[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzBHr9_7Hzxg1_H544diwwiewjLBjmu7P0ugMGmE4pjQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":52,"analysis":163,"fingerprints":630},"emu2-email-users-2","Emu2 – Email Users 2","0.83b","Juergen Schulze","https:\u002F\u002Fprofiles.wordpress.org\u002F1manfactory\u002F","\u003Cp>A plugin for wordpress which allows you to send an email to the registered blog users. Users can send personal emails to each other. Power users can email groups of users and even notify group of users of posts.\u003C\u002Fp>\n\u003Cp>With ability to schedule mails of the newest post in digest form.\u003C\u002Fp>\n\u003Cp>! ! !  S T I L L   B E T A  ! ! !\u003C\u002Fp>\n\u003Cp>All the instructions for installation, the support forums, a FAQ, etc. can be found on the \u003Ca href=\"http:\u002F\u002F1manfactory.com\u002Femu2\" rel=\"nofollow ugc\">plugin home page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is available under the GPL license, which means that it’s free. But a “thank you” on my blog is highly apprechiated.\u003C\u002Fp>\n\u003Cp>Check out my other \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fprofile\u002F1manfactory\" rel=\"ugc\">WordPress Plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Remove plugin\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Deactivate plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>Delete plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>It’s best to use the build in delete function of wordpress. That way all the stored data will be removed and no orphaned data will stay.\u003C\u002Fp>\n\u003Ch3>To do\u003C\u002Fh3>\n\u003Cp>More translations. Does someone wants to help?\u003C\u002Fp>\n","Send email to users, manually or on schedule (digest of newest posts).  Users can send emails to each other. Export function included. STILL BETA!!!",80,19703,1,"2011-11-23T08:09:00.000Z","3.2.1","2.8","",[19,20,21,22,23],"admin","email","list","mailing","users","http:\u002F\u002F1manfactory.com\u002Femu2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femu2-email-users-2.zip",63,"2025-08-16 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-52750","emu2-b-reflected-cross-site-scripting","Emu2 \u003C= 0.83b - Reflected Cross-Site Scripting","The Emu2 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.83b due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=0.83b","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-11-04 16:04:12",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0104fa43-06c6-4e98-bced-4dd6ce355203?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},"1manfactory",6,1120,84,30,83,"2026-04-04T21:02:27.205Z",[53,76,100,122,144],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":17,"tags":67,"homepage":73,"download_link":74,"security_score":75,"vuln_count":63,"unpatched_count":63,"last_vuln_date":35,"fetched_at":28},"distributionlist","WP-Admin Distribution List","0.3","luckychingi","https:\u002F\u002Fprofiles.wordpress.org\u002Fluckychingi\u002F","\u003Cp>Distribution List to send emails to members in your \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconnections\u002F\" rel=\"ugc\">Connections Business Directory\u003C\u002Fa> plugin\u003C\u002Fp>\n\u003Cp>This is a very basic plugin that picks ‘\u003Cstrong>Preferred\u003C\u002Fstrong>‘ emails from the ‘Connections Business Directory’ Plugins table where member status is not ‘\u003Cstrong>Unlisted\u003C\u002Fstrong>‘ and sends mail out using the PHP mail function.\u003C\u002Fp>\n\u003Cp>Based on your server ‘Max_Execution_Limit’ of 30 seconds, the plugin is designed to send 12 emails per minute.\u003C\u002Fp>\n\u003Cp>This plugin is suitable for small list and can support up to 500 users.\u003C\u002Fp>\n","Send emails to members in your Connections plugin",10,1456,0,"2016-02-07T16:13:00.000Z","4.4.34","4.3.1",[68,69,70,71,72],"connections-business-directory-email","distribution-list","mailing-list","send-bulk-mail","wp-admin-distribution-list","http:\u002F\u002Fwpadmin.ca","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdistributionlist.0.3.zip",85,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":95,"download_link":96,"security_score":97,"vuln_count":98,"unpatched_count":63,"last_vuln_date":99,"fetched_at":28},"newsletters-lite","Newsletters","4.13","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>A full-featured WordPress newsletter plugin created by \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Tribulant\u003C\u002Fa> for WordPress which fulfills all subscribers, emails, marketing and newsletter related needs for both personal and business environments.\u003C\u002Fp>\n\u003Cp>It has robust, efficient and unique features! This is an all-in-one newsletter tool for your WordPress site can be configured to behave as desired and it will provide the best experience for your email subscribers at the same time.\u003C\u002Fp>\n\u003Cp>The software works the way you do so you can focus on creating newsletters and giving your website the necessary exposure!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Some of the features in the WordPress Newsletter plugin include (see PRO Version section below to view the limitations of this LITE version):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Mailing Lists \u003C\u002Fli>\n\u003Cli>Bounce Email Management \u003C\u002Fli>\n\u003Cli>Newsletter Queue & Scheduling \u003C\u002Fli>\n\u003Cli>Newsletter Templates \u003C\u002Fli>\n\u003Cli>Drag & Drop Newsletter & Template Builder \u003C\u002Fli>\n\u003Cli>Complete Email History \u003C\u002Fli>\n\u003Cli>Unlimited Sidebar Widgets \u003C\u002Fli>\n\u003Cli>Post\u002FPage Opt-In Embedding \u003C\u002Fli>\n\u003Cli>Subscription Forms Builder \u003C\u002Fli>\n\u003Cli>Offsite Subscription Forms \u003C\u002Fli>\n\u003Cli>Publish Newsletter as a Post \u003C\u002Fli>\n\u003Cli>Send Post as a Newsletter \u003C\u002Fli>\n\u003Cli>Add Email Attachments \u003C\u002Fli>\n\u003Cli>SMTP Authentication \u003C\u002Fli>\n\u003Cli>Ajax Powered Features \u003C\u002Fli>\n\u003Cli>Import\u002FExport Subscribers \u003C\u002Fli>\n\u003Cli>Paid Subscriptions (PayPal & 2Checkout) \u003C\u002Fli>\n\u003Cli>Integrates with our Banner Rotator plugin \u003C\u002Fli>\n\u003Cli>WordPress Multisite Compatible \u003C\u002Fli>\n\u003Cli>Email Tracking \u003C\u002Fli>\n\u003Cli>IP Logging of Subscribers \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2 \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3 \u003C\u002Fli>\n\u003Cli>hCaptcha \u003C\u002Fli>\n\u003Cli>Cloudflare Turnstile \u003C\u002Fli>\n\u003Cli>Really Simple CAPTCHA \u003C\u002Fli>\n\u003Cli>Newsletter Themes \u003C\u002Fli>\n\u003Cli>POP\u002FIMAP Bounce Handling \u003C\u002Fli>\n\u003Cli>Latest Posts Subscriptions \u003C\u002Fli>\n\u003Cli>Single\u002FMultiple Posts into Emails \u003C\u002Fli>\n\u003Cli>Bitly click tracking \u003C\u002Fli>\n\u003Cli>Autoresponders \u003C\u002Fli>\n\u003Cli>Newsletters by conditions \u003C\u002Fli>\n\u003Cli>Multilingual (qTranslate & WPML) \u003C\u002Fli>\n\u003Cli>Custom Post Types \u003C\u002Fli>\n\u003Cli>Custom Fields \u003C\u002Fli>\n\u003Cli>Link\u002Fclick tracking \u003C\u002Fli>\n\u003Cli>DKIM Signature \u003C\u002Fli>\n\u003Cli>WordPress Dashboard Widget \u003C\u002Fli>\n\u003Cli>and much more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the newsletter subscribe forms builder in action:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZHbXN72eqmU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Demo and Support\u003C\u002Fh4>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fnewsletter\u002F\" rel=\"nofollow ugc\">online demonstration\u003C\u002Fa> and view the \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-mailing-list-plugin\u002F31\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for tips, tricks, guides, and more.\u003C\u002Fp>\n\u003Ch4>Extensions\u003C\u002Fh4>\n\u003Cp>There are many free and paid extension plugins for the WordPress Newsletter plugin. All extensions work with both Newsletters LITE and Newsletters PRO, no problem.\u003C\u002Fp>\n\u003Cp>Some extensions include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F42\u002Fwoocommerce-subscribers\" rel=\"nofollow ugc\">WooCommerce Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F28\u002Fcontact-form-7-subscribers\" rel=\"nofollow ugc\">Contact Form 7 Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F46\u002Fgoogle-analytics\" rel=\"nofollow ugc\">Google Analytics Tracking\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F6\u002Fembedded-images\" rel=\"nofollow ugc\">Embedded Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F26\u002Ftotal-ms-control\" rel=\"nofollow ugc\">Total MS Control\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F17\u002Fgravity-forms-subscribers\" rel=\"nofollow ugc\">Gravity Forms Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F16\u002Fformidable-subscribers\" rel=\"nofollow ugc\">Formidable Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F43\u002Fdigital-access-pass\" rel=\"nofollow ugc\">Digital Access Pass Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F36\u002Ftotal-control\" rel=\"nofollow ugc\">Total Control\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F32\u002Fs2member-subscribers\" rel=\"nofollow ugc\">s2Member Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F31\u002Fwp-emember-subscribers\" rel=\"nofollow ugc\">WP eMember Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fextensions\u002F1\u002Fwordpress-newsletter-plugin\" rel=\"nofollow ugc\">Visit the Newsletters extensions page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Email\u002FNewsletter Templates\u003C\u002Fh4>\n\u003Cp>Included with the newsletter plugin are several premade email\u002Fnewsletter templates.\u003C\u002Fp>\n\u003Cp>Shop our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Femailthemes\u002F\" title=\"newsletter templates\" rel=\"nofollow ugc\">newsletter templates\u003C\u002Fa> for more variety and high quality, premium, responsive newsletter templates.\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>All language files and the instructions to use them are in \u003Ca href=\"https:\u002F\u002Fpoeditor.com\u002Fjoin\u002Fproject\u002Fb31cab38f30cec409424dc273a131183\" rel=\"nofollow ugc\">POEditor\u003C\u002Fa>. Anyone can join the project to add languages and contribute translations for strings.\u003C\u002Fp>\n\u003Cp>Thank you for these wonderful people who contributed in translating the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Afrikaans (af_ZA) by \u003Ca href=\"https:\u002F\u002Fwww.contrid.co.za\" rel=\"nofollow ugc\">Antonie Potgieter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) by Peter Schonmann\u003C\u002Fli>\n\u003Cli>Greek (el_GR) by \u003Ca href=\"https:\u002F\u002Fwww.aio.gr\" rel=\"nofollow ugc\">Harris Karanikolas | AiO Systems Information\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) by Juan Llamosas\u003C\u002Fli>\n\u003Cli>French (fr_FR) by Kim Gjerstad\u003C\u002Fli>\n\u003Cli>Hungarian (hu_HU) by \u003Ca href=\"https:\u002F\u002Fwww.idsign.hu\" rel=\"nofollow ugc\">iD Sign | Gergely Almasi\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) by \u003Ca href=\"https:\u002F\u002Fwww.playcodestudio.com\" rel=\"nofollow ugc\">Matteo Galli | Playcode\u003C\u002Fa>, Johnny\u003C\u002Fli>\n\u003Cli>Lithuanian (lt_LT) by Tomas\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) by \u003Ca href=\"https:\u002F\u002Fwww.webzenz.nl\" rel=\"nofollow ugc\">Ronald de Caluwe | WebZenz\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese (pt_BR) by Vitor Argos\u003C\u002Fli>\n\u003Cli>Portuguese (pt_PT) by wordpress.mowster.net\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO) by \u003Ca href=\"https:\u002F\u002Frichardconsulting.ro\" rel=\"nofollow ugc\">Richard Vencu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Swedish (sv_SE) by Tomas Lindhoff\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) by Sersah Namoglu\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Offsite HTML Code\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003Cscript type=\"text\u002Fjavascript\"> var wpmlAjax = \"' . $this -> url() . '\u002F' . $this -> plugin_name . '-ajax.php\"; \u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . $this -> url() . '\u002Fjs\u002Fwp-mailinglist.js\">\u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . get_option('siteurl') . '\u002Fwp-includes\u002Fjs\u002Fscriptaculous\u002Fprototype.js\">\u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . get_option('siteurl') . '\u002Fwp-includes\u002Fjs\u002Fscriptaculous\u002Fscriptaculous.js?load=effects\">\u003C\u002Fscript>'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>API Example\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php\n$url = 'https:\u002F\u002Fexample.com\u002Fwp-admin\u002Fadmin-ajax.php?action=newsletters_api';\n$data = array(\n    'api_method'        =>   'subscriber_add',\n    'api_key'           =>   '37C1D6053E817212348E507D29CCCE49',\n    'api_data'          =>   array(\n        'email'             => \"email@example.com\",\n        'list_id'           =>   array(1,2,3),\n    )\n);\n\n$data_string = wp_json_encode($data);\n\n$ch = curl_init($url);\ncurl_setopt($ch, CURLOPT_POST, true);\ncurl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\ncurl_setopt($ch, CURLOPT_HTTPHEADER, array(\n    'Content-Type: application\u002Fjson',\n    'Content-Length: ' . strlen($data_string))\n);\n\n$result = json_decode(curl_exec($ch));\ncurl_close($ch);\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>PRO Version\u003C\u002Fh4>\n\u003Cp>The Newsletters LITE version has nearly all of the features that the PRO version has but it has some limitations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One mailing list.\u003C\u002Fli>\n\u003Cli>500 max subscribers.\u003C\u002Fli>\n\u003Cli>Send up to 1000 emails per month.\u003C\u002Fli>\n\u003Cli>Mail Type: Local Server and SMTP. No API integration with our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-mailing-list-plugin\u002F10570\u002Fsending-apis\u002F\" rel=\"nofollow ugc\">mail service providers\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The “Drag & Drop Newsletter & Template Builder” cannot be used.\u003C\u002Fli>\n\u003Cli>Limited to Really Simple CAPTCHA and Google reCAPTCHA v2. The rest (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile) cannot be used.\u003C\u002Fli>\n\u003Cli>No new custom dynamic fields can be added but you can edit current ones.\u003C\u002Fli>\n\u003Cli>No Resend button for emails and for the Send Manage Subscription Email link.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These limits should be sufficient for a personal blogger or a small business.\u003C\u002Fp>\n\u003Cp>To remove these limits, you can upgrade to the PRO version and submit your serial key inside the plugin.\u003Cbr \u002F>\nOr, download, install, and activate the PRO version from our website under Downloads, and then add your serial key. This is the preferred method. After installing the PRO version, you can safely deactivate and delete the LITE version without losing your data.\u003C\u002Fp>\n\u003Cp>In addition to the limits being removed, you will receive \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">priority support\u003C\u002Fa> from \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Tribulant\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F1\u002Fwordpress-newsletter-plugin\" rel=\"nofollow ugc\">Visit the Newsletters PRO page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>3rd-Party Services\u003C\u002Fh4>\n\u003Cp>Our plugin makes use of some 3rd-party services or APIs to provide you with the latest technology and functionality. Here is a list of the services:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Postmark Spam Check API (https:\u002F\u002Fspamcheck.postmarkapp.com\u002F) – Fetch the spam score of an email\u002Fnewsletter\u003C\u002Fli>\n\u003Cli>IPEcho (https:\u002F\u002Fipecho.net\u002F) – Get the current mail exchange IP address\u003C\u002Fli>\n\u003Cli>IPLocate (https:\u002F\u002Fwww.iplocate.io\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003Cli>HostIP.info (https:\u002F\u002Fwww.hostip.info\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003Cli>geoPlugin (https:\u002F\u002Fwww.geoplugin.com\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003C\u002Ful>\n","Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.",2000,299778,94,244,"2026-02-03T21:15:00.000Z","6.9.4","3.8",[92,20,70,93,94],"bulk-email","newsletters","subscribers","https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F1\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewsletters-lite.zip",76,26,"2025-12-31 00:00:00",{"slug":101,"name":102,"version":66,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":11,"num_ratings":109,"last_updated":110,"tested_up_to":89,"requires_at_least":111,"requires_php":112,"tags":113,"homepage":118,"download_link":119,"security_score":120,"vuln_count":13,"unpatched_count":63,"last_vuln_date":121,"fetched_at":28},"benchmark-email-lite","Benchmark Email Lite","beAutomated","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeautomated\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FO-bawo9m-MM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>What is Benchmark Email Lite?\u003C\u002Fh3>\n\u003Cp>Benchmark Email Lite is a WordPress plugin that saves you time by giving you access to your email marketing account directly in your WordPress dashboard.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easily convert blog posts into email campaigns to increase the reach of your content\u003C\u002Fli>\n\u003Cli>Turn site visitors into subscribers by creating signup forms and pop-up modals that will automatically adapt to your WordPress theme\u003C\u002Fli>\n\u003Cli>Streamline your workflows by creating and scheduling any email campaign directly from your WordPress dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Send More Targeted Email Campaigns with Website Tracking\u003C\u002Fh3>\n\u003Cp>When you install Benchmark Email Lite on your WordPress site, it will automatically install the Automation Pro website tracker.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Follow-up with email campaigns based on the products, services or content that subscribers viewed on your website\u003C\u002Fli>\n\u003Cli>Boost your sales by automating emails that further convince a subscriber of the value of a product or service they showed interest in by visiting a page on your site\u003C\u002Fli>\n\u003Cli>A site visitor viewing a specific page can trigger an email with additional information on a product or service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Access Your Whole Email Marketing Account from Your WordPress Dashboard\u003C\u002Fh3>\n\u003Cp>Say goodbye to at least one extra tab on your browser.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Discover the blog content that is most popular with your subscribers by viewing your open and click reports directly in your WordPress dashboard—then create more content just like it!\u003C\u002Fli>\n\u003Cli>Create content and promote it all from the same place\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Easily Grow Your Most Valuable Marketing Asset: Your Email List\u003C\u002Fh3>\n\u003Cp>No coding necessary!\u003C\u002Fp>\n\u003Cp>With the Benchmark Email Lite plugin, you can quickly and easily place a signup form anywhere you want on your site. It’s also super simple to customize your forms.\u003C\u002Fp>\n","Your Wordpress Site and Email Marketing all in one place!",1000,132294,3,"2025-11-29T20:33:00.000Z","4.9","7.4",[114,115,70,116,117],"campaign","email-marketing","newsletter","sign-up","https:\u002F\u002Fwww.benchmarkemail.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbenchmark-email-lite.4.3.1.zip",99,"2024-04-08 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":107,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":141,"download_link":142,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":143,"fetched_at":28},"contact-form-7-getresponse-extension","Contact Form 7 GetResponse Extension","1.0.8","WEN Solutions","https:\u002F\u002Fprofiles.wordpress.org\u002Fwen-solutions\u002F","\u003Cp>Contact Form 7 GetResponse extension is a simple yet useful plug-in to integrate Contact Form 7 with GetResponse. Using CF7 form, contacts can be automatically added to GetResponse campaigns. Different campaigns can be used on different CF7 forms. It also supports GetResponse custom fields which helps to collect required data from the users.\u003C\u002Fp>\n\u003Ch4>Feature Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simplicity\u003C\u002Fli>\n\u003Cli>Different Campaigns for different forms\u003C\u002Fli>\n\u003Cli>GetResponse Custom fields supported\u003C\u002Fli>\n\u003Cli>Opt-in checkbox, which gives user option to subscribe or not\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP 5.3 +\u003C\u002Fli>\n\u003Cli>Self hosted WordPress.org installation (3.9 + )\u003C\u002Fli>\n\u003Cli>Contact Form 7 (4.2 +)\u003C\u002Fli>\n\u003Cli>Account on GetResponse\u003C\u002Fli>\n\u003C\u002Ful>\n","A very easy plugin to integrate GetResponse campaigns with Contact Form 7.",23347,86,7,"2024-01-18T11:49:00.000Z","6.4.8","3.9","5.6",[138,20,139,140,70],"contact-form-7","get-response","getresponse","http:\u002F\u002Fwensolutions.com\u002Fplugins\u002Fcontact-form-7-getresponse-extension","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontact-form-7-getresponse-extension.zip","2026-01-22 00:00:00",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":107,"downloaded":152,"rating":131,"num_ratings":153,"last_updated":154,"tested_up_to":89,"requires_at_least":155,"requires_php":17,"tags":156,"homepage":159,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":63,"last_vuln_date":99,"fetched_at":28},"wp-email-capture","Email Marketing Plugin – WP Email Capture","3.12.6","Rhys Wynne","https:\u002F\u002Fprofiles.wordpress.org\u002Frhyswynne\u002F","\u003Cp>This creates a 2 field form (Name & Email) for capturing emails. Email is double opt in, and allows you to forward opt in to services such as ebooks or software. When you are ready to begin your email marketing campaign, simply export the list into your chosen email marketing software or service. WP Email Capture now comes with a number of \u003Ca href=\"https:\u002F\u002Fwww.wpemailcapture.com\u002Fdownloads\u002F?utm_source=description&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">integrations and extensions\u003C\u002Fa>, including \u003Ca href=\"https:\u002F\u002Fwww.wpemailcapture.com\u002Fpremium?utm_source=description&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">WP Email Capture Premium\u003C\u002Fa> allows you to build multiple lists, track stats and have custom fields and templates\u003C\u002Fp>\n\u003Cp>WP Email Capture Free Features:-\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Widget Ready.\u003C\u002Fli>\n\u003Cli>Uses WordPress’ internal wp_mail function for sending mail.\u003C\u002Fli>\n\u003Cli>Easily integrated with posts & pages.\u003C\u002Fli>\n\u003Cli>Dashboard Widget.\u003C\u002Fli>\n\u003Cli>GDPR Friendly\u003C\u002Fli>\n\u003Cli>Export data into CSV files, compatible with most major Email Marketing Programmes (including Aweber, Mailchimp, Groupmail, Constant Contact)\u003C\u002Fli>\n\u003Cli>Double opt in, so compatible with CAN-SPAM act.\u003C\u002Fli>\n\u003Cli>reCAPTCHA integration\u003C\u002Fli>\n\u003Cli>And completely free!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more details please visit the official site of \u003Ca href=\"https:\u002F\u002Fwww.wpemailcapture.com\u002F?utm_source=description&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">WP Email Capture\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Now Released is WP Email Capture Premium!\u003C\u002Fstrong> You get all the above features plus the following:-\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stat tracking – track the visitors to your site and where your sign ups come from.\u003C\u002Fli>\n\u003Cli>Autoresponders – Create an autoresponder email, an email sent to the user when they sign up to your site.\u003C\u002Fli>\n\u003Cli>Multiple lists – Create multiple lists for your site.\u003C\u002Fli>\n\u003Cli>Build External Lists – If you have a Constant Contact, Mailchimp or Aweber account, you can use WP Email Capture to build to these services directly.\u003C\u002Fli>\n\u003Cli>Custom Fields – You can capture more than just visitors name & email, add your own custom fields to capture (such as phone number or Address).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You also get premium support and further documentation. For more information, and to purchase, \u003Ca href=\"https:\u002F\u002Fwww.wpemailcapture.com\u002Fpremium\u002F?utm_source=wpemailcapturepremium&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">visit the plans and pricing page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Keep in Contact:-\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.facebook.com\u002Fwpemailcapture\" rel=\"nofollow ugc\">WP Email Capture on Facebook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.twitter.com\u002Fwpemailcapture\" rel=\"nofollow ugc\">@WPEmailCapture\u003C\u002Fa> on Twitter\u003C\u002Fli>\n\u003Cli>For support requests please visit the \u003Ca href=\"https:\u002F\u002Fwww.wpemailcapture.com\u002Ffree-plugin\u002Ffrequently-asked-questions\u002F?utm_source=contact&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">FAQ’s\u003C\u002Fa>, or leave a message in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-email-capture\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>For general feature requests or bug notices \u003Ca href=\"http:\u002F\u002Fwpemailcapture.com\u002Fcontact\u002F?utm_source=contact&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">please contact me directly\u003C\u002Fa>, however any support requests sent via the contact form, Facebook Page or Twitter Feed will be ignored – please use the WordPress Support Forum – please note I’m unable to support CSS or styling queries, please read the “Stylings” area on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-email-capture\u002Fother_notes\u002F?utm_source=contact&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"ugc\">other notes\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Translation Credits:-\u003C\u002Fp>\n\u003Cp>Translations have been done by the following parties. Thank you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>French Translation: Olivier – http:\u002F\u002Fwww.ticket-system.net\u002F & Andrew Patton (@andpatton) – http:\u002F\u002Fwww.acusti.ca\u002F\u003C\u002Fli>\n\u003Cli>German Translation: Stephan – http:\u002F\u002Fwww.computersniffer.com\u002F, Marc Nilius (@libertello) – http:\u002F\u002Fwww.libertello.de\u002F and Ov3rFly\u003C\u002Fli>\n\u003Cli>Brazilian Portugese Translation: Nick Lima (@nick_linux) – http:\u002F\u002Fwww.nicklima.com.br\u003C\u002Fli>\n\u003Cli>Dutch Translation: Sander – http:\u002F\u002Fwww.zanderz.net\u002F\u003C\u002Fli>\n\u003Cli>Hungarian Translation: Surbma – http:\u002F\u002Fsurbma.hu\u002F\u003C\u002Fli>\n\u003Cli>Spanish Translation: David Bravo – http:\u002F\u002Fdimensionmultimedia.com\u003C\u002Fli>\n\u003Cli>Italian Translation: Giuseppe Marino – http:\u002F\u002Fit.gravatar.com\u002Fgpmarino\u003C\u002Fli>\n\u003Cli>Serbian Translation: Borisa Djuraskovic – http:\u002F\u002Fwww.webhostinghub.com\u002F\u003C\u002Fli>\n\u003Cli>Croatian Translation: Lem Treursić – http:\u002F\u002Fgrafika-dizajn.com\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Bugs\u002FSuggestions\u002FSupport\u003C\u002Fh3>\n\u003Cp>Please report any bugs, support and suggestions to the \u003Ca href=\"http:\u002F\u002Fwww.wpemailcapture.com\u002Fsupport\u002F?utm_source=support&utm_medium=wordpressorgreadme&utm_campaign=wpemailcapture\" rel=\"nofollow ugc\">WP Email Capture Support Page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Stylings\u003C\u002Fh3>\n\u003Cp>To style your form, you need to add to your CSS file the following ID declarations. \u003Ccode>wp_email_capture\u003C\u002Fcode> is for sidebar & template widgets, \u003Ccode>wp_email_capture_2\u003C\u002Fcode> is for on page forms.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>#wp_email_capture\n{\n\n}\n#wp_email_capture label.wp-email-capture-name\n{\n\n}\n#wp_email_capture label.wp-email-capture-email\n{\n\n}\n#wp_email_capture input.wp-email-capture-name\n{\n\n}\n#wp_email_capture input.wp-email-capture-email\n{\n\n}\n#wp_email_capture_2\n{\n\n}\n#wp_email_capture_2 label.wp-email-capture-name\n{\n\n}\n#wp_email_capture_2 label.wp-email-capture-email\n{\n\n}\n#wp_email_capture_2 input.wp-email-capture-name\n{\n\n}\n#wp_email_capture_2 input.wp-email-capture-email\n{\n\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Double opt-in form for building your email list. Define landing pages to distribute your ebooks & software.",307457,19,"2025-12-15T10:58:00.000Z","5.0",[20,115,157,70,158],"gutenberg-ready","widget-ready","https:\u002F\u002Fwww.wpemailcapture.com\u002F?utm_source=plugin-link&utm_medium=plugin&utm_campaign=wpemailcapture","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-email-capture.3.12.6.zip",95,5,{"attackSurface":164,"codeSignals":211,"taintFlows":394,"riskAssessment":614,"analyzedAt":629},{"hooks":165,"ajaxHandlers":204,"restRoutes":205,"shortcodes":206,"cronEvents":207,"entryPointCount":63,"unprotectedCount":63},[166,172,176,180,184,188,191,195,199],{"type":167,"name":168,"callback":169,"file":170,"line":171},"action","EMU2_task_hook","EMU2_send_scheduled","emu2.php",66,{"type":167,"name":173,"callback":174,"file":170,"line":175},"admin_menu","EMU2_plugin_activation",72,{"type":167,"name":177,"callback":178,"file":170,"line":179},"user_register","EMU2_user_register",293,{"type":167,"name":181,"callback":182,"file":170,"line":183},"submitpost_box","EMU2_post_relatedlink",306,{"type":167,"name":185,"callback":186,"file":170,"line":187},"submitpage_box","EMU2_page_relatedlink",320,{"type":167,"name":173,"callback":189,"file":170,"line":190},"EMU2_add_pages",338,{"type":167,"name":192,"callback":193,"file":170,"line":194},"show_user_profile","EMU2_user_profile_form",388,{"type":167,"name":196,"callback":197,"file":170,"line":198},"personal_options_update","EMU2_user_profile_update",421,{"type":200,"name":201,"callback":202,"file":170,"line":203},"filter","admin_init","EMU2_editor_admin_init",436,[],[],[],[208],{"hook":168,"callback":168,"file":209,"line":210},"emu2_set_options.php",78,{"dangerousFunctions":212,"sqlUsage":213,"outputEscaping":236,"fileOperations":63,"externalRequests":63,"nonceChecks":63,"capabilityChecks":392,"bundledLibraries":393},[],{"prepared":214,"raw":215,"locations":216},2,8,[217,220,222,224,226,228,230,232],{"file":170,"line":218,"context":219},235,"$wpdb->get_results() with variable interpolation",{"file":170,"line":221,"context":219},655,{"file":170,"line":223,"context":219},666,{"file":170,"line":225,"context":219},715,{"file":170,"line":227,"context":219},725,{"file":170,"line":229,"context":219},774,{"file":170,"line":231,"context":219},806,{"file":233,"line":234,"context":235},"emu2_templates_form.php",102,"$wpdb->get_var() with variable interpolation",{"escaped":63,"rawEcho":237,"locations":238},82,[239,242,244,247,249,251,253,255,258,260,262,265,267,269,271,274,275,276,278,280,281,282,284,286,288,290,293,295,297,299,301,303,305,307,308,310,312,314,316,318,321,323,325,327,329,331,332,334,336,339,341,344,347,349,350,351,353,354,356,358,360,361,362,364,366,367,368,369,371,373,375,377,379,381,382,383,384,385,386,388,389,391],{"file":170,"line":240,"context":241},315,"raw output",{"file":170,"line":243,"context":241},328,{"file":245,"line":246,"context":241},"emu2_core.php",31,{"file":245,"line":248,"context":241},32,{"file":245,"line":250,"context":241},123,{"file":245,"line":252,"context":241},143,{"file":245,"line":254,"context":241},144,{"file":256,"line":257,"context":241},"emu2_download.php",50,{"file":256,"line":259,"context":241},51,{"file":256,"line":261,"context":241},52,{"file":263,"line":264,"context":241},"emu2_export.php",34,{"file":263,"line":266,"context":241},43,{"file":263,"line":268,"context":241},54,{"file":263,"line":270,"context":241},58,{"file":272,"line":273,"context":241},"emu2_group_mail_form.php",25,{"file":272,"line":270,"context":241},{"file":272,"line":26,"context":241},{"file":272,"line":277,"context":241},69,{"file":272,"line":279,"context":241},70,{"file":272,"line":237,"context":241},{"file":272,"line":237,"context":241},{"file":272,"line":283,"context":241},96,{"file":272,"line":285,"context":241},98,{"file":272,"line":287,"context":241},108,{"file":272,"line":289,"context":241},124,{"file":291,"line":292,"context":241},"emu2_notify_form.php",88,{"file":291,"line":294,"context":241},113,{"file":291,"line":296,"context":241},114,{"file":291,"line":298,"context":241},115,{"file":291,"line":300,"context":241},116,{"file":291,"line":302,"context":241},117,{"file":291,"line":304,"context":241},122,{"file":291,"line":306,"context":241},126,{"file":291,"line":306,"context":241},{"file":291,"line":309,"context":241},140,{"file":291,"line":311,"context":241},142,{"file":291,"line":313,"context":241},153,{"file":291,"line":315,"context":241},155,{"file":291,"line":317,"context":241},170,{"file":319,"line":320,"context":241},"emu2_options_form.php",24,{"file":319,"line":322,"context":241},33,{"file":319,"line":324,"context":241},40,{"file":319,"line":326,"context":241},73,{"file":319,"line":328,"context":241},81,{"file":319,"line":330,"context":241},93,{"file":319,"line":250,"context":241},{"file":319,"line":333,"context":241},129,{"file":319,"line":335,"context":241},130,{"file":337,"line":338,"context":241},"emu2_send_group_mail.php",103,{"file":337,"line":340,"context":241},109,{"file":342,"line":343,"context":241},"emu2_send_notify_mail.php",87,{"file":345,"line":346,"context":241},"emu2_send_test_mail.php",101,{"file":348,"line":161,"context":241},"emu2_send_user_mail.php",{"file":348,"line":346,"context":241},{"file":209,"line":320,"context":241},{"file":209,"line":352,"context":241},111,{"file":209,"line":298,"context":241},{"file":355,"line":320,"context":241},"emu2_set_templates.php",{"file":355,"line":357,"context":241},60,{"file":355,"line":359,"context":241},64,{"file":233,"line":320,"context":241},{"file":233,"line":264,"context":241},{"file":233,"line":363,"context":241},41,{"file":233,"line":365,"context":241},57,{"file":233,"line":359,"context":241},{"file":233,"line":175,"context":241},{"file":233,"line":11,"context":241},{"file":233,"line":370,"context":241},151,{"file":233,"line":372,"context":241},184,{"file":233,"line":374,"context":241},199,{"file":233,"line":376,"context":241},201,{"file":378,"line":98,"context":241},"emu2_user_mail_form.php",{"file":378,"line":380,"context":241},59,{"file":378,"line":26,"context":241},{"file":378,"line":277,"context":241},{"file":378,"line":279,"context":241},{"file":378,"line":237,"context":241},{"file":378,"line":237,"context":241},{"file":378,"line":387,"context":241},100,{"file":378,"line":234,"context":241},{"file":378,"line":390,"context":241},112,{"file":378,"line":333,"context":241},35,[],[395,416,428,517,554,578,599],{"entryPoint":396,"graph":397,"unsanitizedCount":109,"severity":37},"\u003Cemu2_core> (emu2_core.php:0)",{"nodes":398,"edges":412},[399,403,407],{"id":400,"type":401,"label":402,"file":245,"line":277},"n0","source","$_SERVER (x3)",{"id":404,"type":405,"label":406,"file":245,"line":277},"n1","transform","→ emu2_mailf()",{"id":408,"type":409,"label":410,"file":245,"line":254,"wp_function":411},"n2","sink","echo() [XSS]","echo",[413,415],{"from":400,"to":404,"sanitized":414},false,{"from":404,"to":408,"sanitized":414},{"entryPoint":417,"graph":418,"unsanitizedCount":63,"severity":427},"\u003Cemu2_notify_form> (emu2_notify_form.php:0)",{"nodes":419,"edges":424},[420,423],{"id":400,"type":401,"label":421,"file":291,"line":422},"$_GET (x3)",68,{"id":404,"type":409,"label":410,"file":291,"line":294,"wp_function":411},[425],{"from":400,"to":404,"sanitized":426},true,"low",{"entryPoint":429,"graph":430,"unsanitizedCount":215,"severity":427},"\u003Cemu2_set_options> (emu2_set_options.php:0)",{"nodes":431,"edges":500},[432,434,436,440,442,445,448,450,453,456,458,461,464,467,470,473,476,479,482,485,488,491,494,497],{"id":400,"type":401,"label":433,"file":209,"line":387},"$_POST",{"id":404,"type":405,"label":435,"file":209,"line":387},"→ EMU2_update_default_mail_format()",{"id":408,"type":409,"label":437,"file":170,"line":438,"wp_function":439},"update_option() [Settings Manipulation]",540,"update_option",{"id":441,"type":401,"label":433,"file":209,"line":346},"n3",{"id":443,"type":405,"label":444,"file":209,"line":346},"n4","→ EMU2_update_sender_name()",{"id":446,"type":409,"label":437,"file":170,"line":447,"wp_function":439},"n5",582,{"id":449,"type":401,"label":433,"file":209,"line":234},"n6",{"id":451,"type":405,"label":452,"file":209,"line":234},"n7","→ EMU2_update_sender_address()",{"id":454,"type":409,"label":437,"file":170,"line":455,"wp_function":439},"n8",596,{"id":457,"type":401,"label":433,"file":209,"line":338},"n9",{"id":459,"type":405,"label":460,"file":209,"line":338},"n10","→ EMU2_update_max_bcc_recipients()",{"id":462,"type":409,"label":437,"file":170,"line":463,"wp_function":439},"n11",554,{"id":465,"type":401,"label":433,"file":209,"line":466},"n12",104,{"id":468,"type":405,"label":469,"file":209,"line":466},"n13","→ EMU2_update_schedule_time()",{"id":471,"type":409,"label":437,"file":170,"line":472,"wp_function":439},"n14",568,{"id":474,"type":401,"label":433,"file":209,"line":475},"n15",105,{"id":477,"type":405,"label":478,"file":209,"line":475},"n16","→ EMU2_update_mail_function()",{"id":480,"type":409,"label":437,"file":170,"line":481,"wp_function":439},"n17",610,{"id":483,"type":401,"label":433,"file":209,"line":484},"n18",106,{"id":486,"type":405,"label":487,"file":209,"line":484},"n19","→ EMU2_update_debug()",{"id":489,"type":409,"label":437,"file":170,"line":490,"wp_function":439},"n20",624,{"id":492,"type":401,"label":433,"file":209,"line":493},"n21",107,{"id":495,"type":405,"label":496,"file":209,"line":493},"n22","→ EMU2_update_double_place()",{"id":498,"type":409,"label":437,"file":170,"line":499,"wp_function":439},"n23",638,[501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516],{"from":400,"to":404,"sanitized":414},{"from":404,"to":408,"sanitized":414},{"from":441,"to":443,"sanitized":414},{"from":443,"to":446,"sanitized":414},{"from":449,"to":451,"sanitized":414},{"from":451,"to":454,"sanitized":414},{"from":457,"to":459,"sanitized":414},{"from":459,"to":462,"sanitized":414},{"from":465,"to":468,"sanitized":414},{"from":468,"to":471,"sanitized":414},{"from":474,"to":477,"sanitized":414},{"from":477,"to":480,"sanitized":414},{"from":483,"to":486,"sanitized":414},{"from":486,"to":489,"sanitized":414},{"from":492,"to":495,"sanitized":414},{"from":495,"to":498,"sanitized":414},{"entryPoint":518,"graph":519,"unsanitizedCount":553,"severity":427},"\u003Cemu2_set_templates> (emu2_set_templates.php:0)",{"nodes":520,"edges":544},[521,523,525,527,528,530,532,534,536,538,540,542],{"id":400,"type":401,"label":433,"file":355,"line":522},53,{"id":404,"type":405,"label":524,"file":355,"line":522},"→ EMU2_update_default_subject()",{"id":408,"type":409,"label":437,"file":170,"line":526,"wp_function":439},456,{"id":441,"type":401,"label":433,"file":355,"line":268},{"id":443,"type":405,"label":529,"file":355,"line":268},"→ EMU2_update_default_body()",{"id":446,"type":409,"label":437,"file":170,"line":531,"wp_function":439},470,{"id":449,"type":401,"label":433,"file":355,"line":533},55,{"id":451,"type":405,"label":535,"file":355,"line":533},"→ EMU2_update_default_schedule_subject()",{"id":454,"type":409,"label":437,"file":170,"line":537,"wp_function":439},484,{"id":457,"type":401,"label":433,"file":355,"line":539},56,{"id":459,"type":405,"label":541,"file":355,"line":539},"→ EMU2_update_default_schedule_body()",{"id":462,"type":409,"label":437,"file":170,"line":543,"wp_function":439},498,[545,546,547,548,549,550,551,552],{"from":400,"to":404,"sanitized":414},{"from":404,"to":408,"sanitized":414},{"from":441,"to":443,"sanitized":414},{"from":443,"to":446,"sanitized":414},{"from":449,"to":451,"sanitized":414},{"from":451,"to":454,"sanitized":414},{"from":457,"to":459,"sanitized":414},{"from":459,"to":462,"sanitized":414},4,{"entryPoint":555,"graph":556,"unsanitizedCount":109,"severity":577},"\u003Cemu2_send_group_mail> (emu2_send_group_mail.php:0)",{"nodes":557,"edges":571},[558,560,561,562,564,567,568,570],{"id":400,"type":401,"label":559,"file":337,"line":533},"$_POST (x2)",{"id":404,"type":409,"label":410,"file":337,"line":338,"wp_function":411},{"id":408,"type":401,"label":433,"file":337,"line":292},{"id":441,"type":405,"label":563,"file":337,"line":292},"→ EMU2_get_recipients_from_roles()",{"id":443,"type":409,"label":565,"file":170,"line":231,"wp_function":566},"get_results() [SQLi]","get_results",{"id":446,"type":401,"label":559,"file":337,"line":161},{"id":449,"type":405,"label":569,"file":337,"line":161},"→ EMU2_send_mail()",{"id":451,"type":409,"label":410,"file":245,"line":246,"wp_function":411},[572,573,574,575,576],{"from":400,"to":404,"sanitized":426},{"from":408,"to":441,"sanitized":414},{"from":441,"to":443,"sanitized":414},{"from":446,"to":449,"sanitized":414},{"from":449,"to":451,"sanitized":414},"high",{"entryPoint":579,"graph":580,"unsanitizedCount":214,"severity":577},"\u003Cemu2_send_notify_mail> (emu2_send_notify_mail.php:0)",{"nodes":581,"edges":593},[582,584,585,587,588,589,590,592],{"id":400,"type":401,"label":433,"file":342,"line":583},47,{"id":404,"type":409,"label":410,"file":342,"line":343,"wp_function":411},{"id":408,"type":401,"label":433,"file":342,"line":586},75,{"id":441,"type":405,"label":563,"file":342,"line":586},{"id":443,"type":409,"label":565,"file":170,"line":231,"wp_function":566},{"id":446,"type":401,"label":433,"file":342,"line":97},{"id":449,"type":405,"label":591,"file":342,"line":97},"→ EMU2_get_recipients_from_ids()",{"id":451,"type":409,"label":565,"file":170,"line":225,"wp_function":566},[594,595,596,597,598],{"from":400,"to":404,"sanitized":426},{"from":408,"to":441,"sanitized":414},{"from":441,"to":443,"sanitized":414},{"from":446,"to":449,"sanitized":414},{"from":449,"to":451,"sanitized":414},{"entryPoint":600,"graph":601,"unsanitizedCount":13,"severity":577},"\u003Cemu2_send_user_mail> (emu2_send_user_mail.php:0)",{"nodes":602,"edges":610},[603,605,606,608,609],{"id":400,"type":401,"label":559,"file":348,"line":604},49,{"id":404,"type":409,"label":410,"file":348,"line":161,"wp_function":411},{"id":408,"type":401,"label":433,"file":348,"line":607},77,{"id":441,"type":405,"label":591,"file":348,"line":607},{"id":443,"type":409,"label":565,"file":170,"line":225,"wp_function":566},[611,612,613],{"from":400,"to":404,"sanitized":426},{"from":408,"to":441,"sanitized":414},{"from":441,"to":443,"sanitized":414},{"summary":615,"deductions":616},"The emu2-email-users-2 plugin exhibits several concerning security weaknesses despite a seemingly small attack surface. The static analysis reveals a significant number of SQL queries with only 20% using prepared statements, indicating a high risk of SQL injection vulnerabilities. Furthermore, a critical finding is that 0% of output is properly escaped, which, combined with 6 out of 7 analyzed taint flows having unsanitized paths and 3 of those being high severity, strongly suggests a substantial risk of cross-site scripting (XSS) attacks. The absence of nonce checks on any entry points further exacerbates these risks by allowing unauthorized actions if an attacker can trigger these functionalities.\n\nThe vulnerability history, including a medium severity CVE related to XSS, corroborates the findings from the static analysis. The fact that this CVE is currently unpatched is a critical concern. While the plugin doesn't appear to have a large external attack surface in terms of unprotected entry points, the internal code quality regarding data sanitization and output escaping is a major point of failure. The presence of multiple capability checks suggests an awareness of access control, but this is undermined by the lack of fundamental security practices.\n\nIn conclusion, the emu2-email-users-2 plugin poses a significant security risk. The high prevalence of unsanitized taint flows, complete lack of output escaping, and unpatched XSS vulnerability are critical issues that require immediate attention. While the plugin has a limited number of exposed entry points, the internal code's susceptibility to injection and XSS attacks makes it a dangerous component to have active on a WordPress site.",[617,619,622,624,627],{"reason":618,"points":215},"Unescaped output (0%)",{"reason":620,"points":621},"High severity unsanitized taint flows (3)",12,{"reason":623,"points":61},"Raw SQL queries (80% without prepare)",{"reason":625,"points":626},"Unpatched medium CVE",15,{"reason":628,"points":215},"No nonce checks","2026-03-16T21:25:12.109Z",{"wat":631,"direct":636},{"assetPaths":632,"generatorPatterns":633,"scriptPaths":634,"versionParams":635},[],[],[],[],{"cssClasses":637,"htmlComments":638,"htmlAttributes":639,"restEndpoints":640,"jsGlobals":641,"shortcodeOutput":642},[],[],[],[],[],[]]