[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5xshrEjjHC3hm9V283tFSuTXJ2t0VpTSX0vOek5P7rM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":142,"fingerprints":243},"email","Email","1.1.1","Patrick Daly","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevelopdaly\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopdaly\u002FEmail\" rel=\"nofollow ugc\">\u003Cstrong>Contribute on Github\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopdaly\u002FEmail\u002Fissues?labels=bug&milestone=&page=1&state=open\" rel=\"nofollow ugc\">\u003Cstrong>Report Bugs\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin allows you configure and reconfigure emails that are sent to specified users when certain things happen.\u003C\u002Fp>\n\u003Cp>Some examples (applies to custom post types as well):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>new post\u003C\u002Fli>\n\u003Cli>updated post\u003C\u002Fli>\n\u003Cli>deleted post\u003C\u002Fli>\n\u003Cli>(more coming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you control the email template users receive. Boilterplate templates are included to get you started.\u003C\u002Fp>\n","Email users with custom templates when certain actions happen, such as new posts or updated custom post types and keep a log of sent emails.",60,12531,66,4,"2015-01-22T02:22:00.000Z","3.6.1","3.5.2","",[20,4,21,22,23],"e-mail","mail","wp-email","wp_mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail.1.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"developdaly",3,970,30,84,"2026-04-04T21:43:36.843Z",[38,59,80,104,123],{"slug":22,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":54,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":26,"last_vuln_date":58,"fetched_at":28},"WP-EMail","2.69.2","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>General Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Under E-Mail Settings, modify the setting Method Used To Send E-Mail accordingly. If the method is wrong, no email will get sent.\u003C\u002Fli>\n\u003Cli>You Need To Re-Generate The Permalink (WP-Admin -> Settings -> Permalinks -> Save Changes)\u003C\u002Fli>\n\u003Cli>Open \u003Ccode>wp-content\u002Fthemes\u002F\u003CYOUR THEME NAME>\u002Findex.php\u003C\u002Fcode> (You may place it in single.php, post.php, page.php, etc also)\n\u003Cul>\n\u003Cli>Find: \u003Ccode>\u003C?php while (have_posts()) : the_post(); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Simply add this code inside the loop where you want the email link to display: \u003Ccode>if(function_exists('email_link')) { email_link(); }\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you DO NOT want the email link to appear in every post\u002Fpage, DO NOT use the code above. Just use the shortcode by typing [email_link] into the selected post\u002Fpage content and it will embed the email link into that post\u002Fpage only.\u003C\u002Fp>\n\u003Ch3>Build Status\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Flesterchan\u002Fwp-email\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fyanlu.de\" rel=\"nofollow ugc\">Yannick\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Icons courtesy of \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002F\" rel=\"nofollow ugc\">FamFamFam\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks as my school allowance, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n","Allows people to recommend\u002Fsend your WordPress blog's post\u002Fpage to a friend.",2000,514654,90,11,"2024-12-18T14:25:00.000Z","6.7.5","4.6",[20,4,21,53,22],"recommend","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-email.2.69.3.zip",88,5,"2023-07-24 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":34,"last_updated":70,"tested_up_to":50,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"postmark-approved-wordpress-plugin","ActiveCampaign Postmark for WordPress","1.19.1","alexknowshtml","https:\u002F\u002Fprofiles.wordpress.org\u002Falexknowshtml\u002F","\u003Cp>If you’re still sending email with default SMTP, you’re blind to delivery problems! ActiveCampaign Postmark for WordPress enables sites of any size to deliver and track WordPress notification emails reliably, with minimal setup time and zero maintenance.\u003C\u002Fp>\n\u003Cp>If you don’t already have a Postmark account, you can get one in minutes, sign up at https:\u002F\u002Fpostmarkapp.com\u003C\u002Fp>\n\u003Cp>Check out our video on how to set up the Postmark for WordPress plugin \u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fwebinars\u002Fpostmark-wordpress\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Additional Resources\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1138-postmark-for-wordpress-faq\" rel=\"nofollow ugc\">Postmark for WordPress FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1129-can-i-use-the-postmark-for-wordpress-plugin-with-gravity-forms\" rel=\"nofollow ugc\">Can I use the Postmark for WordPress plugin with Gravity Forms?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1047-how-do-i-send-with-ninja-forms-and-postmark-for-wordpress\" rel=\"nofollow ugc\">How do I send with Ninja Forms and Postmark for WordPress?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1072-how-do-i-send-with-contact-form-7-and-postmark-for-wordpress\" rel=\"nofollow ugc\">How do I send with Contact Form 7 and Postmark for WordPress?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostmarkapp.com\u002Fsupport\u002Farticle\u002F1128-can-i-use-the-postmark-for-wordpress-plugin-with-divi-contact-forms\" rel=\"nofollow ugc\">Can I use the Postmark for WordPress plugin with Divi contact forms?\u003C\u002Fa>\u003C\u002Fp>\n","The officially-supported ActiveCampaign Postmark plugin for Wordpress.",50000,761312,94,"2024-11-18T20:01:00.000Z","5.3","7.0",[4,74,75,76,23],"notifications","postmark","smtp","https:\u002F\u002Fpostmarkapp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostmark-approved-wordpress-plugin.1.19.1.zip",92,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":99,"download_link":100,"security_score":101,"vuln_count":102,"unpatched_count":26,"last_vuln_date":103,"fetched_at":28},"smtp2go","SMTP2GO for WordPress – Email Made Easy","1.14.1","SMTP2GO","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmtp2go\u002F","\u003Cp>SMTP2GO’s WordPress plugin replaces the default built in wp_mail() functionality (phpmailer) and sends your email via SMTP2GO’s API and industry leading email delivery platform.\u003C\u002Fp>\n\u003Cp>SMTP2GO provides valuable insights into every aspect of your email’s life cycle, enabling you to track delivery rates, opens, clicks, and bounce rates. Whether your email is transactional, marketing, newsletter, contact form, or notification – we have got you covered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The main benefits of using the official SMTP2GO plugin:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We have made our plugin as easy and low maintenance as possible – you can set it up in under ten minutes.\u003C\u002Fli>\n\u003Cli>Take over from the default WordPress email system for more reliable delivery – you can be confident your emails have arrived at their destination inbox successfully.\u003C\u002Fli>\n\u003Cli>Get access to our intuitive real-time reporting tools. You can uncover what is going on behind the scenes with delivery, open rates, click rates, bounce, and unsubscription reports.\u003C\u002Fli>\n\u003Cli>We offer secure worldwide servers with intelligent routing for network redundancy and speedy delivery.\u003C\u002Fli>\n\u003Cli>We handle SPF and DKIM on your behalf. SMTP2GO can even turn your “http” links into “https”.\u003C\u002Fli>\n\u003Cli>Diagnose and resolve delivery issues with our insightful reporting page, or reach out to our award-winning support team who are available almost 24\u002F7 to help address problems in a timely, friendly fashion.\u003C\u002Fli>\n\u003Cli>We have a dedicated Review team who constantly monitor the reputations of our IP’s and we proactively alert members to any suspicious changes in their email regimen.\u003C\u002Fli>\n\u003Cli>Avoid poor reputation and throttling or limitations from over-used shared web hosts and other providers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.smtp2go.com\u002F\" rel=\"nofollow ugc\">Sign up here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you have questions or need assistance then feel free to contact the support team by logging into your \u003Ca href=\"https:\u002F\u002Fapp.smtp2go.com\" rel=\"nofollow ugc\">SMTP2GO dashboard\u003C\u002Fa> and clicking the support icon on the top right navigation bar.\u003C\u002Fp>\n\u003Cp>More information on this plugin is available in our \u003Ca href=\"https:\u002F\u002Fsupport.smtp2go.com\u002Fhc\u002Fen-gb\u002Farticles\u002F900000195666-SMTP2GO-WordPress-Plugin\" rel=\"nofollow ugc\">knowledgebase\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>About SMTP2GO\u003C\u002Fh3>\n\u003Cp>Founded in 2006, SMTP2GO is a fast and scalable world class email service provider for sending transactional and marketing emails. It is developed and supported by a team of delivery experts at the forefront of the email industry, providing a reliable SMTP solution for over 35,000 businesses.\u003C\u002Fp>\n\u003Cp>Complexities such as reputation monitoring, SPF and DKIM are professionally managed for each customer. Native-English speaking support is available worldwide (agents in the USA, EU, UK, Australia, and New Zealand).\u003C\u002Fp>\n\u003Cp>Our data centers are located around the world, meaning lightning-fast connection speeds, network redundancy, and GDPR compliance.\u003C\u002Fp>\n","Resolve email delivery issues, increase inbox placement, track sent email, get 24\u002F7 support, and real-time reporting.",30000,331932,100,64,"2026-03-04T01:49:00.000Z","6.9.4","6.2","7.4",[97,4,98,76,23],"delivery","inbox","https:\u002F\u002Fgithub.com\u002Fthefold\u002Fsmtp2go-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmtp2go.1.14.1.zip",98,2,"2025-07-16 00:00:00",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":56,"num_ratings":114,"last_updated":115,"tested_up_to":50,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":18,"download_link":122,"security_score":79,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"cb-change-mail-sender","Change Mail Sender","1.3.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>\u003Cstrong>Do you want to change the WordPress default from email address and from name?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This is the plugin for you! It allows you to change the from email address and name for all emails sent from your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are your WordPress emails not being delivered?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have issues with email deliverability, then just changing the from email address and name will usually not resolve the issue.\u003C\u002Fp>\n\u003Cp>In order to fix your WordPress emails not reaching your inbox, we suggest installing the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>WP Mail SMTP is trusted by more than 3 million websites. It will fix the deliverability problems with one of your favourite email providers: Gmail, Outlook, SendLayer, Mailgun, and many more.\u003C\u002Fp>\n","Easily change the default WordPress from email name and from email address.",20000,186985,18,"2025-04-02T06:24:00.000Z","5.2","5.6.20",[119,4,120,21,121],"change-mail-sender","from-email","name","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcb-change-mail-sender.1.3.0.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":112,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":93,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":140,"download_link":141,"security_score":90,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"zoho-mail","Zoho Mail for WordPress","1.6.2","Zoho Mail","https:\u002F\u002Fprofiles.wordpress.org\u002Fzmintegration\u002F","\u003Ch4>Zoho Mail for WordPress\u003C\u002Fh4>\n\u003Cp>Zoho Mail Plugin helps you to configure your Zoho Mail account in your WordPress site, to send emails from your Site.\u003Cbr \u002F>\nIt is recommended to use authorized server for sending emails from websites, instead of using generic hosting servers. It is possible to misuse unauthorized and unauthenticated configuration and harm the reputation of your domain\u002F website when using generic servers.\u003Cbr \u002F>\nZoho Mail plugin can help to ensure that the emails are sent from your account using Zoho Mail API’s.\u003C\u002Fp>\n\u003Ch3>PRE-REQUISITES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A Zoho Mail Account\u003C\u002Fli>\n\u003Cli>A self-hosted WordPress site\u003C\u002Fli>\n\u003Cli>PHP 5.6 or later\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ADVANTAGES OF ZOHO MAIL PLUGIN\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Zoho Mail plugin makes use of \u003Cstrong>OAuth 2.0\u003C\u002Fstrong> protocol to access Zoho Mail API. This ensures a highly secure authentication process where the Username or password is not stored so cannot be misused.\u003C\u002Fli>\n\u003Cli>Zoho Mail plugin has customized the \u003Cstrong>PHPMailer’s\u003C\u002Fstrong> code library, used in WordPress for sending email.\u003C\u002Fli>\n\u003Cli>By using \u003Cstrong>’wp_mail’\u003C\u002Fstrong> function of WordPress, Zoho Mail plugin handles the custom send mail action anywhere from the entire site, without having to change\u002F configure in every occurrence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ZOHO MAIL API FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Zoho Mail API is authenticated using OAuth 2.0 protocol.\u003C\u002Fli>\n\u003Cli>You can configure your Zoho Mail account in your website to send email using Zoho Mail API.\u003C\u002Fli>\n\u003Cli>The emails sent will be available in the corresponding Zoho Mail account’s Sent folder.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ZOHO MAIL PLUGIN PARAMETERS\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Where is your account hosted?\u003C\u002Fstrong> :The region where your Zoho Account data resides.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client ID\u003C\u002Fstrong> :The Client ID of your Zoho Mail API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client Secret\u003C\u002Fstrong> : The Client secret of your API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authorized Redirect URI\u003C\u002Fstrong> : Authorized Redirect URL obtained from your website that is used to create Client ID.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Email Address\u003C\u002Fstrong> :The Email address that will be used to send all the outgoing emails from your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Name\u003C\u002Fstrong> :The Name that will be shown as the display name while sending all emails from your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ZOHO MAIL PLUGIN TEST EMAIL\u003C\u002Fh3>\n\u003Cp>After configuration, you can test the plugin. Navigate to the Zoho Mail – Test Email page in your Website settings.\u003Cbr \u002F>\n– \u003Cstrong>To\u003C\u002Fstrong> : Email address of the recipient.\u003Cbr \u002F>\n– \u003Cstrong>Subject\u003C\u002Fstrong> : Subject of the email.\u003Cbr \u002F>\n– \u003Cstrong>Content\u003C\u002Fstrong> :The message or body of the email.\u003C\u002Fp>\n\u003Cp>For in detail instructions on how to set up Zoho Mail plugin, visit \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fmail\u002Fhelp\u002Fzohomail-plugin-for-wordpress.html\" rel=\"nofollow ugc\">Zoho Mail plugin page\u003C\u002Fa> .\u003Cbr \u002F>\n\u003Cstrong>Note\u003C\u002Fstrong> :\u003Cbr \u002F>\nSending emails through Zoho Mail is subjective to our Usage Policy restrictions. Please refer to our Usage Policy details \u003Ca href=\"https:\u002F\u002Fwww.zoho.com\u002Fmail\u002Fhelp\u002Fusage-policy.html\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","Zoho Mail Plugin lets you configure your Zoho Mail account on your WordPress site enabling you to send the email via Zoho Mail API.",335443,76,41,"2026-01-27T05:17:00.000Z","4.8","5.6",[4,21,138,139,23],"mailer","phpmailer","http:\u002F\u002Fmail.zoho.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzoho-mail.1.6.2.zip",{"attackSurface":143,"codeSignals":179,"taintFlows":203,"riskAssessment":231,"analyzedAt":242},{"hooks":144,"ajaxHandlers":168,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":102,"unprotectedCount":102},[145,151,156,160,164],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","init","email_register","email.php",21,{"type":146,"name":152,"callback":153,"priority":154,"file":149,"line":155},"transition_post_status","email_action_router",10,22,{"type":146,"name":157,"callback":158,"file":149,"line":159},"admin_head","email_menu_icon",23,{"type":146,"name":161,"callback":162,"file":149,"line":163},"admin_menu","email_add_menu",24,{"type":146,"name":165,"callback":166,"file":149,"line":167},"admin_enqueue_scripts","email_enqueue_scripts",25,[169,173],{"action":170,"nopriv":171,"callback":170,"hasNonce":171,"hasCapCheck":171,"file":149,"line":172},"email_get_users",false,26,{"action":174,"nopriv":171,"callback":174,"hasNonce":171,"hasCapCheck":171,"file":149,"line":175},"email_get_template",27,[],[],[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":198,"bundledLibraries":199},[],{"prepared":26,"raw":26,"locations":182},[],{"escaped":184,"rawEcho":57,"locations":185},69,[186,190,192,194,196],{"file":187,"line":188,"context":189},"admin.php",91,"raw output",{"file":187,"line":191,"context":189},112,{"file":187,"line":193,"context":189},142,{"file":187,"line":195,"context":189},558,{"file":187,"line":197,"context":189},569,1,[200],{"name":201,"version":27,"knownCves":202},"jQuery",[],[204,221],{"entryPoint":205,"graph":206,"unsanitizedCount":198,"severity":220},"email_get_template (admin.php:565)",{"nodes":207,"edges":218},[208,213],{"id":209,"type":210,"label":211,"file":187,"line":212},"n0","source","$_POST",567,{"id":214,"type":215,"label":216,"file":187,"line":197,"wp_function":217},"n1","sink","echo() [XSS]","echo",[219],{"from":209,"to":214,"sanitized":171},"medium",{"entryPoint":222,"graph":223,"unsanitizedCount":26,"severity":230},"\u003Cadmin> (admin.php:0)",{"nodes":224,"edges":227},[225,226],{"id":209,"type":210,"label":211,"file":187,"line":212},{"id":214,"type":215,"label":216,"file":187,"line":197,"wp_function":217},[228],{"from":209,"to":214,"sanitized":229},true,"low",{"summary":232,"deductions":233},"The \"email\" plugin v1.1.1 presents a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, exclusively using prepared statements, and shows a high percentage of properly escaped output, which mitigates common injection and XSS vulnerabilities. The absence of known CVEs and a clean vulnerability history further suggests a generally secure development process.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both lacking authentication checks. This creates a substantial attack surface, allowing any authenticated user, potentially even those with lower privileges, to trigger these handlers. The taint analysis also identified one flow with unsanitized paths, which, despite not being classified as critical or high, still indicates a potential area for exploitation if malicious input can be controlled. The absence of nonce checks on these unprotected AJAX endpoints further exacerbates the risk, making them susceptible to Cross-Site Request Forgery (CSRF) attacks.\n\nIn conclusion, while the plugin excels in data handling and output escaping, the unprotected AJAX endpoints are a critical weakness. The vulnerability history being clear is positive but doesn't negate the immediate risks identified in the static analysis. The focus should be on securing these entry points to significantly improve the plugin's overall security.",[234,236,239],{"reason":235,"points":154},"Unprotected AJAX handlers",{"reason":237,"points":238},"Flow with unsanitized paths",8,{"reason":240,"points":241},"Missing nonce checks on AJAX",7,"2026-03-16T21:45:39.163Z",{"wat":244,"direct":254},{"assetPaths":245,"generatorPatterns":251,"scriptPaths":252,"versionParams":253},[246,247,248,249,250],"\u002Fwp-content\u002Fplugins\u002Femail\u002Fassets\u002Fchosen\u002Fchosen.css","\u002Fwp-content\u002Fplugins\u002Femail\u002Fassets\u002Fjquery-ui-1.9.2.custom.min.css","\u002Fwp-content\u002Fplugins\u002Femail\u002Fassets\u002Fchosen\u002Fchosen.jquery.min.js","\u002Fwp-content\u002Fplugins\u002Femail\u002Fassets\u002Fjquery.timepicker.js","\u002Fwp-content\u002Fplugins\u002Femail\u002Fassets\u002Fapp.js",[],[250],[],{"cssClasses":255,"htmlComments":257,"htmlAttributes":258,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":263},[256],"chosen-select",[],[259,260],"data-placeholder=\"Choose post types...\"","data-placeholder=\"Choose actions...\"",[],[],[]]