 'my_plugin_smime_certificate' ) );\n$body = 'This is a test email message body.';\n$head = array(\n    'From' => get_option( 'admin_email' ),\n);\n$smime_data = apply_filters( 'smime_encrypt', $body, $head, $cert );\nif ( $smime_data ) {\n    wp_mail(\n        'recipient@example.com',\n        'Test message.',\n        $smime_data['message'], \u002F\u002F message is sent encrypted\n        $smime_data['headers']\n    );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Signs and encrypts emails using PGP\u002FGPG keys or X.509 certificates. Provides OpenPGP and S\u002FMIME functions via WordPress plugin API.",26121,92,16,"2021-05-25T19:04:00.000Z","4.4",[18,133,134,135,19],"encryption","pgp","privacy","https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-pgp-encrypted-emails.0.8.0.zip",{"attackSurface":139,"codeSignals":172,"taintFlows":184,"riskAssessment":185,"analyzedAt":191},{"hooks":140,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":11,"unprotectedCount":11},[141,148,152,158,161,163,165,167],{"type":142,"name":143,"callback":144,"priority":145,"file":146,"line":147},"filter","dashboard_glance_items","dashboardStatus",99,"classes\u002Fdashboard.php",14,{"type":142,"name":149,"callback":149,"file":150,"line":151},"wp_mail","classes\u002Femail-trap.php",11,{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","admin_init","solidtrap_settings_init","classes\u002Foptions.php",8,{"type":153,"name":159,"callback":160,"file":156,"line":59},"admin_menu","solidtrap_options_page",{"type":142,"name":143,"callback":144,"priority":145,"file":162,"line":147},"trunk\u002Fclasses\u002Fdashboard.php",{"type":142,"name":149,"callback":149,"file":164,"line":151},"trunk\u002Fclasses\u002Femail-trap.php",{"type":153,"name":154,"callback":155,"file":166,"line":157},"trunk\u002Fclasses\u002Foptions.php",{"type":153,"name":159,"callback":160,"file":166,"line":59},[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":177,"bundledLibraries":183},[],{"prepared":11,"raw":11,"locations":175},[],{"escaped":147,"rawEcho":177,"locations":178},2,[179,182],{"file":156,"line":180,"context":181},50,"raw output",{"file":166,"line":180,"context":181},[],[],{"summary":186,"deductions":187},"The email-trap v1.0.1 plugin exhibits a generally strong security posture, with no reported vulnerabilities or CVEs in its history, which is a significant positive indicator. The static analysis reveals no dangerous functions, external HTTP requests, or file operations, further contributing to a low risk profile.  The plugin also demonstrates good practices in its SQL query handling, with 100% using prepared statements, and a high rate of output escaping (88%).\n\nHowever, there are a few areas that warrant attention. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events means the plugin has a minimal attack surface from a direct entry point perspective. While this is good, it also implies limited functionality which might be the intended purpose of an 'email-trap' plugin. More importantly, the analysis indicates 0 nonces checks, despite having 2 capability checks. This is a notable gap, as nonce checks are crucial for protecting against CSRF attacks, especially if any of the capability checks are tied to actions that modify data or settings.\n\nOverall, email-trap v1.0.1 appears to be a secure plugin due to its lack of historical vulnerabilities and adherence to good coding practices in critical areas like SQL and output handling. The primary concern lies in the missing nonce checks. If the plugin were to expand its functionality in the future, addressing this would be paramount. For its current, likely limited, scope, the risk remains low, but the potential for CSRF exploitation exists if any user-facing actions are implemented without proper nonce protection.",[188],{"reason":189,"points":190},"Missing nonce checks",5,"2026-04-16T13:26:09.025Z",{"wat":193,"direct":202},{"assetPaths":194,"generatorPatterns":197,"scriptPaths":198,"versionParams":199},[195,196],"\u002Fwp-content\u002Fplugins\u002Femail-trap\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Femail-trap\u002Fjs\u002Fscript.js",[],[196],[200,201],"email-trap\u002Fcss\u002Fstyle.css?ver=","email-trap\u002Fjs\u002Fscript.js?ver=",{"cssClasses":203,"htmlComments":206,"htmlAttributes":207,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":212},[204,205],"email-trap-dashboard-wrap","email-trap-admin-notice",[],[208],"data-email-trap-id",[],[211],"emailTrapSettings",[],{"error":214,"url":215,"statusCode":216,"statusMessage":217,"message":217},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Femail-trap\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":219,"versions":220},1,[221],{"version":6,"download_url":22,"svn_tag_url":222,"released_at":24,"has_diff":223,"diff_files_changed":224,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":225,"is_current":214},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Femail-trap\u002Ftags\u002F1.0.1\u002F",false,[],[]]