[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvCg_kpuvn_c3-_OT8kKS2p-F532hj3bCJ6_wpisAEOs":3,"$f2DX1_tM-Yok_Yk8AIjALn_NztbUr-GQ-rdISexH4UIU":515,"$fScJNAQU-awBBT8juea6WbuH-preIhNenP68KDUn-giw":520},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":87,"crawl_stats":38,"alternatives":95,"analysis":201,"fingerprints":496},"enl-newsletter","ENL Newsletter","1.0.1","wphobby","https:\u002F\u002Fprofiles.wordpress.org\u002Fdarell\u002F","\u003Cp>\u003Cstrong>Main Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Setup multiple newsletters according to the post categories.\u003C\u002Fli>\n\u003Cli>Different send modes include manual, weekly and monthly.\u003C\u002Fli>\n\u003Cli>Custom newsletter content, template and post count.\u003C\u002Fli>\n\u003Cli>Newsletter signup widget for user registration. \u003C\u002Fli>\n\u003Cli>Subscriber info list containing email, ip and registeration time. \u003C\u002Fli>\n\u003Cli>Import wordpress users to subscriber list.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>More info:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.wp-coder.net\u002Fenl-newsletter\u002F\" rel=\"nofollow ugc\">Leave a comment\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy to create multiple newsletters containing the blog latest posts.",10,5766,80,1,"2012-01-07T00:33:00.000Z","3.1.4","3.0.1","",[20,21,22,23,24],"categories","latest-posts","multiple","newsletter","schedule","http:\u002F\u002Fwp-coder.net","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenl-newsletter.zip",29,4,"2024-04-26 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[33,50,64,75],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":38,"patch_diff_files":47,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-3060","enl-newsletter-authenticated-admin-sql-injection","ENL Newsletter \u003C= 1.0.1 - Authenticated (Admin+) SQL Injection","The ENL Newsletter plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with administrator access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.0.1","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-05-01 15:17:59",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0298f5e6-36b6-4005-b6ef-d38f2f86f0b1?source=api-prod",[],false,0,{"id":51,"url_slug":52,"title":53,"description":54,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":38,"patch_diff_files":63,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-3059","enl-newsletter-cross-site-request-forgery-to-campaign-deletion","ENL Newsletter \u003C= 1.0.1 - Cross-Site Request Forgery to Campaign Deletion","The ENL Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the enl-campaigns page. This makes it possible for unauthenticated attackers to delete campaigns via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:N\u002FA:L","Cross-Site Request Forgery (CSRF)","2024-04-05 00:00:00","2024-05-01 15:16:11",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F891a625e-8248-4d21-a796-bf0cff6fc253?source=api-prod",[],{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":55,"cvss_score":69,"cvss_vector":70,"vuln_type":58,"published_date":59,"updated_date":71,"references":72,"days_to_patch":38,"patch_diff_files":74,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2024-3058","enl-newsletter-cross-site-request-forgery","ENL Newsletter \u003C= 1.0.1 - Cross-Site Request Forgery","The ENL Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the enl-add-new page. This makes it possible for unauthenticated attackers to add new pages and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-05-01 15:14:56",[73],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcfec4c31-ba09-4832-a095-4ca5f5192674?source=api-prod",[],{"id":76,"url_slug":77,"title":36,"description":78,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":79,"cvss_score":80,"cvss_vector":81,"vuln_type":43,"published_date":82,"updated_date":83,"references":84,"days_to_patch":38,"patch_diff_files":86,"patch_trac_url":38,"research_status":38,"research_verified":48,"research_rounds_completed":49,"research_plan":38,"research_summary":38,"research_vulnerable_code":38,"research_fix_diff":38,"research_exploit_outline":38,"research_model_used":38,"research_started_at":38,"research_completed_at":38,"research_error":38,"poc_status":38,"poc_video_id":38,"poc_summary":38,"poc_steps":38,"poc_tested_at":38,"poc_wp_version":38,"poc_php_version":38,"poc_playwright_script":38,"poc_exploit_code":38,"poc_has_trace":48,"poc_model_used":38,"poc_verification_depth":38},"CVE-2014-4939","enl-newsletter-authenticated-admin-sql-injection-2","SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin\u002Fadmin.php.","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2014-05-28 00:00:00","2024-01-22 19:56:02",[85],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F419270e7-c781-41fe-9893-473074825b36?source=api-prod",[],{"slug":88,"display_name":7,"profile_url":8,"plugin_count":89,"total_installs":90,"avg_security_score":91,"avg_patch_time_days":92,"trust_score":93,"computed_at":94},"darell",16,220,88,30,86,"2026-05-19T20:16:57.345Z",[96,120,142,160,180],{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":117,"download_link":118,"security_score":119,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"bulk-term-generator","Bulk Term Generator – Import multiple tags, categories, and taxonomies easily","1.4.0","Nate Allen","https:\u002F\u002Fprofiles.wordpress.org\u002Fncallen\u002F","\u003Cp>Are you tired of manually adding terms in WordPress one by one? Do you find CSV import plugins complex and restrictive? Enter Bulk Term Generator – a revolutionary WordPress plugin designed to streamline and simplify your taxonomy management process.\u003C\u002Fp>\n\u003Cp>Bulk Term Generator allows you to seamlessly import multiple terms to your selected taxonomies in WordPress. Its powerful yet easy-to-use interface lets you copy and paste your terms, queue them up, and even select a parent term for hierarchy. No need for pre-formatted CSV files or meticulous manual entry. You can even specify the slug and description for each term, making your content even more search-friendly.\u003C\u002Fp>\n\u003Cp>But the magic doesn’t stop there. Bulk Term Generator gives you total control before you import your terms. With its unique ‘Preview’ feature, you can see exactly how your terms will be added and make any necessary changes before hitting the final “Generate Terms” button. Plus, you can edit or delete any queued term at any point with just a click.\u003C\u002Fp>\n\u003Cp>Bulk Term Generator has been lauded as a ‘lifesaver’ and a ‘developer’s dream’ by our users, and we are confident you will think the same:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“It saved me DAYS of terms input! This plugin is the number one tool for developers.” – LuciaRed\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>“Recently used this for a client to import 43 terms in multiple hierarchical levels. So much quicker than going about it individually.” – Brian Fischer\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>“I tried a few other plugins to bulk add taxonomy terms but none of them were intuitive. This plugin is the only one that you’ll ever need. It does everything I expected and more!” – Andrew Schultz\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Bulk Term Generator supports both English and Spanish, and we’re planning to add more languages in the future. Plus, it’s 100% free. No hidden costs or premium versions.\u003C\u002Fp>\n\u003Cp>Join our growing community of efficient and happy WordPress users today. Choose Bulk Term Generator for your WordPress taxonomy management needs and experience how it makes the complex, simple.\u003C\u002Fp>\n","Streamline taxonomy management in WordPress with Bulk Term Generator, your free tool for easy, bulk term importing.",2000,16474,100,17,"2024-04-30T13:35:00.000Z","6.5.8","3.1","7.4",[113,20,114,115,116],"add-multiple","import","tags","terms","http:\u002F\u002Fnateallen.com\u002Fwordpress-plugins\u002Fbulk-term-generator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-term-generator.zip",85,{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":109,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":138,"download_link":139,"security_score":140,"vuln_count":14,"unpatched_count":49,"last_vuln_date":141,"fetched_at":30},"weekly-schedule","Weekly Schedule","3.5.1","Yannick Lefebvre","https:\u002F\u002Fprofiles.wordpress.org\u002Fjackdewey\u002F","\u003Cp>The purpose of this plugin is to allow users to create one or more schedules of weekly events and display these schedule on one or more pages as tables. Users can style their schedules using stylesheets based on the category of items and can assign information to items that will be displayed in a tooltip.\u003C\u002Fp>\n\u003Cp>You can try it out in a temporary copy of WordPress \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Fweekly-schedule\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n","The purpose of this plugin is to allow users to create a schedule of weekly events and display that schedule on a page in a table form.",200,56814,74,7,"2024-07-10T02:15:00.000Z","2.8",[135,136,22,24,137],"events","grid","weekly","https:\u002F\u002Fylefebvre.github.io\u002Fwordpress-plugins\u002Fweekly-schedule\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweekly-schedule.3.5.1.zip",92,"2021-05-12 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":106,"downloaded":150,"rating":93,"num_ratings":28,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":18,"tags":154,"homepage":158,"download_link":159,"security_score":119,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"simple-seo-categories-posts","Simple Category Posts","1.0.4","Nitroweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fspyrosvl\u002F","\u003Cp>Simple SEO Categories Posts is a plugin\u002Fwidget, for displaying on your site the posts from specified categories.\u003C\u002Fp>\n\u003Ch4>Widget options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Categories IDs\u003C\u002Fli>\n\u003Cli>Number of posts\u003C\u002Fli>\n\u003Cli>Display Title\u003C\u002Fli>\n\u003Cli>Title Tag\u003C\u002Fli>\n\u003Cli>Display Thumb\u003C\u002Fli>\n\u003Cli>Thumb Width\u003C\u002Fli>\n\u003Cli>Thumb Height\u003C\u002Fli>\n\u003Cli>Thumb Crop\u003C\u002Fli>\n\u003Cli>Display Excerpt\u003C\u002Fli>\n\u003Cli>Excerpt Length\u003C\u002Fli>\n\u003Cli>Display Date\u003C\u002Fli>\n\u003Cli>Display Author\u003C\u002Fli>\n\u003Cli>Before Author\u003C\u002Fli>\n\u003Cli>Order By\u003C\u002Fli>\n\u003Cli>Normal\u002FReverse\u003C\u002Fli>\n\u003Cli>Title Order\u003C\u002Fli>\n\u003Cli>Thumb Order\u003C\u002Fli>\n\u003Cli>Excerpt Order\u003C\u002Fli>\n\u003Cli>Date Order\u003C\u002Fli>\n\u003Cli>Author Order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Brought to you by \u003Ca href=\"https:\u002F\u002Fwww.hostivate.com\" rel=\"nofollow ugc\">hostivate.com\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fwww.nitroweb.gr\" rel=\"nofollow ugc\">nitroweb.gr\u003C\u002Fa>\u003C\u002Fp>\n","A plugin to display posts in a widget with title, thumb, excerpt, date and author.",10581,"2015-04-20T12:48:00.000Z","4.1.42","3.2",[155,21,156,157],"categories-posts-widget","post-with-thumb-widget","posts-widget","http:\u002F\u002Fwww.nitroweb.gr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-seo-categories-posts.zip",{"slug":161,"name":162,"version":163,"author":164,"author_profile":165,"description":166,"short_description":167,"active_installs":13,"downloaded":168,"rating":106,"num_ratings":14,"last_updated":169,"tested_up_to":170,"requires_at_least":171,"requires_php":18,"tags":172,"homepage":178,"download_link":179,"security_score":119,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":30},"polylang-category-creator","Polylang Category Creator","1.5","merk_cat","https:\u002F\u002Fprofiles.wordpress.org\u002Fmerksk8\u002F","\u003Cp>This plugin allows to create categories for Posts, Woocommerce Products, or other taxonomies.\u003Cbr \u002F>\nIn the admin page, it detects your Polylang languages and builds a form to create the category for each language in the same page, creating all at same time.\u003C\u002Fp>\n\u003Cp>If having trouble post the issue on support section.\u003C\u002Fp>\n\u003Ch4>Available Fields\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Taxonomy (dropdown select)\u003C\u002Fli>\n\u003Cli>Parent Category (dropdown select)\u003C\u002Fli>\n\u003Cli>Category Name\u003C\u002Fli>\n\u003Cli>Category Slug\u003C\u002Fli>\n\u003Cli>Category description\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Catalan(New)\u003C\u002Fli>\n\u003C\u002Ful>\n","Polylang extension to create categories for all languages in one page. It detects your languages and taxonomies to get things done easier.",3745,"2017-12-06T15:09:00.000Z","4.9.29","4.6.1",[173,174,175,176,177],"bulk","multiple-categories","polylang","taxonomy","woocommerce","https:\u002F\u002Fgithub.com\u002Fmerksk8\u002FPolylang-Category-Creator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpolylang-category-creator.1.5.zip",{"slug":181,"name":182,"version":183,"author":184,"author_profile":185,"description":186,"short_description":187,"active_installs":11,"downloaded":188,"rating":49,"num_ratings":49,"last_updated":189,"tested_up_to":190,"requires_at_least":191,"requires_php":192,"tags":193,"homepage":198,"download_link":199,"security_score":106,"vuln_count":49,"unpatched_count":49,"last_vuln_date":38,"fetched_at":200},"archive-post-order-plus","Archive Post Order Plus","1.2.4","NBK45","https:\u002F\u002Fprofiles.wordpress.org\u002Fnbk45\u002F","\u003Cp>This plugin is a plugin that customizes the posting order below.\u003Cbr \u002F>\n– Your latest posts \u002F Settings – Reading Settings\u003Cbr \u002F>\n– Search results\u003Cbr \u002F>\n– Category\u003Cbr \u002F>\n– Tag\u003Cbr \u002F>\n– Custom Taxonomy\u003Cbr \u002F>\n– Custom Posts Archive\u003C\u002Fp>\n\u003Cp>このプラグインは、下記の投稿表示順をカスタマイズするプラグインです。\u003Cbr \u002F>\n・［設定］－［表示設定］の「最新の投稿」\u003Cbr \u002F>\n・検索結果\u003Cbr \u002F>\n・カテゴリー\u003Cbr \u002F>\n・タグ\u003Cbr \u002F>\n・カスタム分類\u003Cbr \u002F>\n・カスタム投稿アーカイブ\u003C\u002Fp>\n\u003Ch4>Specification\u003C\u002Fh4>\n\u003Cp>Select either 1) standard + custom field sort or 2) drag sort for the display order.\u003C\u002Fp>\n\u003Cp>［設定］－［表示設定］の「最新の投稿」、検索結果、カテゴリー、タグ、カスタム分類毎に投稿表示順を設定可能にします。\u003Cbr \u002F>\n表示順は 1）標準＋カスタムフィールドソート、2）ドラッグソートのどちらを選択します。\u003C\u002Fp>\n\u003Cp>1）Standard + custom field sort (標準＋カスタムフィールドソート)\u003Cbr \u002F>\nIn addition to the post update date, ID, title, and registration date, 4 custom fields (*) can be registered.\u003Cbr \u002F>\nSelect the post you want to enable and drag to set the order.\u003C\u002Fp>\n\u003Cp>*) Custom fields can be selected from existing custom fields or added for this plugin.\u003Cbr \u002F>\n*) When this plug-in is deleted, the added custom field will also be deleted.\u003C\u002Fp>\n\u003Cp>投稿の更新日、ID、タイトル、登録日に加え、4つのカスタムフィールド（※）が登録可能です。\u003Cbr \u002F>\n有効にしたい項目を選択しドラッグで順番を設定します。\u003C\u002Fp>\n\u003Cp>※）カスタムフィールドは、既存のカスタムフィールドから選択、もしくは本プラグイン用に追加可能です。\u003Cbr \u002F>\n（追加の場合は各投稿の専用入力フォームから登録します）\u003Cbr \u002F>\n※）本プラグインの削除時は、追加したカスタムフィールドも削除されます\u003C\u002Fp>\n\u003Cp>2）Drag sort (ドラッグソート)\u003Cbr \u002F>\nIn the list of posts displayed in the list, drag the posts to set the display order.\u003C\u002Fp>\n\u003Cp>リスト表示されてた投稿一覧で、投稿をドラッグし表示順を設定します。\u003C\u002Fp>\n","A plugin that sets the display order of posts. 投稿の表示順を設定するプラグイン。",1463,"2025-12-18T09:21:00.000Z","6.9.4","6.7","8.2",[194,195,196,197],"categories-post-order","custom-taxonomy-post-order","latest-posts-order","tags-post-order","https:\u002F\u002Fdevelop.n-k-y.net\u002Fwordpress\u002Fwp_plugin\u002Fapop\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchive-post-order-plus.1.2.4.zip","2026-04-06T09:54:40.288Z",{"attackSurface":202,"codeSignals":260,"taintFlows":319,"riskAssessment":473,"analyzedAt":495},{"hooks":203,"ajaxHandlers":254,"restRoutes":255,"shortcodes":256,"cronEvents":257,"entryPointCount":49,"unprotectedCount":49},[204,210,214,217,219,222,226,231,235,239,243,247,250],{"type":205,"name":206,"callback":207,"file":208,"line":209},"action","init","enl_newsletter_admin_init","admin\\admin.php",11,{"type":205,"name":211,"callback":212,"file":208,"line":213},"admin_menu","enl_newsletter_settings_init",15,{"type":205,"name":215,"callback":216,"file":208,"line":89},"admin_init","enl_newsletter_actions_handler",{"type":205,"name":215,"callback":218,"file":208,"line":107},"enl_newsletter_admin_style",{"type":205,"name":215,"callback":220,"file":208,"line":221},"enl_newsletter_admin_script",18,{"type":205,"name":223,"callback":224,"file":225,"line":107},"plugins_loaded","enl_newsletter_setup","enl_newsletter.php",{"type":227,"name":228,"callback":229,"file":225,"line":230},"filter","cron_schedules","enl_newsletter_intervals",19,{"type":205,"name":232,"callback":233,"file":225,"line":234},"enl_newsletter_cron","enl_newsletter_cron_hook",21,{"type":205,"name":236,"callback":237,"file":225,"line":238},"wp_print_styles","enl_newsletter_style",145,{"type":205,"name":240,"callback":241,"file":225,"line":242},"wp_print_scripts","enl_newsletter_script",148,{"type":205,"name":244,"callback":245,"file":225,"line":246},"widgets_init","enl_newsletter_widget_init",151,{"type":205,"name":206,"callback":248,"file":225,"line":249},"enl_newsletter_check_submit",152,{"type":227,"name":251,"callback":252,"file":225,"line":253},"wp_mail_content_type","anonymous",155,[],[],[],[258],{"hook":232,"callback":232,"file":225,"line":259},44,{"dangerousFunctions":261,"sqlUsage":265,"outputEscaping":278,"fileOperations":28,"externalRequests":49,"nonceChecks":49,"capabilityChecks":49,"bundledLibraries":318},[262],{"fn":263,"file":225,"line":253,"context":264},"create_function","add_filter('wp_mail_content_type',create_function('', 'return \"text\u002Fhtml\";'));",{"prepared":266,"raw":267,"locations":268},13,3,[269,272,274],{"file":225,"line":270,"context":271},97,"$wpdb->get_var() with variable interpolation",{"file":225,"line":273,"context":271},115,{"file":275,"line":276,"context":277},"include\\tools.php",49,"$wpdb->get_results() with variable interpolation",{"escaped":28,"rawEcho":279,"locations":280},20,[281,285,287,288,290,291,293,294,296,297,300,302,304,306,308,310,312,314,316,317],{"file":282,"line":283,"context":284},"admin\\meta_box.php",48,"raw output",{"file":282,"line":286,"context":284},112,{"file":282,"line":286,"context":284},{"file":282,"line":289,"context":284},120,{"file":282,"line":289,"context":284},{"file":282,"line":292,"context":284},129,{"file":282,"line":292,"context":284},{"file":282,"line":295,"context":284},140,{"file":282,"line":295,"context":284},{"file":298,"line":299,"context":284},"admin\\pages.php",81,{"file":298,"line":301,"context":284},127,{"file":298,"line":303,"context":284},157,{"file":305,"line":93,"context":284},"include\\list_table.php",{"file":305,"line":307,"context":284},102,{"file":309,"line":276,"context":284},"include\\widget.php",{"file":309,"line":311,"context":284},53,{"file":309,"line":313,"context":284},56,{"file":309,"line":315,"context":284},59,{"file":309,"line":93,"context":284},{"file":309,"line":91,"context":284},[],[320,335,343,374,388,401,410,419,433,446,458],{"entryPoint":321,"graph":322,"unsanitizedCount":14,"severity":55},"enl_newsletter_campaigns_page (admin\\pages.php:67)",{"nodes":323,"edges":333},[324,328],{"id":325,"type":326,"label":327,"file":298,"line":299},"n0","source","$_REQUEST['page']",{"id":329,"type":330,"label":331,"file":298,"line":299,"wp_function":332},"n1","sink","echo() [XSS]","echo",[334],{"from":325,"to":329,"sanitized":48},{"entryPoint":336,"graph":337,"unsanitizedCount":14,"severity":55},"enl_newsletter_subscribers_page (admin\\pages.php:143)",{"nodes":338,"edges":341},[339,340],{"id":325,"type":326,"label":327,"file":298,"line":303},{"id":329,"type":330,"label":331,"file":298,"line":303,"wp_function":332},[342],{"from":325,"to":329,"sanitized":48},{"entryPoint":344,"graph":345,"unsanitizedCount":28,"severity":79},"enl_newsletter_actions_handler (admin\\admin.php:65)",{"nodes":346,"edges":370},[347,350,354,358,363,365],{"id":325,"type":326,"label":348,"file":208,"line":349},"$_GET (x2)",70,{"id":329,"type":330,"label":351,"file":208,"line":352,"wp_function":353},"query() [SQLi]",71,"query",{"id":355,"type":326,"label":356,"file":208,"line":357},"n2","$_GET",78,{"id":359,"type":330,"label":360,"file":208,"line":361,"wp_function":362},"n3","get_row() [SQLi]",79,"get_row",{"id":364,"type":326,"label":356,"file":208,"line":242},"n4",{"id":366,"type":330,"label":367,"file":208,"line":368,"wp_function":369},"n5","wp_redirect() [Open Redirect]",149,"wp_redirect",[371,372,373],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},{"from":364,"to":366,"sanitized":48},{"entryPoint":375,"graph":376,"unsanitizedCount":28,"severity":79},"\u003Cadmin> (admin\\admin.php:0)",{"nodes":377,"edges":384},[378,379,380,381,382,383],{"id":325,"type":326,"label":348,"file":208,"line":349},{"id":329,"type":330,"label":351,"file":208,"line":352,"wp_function":353},{"id":355,"type":326,"label":356,"file":208,"line":357},{"id":359,"type":330,"label":360,"file":208,"line":361,"wp_function":362},{"id":364,"type":326,"label":356,"file":208,"line":242},{"id":366,"type":330,"label":367,"file":208,"line":368,"wp_function":369},[385,386,387],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},{"from":364,"to":366,"sanitized":48},{"entryPoint":389,"graph":390,"unsanitizedCount":400,"severity":79},"enl_campagins_number_meta_box (admin\\meta_box.php:38)",{"nodes":391,"edges":397},[392,394,395,396],{"id":325,"type":326,"label":356,"file":282,"line":393},43,{"id":329,"type":330,"label":360,"file":282,"line":259,"wp_function":362},{"id":355,"type":326,"label":356,"file":282,"line":393},{"id":359,"type":330,"label":331,"file":282,"line":283,"wp_function":332},[398,399],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},2,{"entryPoint":402,"graph":403,"unsanitizedCount":14,"severity":79},"enl_campagins_schedule_meta_box (admin\\meta_box.php:53)",{"nodes":404,"edges":408},[405,407],{"id":325,"type":326,"label":356,"file":282,"line":406},58,{"id":329,"type":330,"label":360,"file":282,"line":315,"wp_function":362},[409],{"from":325,"to":329,"sanitized":48},{"entryPoint":411,"graph":412,"unsanitizedCount":14,"severity":79},"enl_campagins_category_meta_box (admin\\meta_box.php:69)",{"nodes":413,"edges":417},[414,415],{"id":325,"type":326,"label":356,"file":282,"line":130},{"id":329,"type":330,"label":360,"file":282,"line":416,"wp_function":362},75,[418],{"from":325,"to":329,"sanitized":48},{"entryPoint":420,"graph":421,"unsanitizedCount":432,"severity":79},"enl_campagins_content_meta_box (admin\\meta_box.php:91)",{"nodes":422,"edges":429},[423,425,426,428],{"id":325,"type":326,"label":356,"file":282,"line":424},96,{"id":329,"type":330,"label":360,"file":282,"line":270,"wp_function":362},{"id":355,"type":326,"label":427,"file":282,"line":424},"$_GET (x4)",{"id":359,"type":330,"label":331,"file":282,"line":286,"wp_function":332},[430,431],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},5,{"entryPoint":434,"graph":435,"unsanitizedCount":445,"severity":79},"\u003Cmeta_box> (admin\\meta_box.php:0)",{"nodes":436,"edges":442},[437,438,439,441],{"id":325,"type":326,"label":427,"file":282,"line":393},{"id":329,"type":330,"label":360,"file":282,"line":259,"wp_function":362},{"id":355,"type":326,"label":440,"file":282,"line":393},"$_GET (x5)",{"id":359,"type":330,"label":331,"file":282,"line":283,"wp_function":332},[443,444],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},9,{"entryPoint":447,"graph":448,"unsanitizedCount":400,"severity":79},"enl_newsletter_add_new_page (admin\\pages.php:91)",{"nodes":449,"edges":455},[450,451,453,454],{"id":325,"type":326,"label":356,"file":298,"line":270},{"id":329,"type":330,"label":360,"file":298,"line":452,"wp_function":362},98,{"id":355,"type":326,"label":356,"file":298,"line":270},{"id":359,"type":330,"label":331,"file":298,"line":301,"wp_function":332},[456,457],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},{"entryPoint":459,"graph":460,"unsanitizedCount":28,"severity":79},"\u003Cpages> (admin\\pages.php:0)",{"nodes":461,"edges":469},[462,464,465,466,467,468],{"id":325,"type":326,"label":463,"file":298,"line":299},"$_REQUEST['page'] (x2)",{"id":329,"type":330,"label":331,"file":298,"line":299,"wp_function":332},{"id":355,"type":326,"label":356,"file":298,"line":270},{"id":359,"type":330,"label":360,"file":298,"line":452,"wp_function":362},{"id":364,"type":326,"label":356,"file":298,"line":270},{"id":366,"type":330,"label":331,"file":298,"line":301,"wp_function":332},[470,471,472],{"from":325,"to":329,"sanitized":48},{"from":355,"to":359,"sanitized":48},{"from":364,"to":366,"sanitized":48},{"summary":474,"deductions":475},"The 'enl-newsletter' plugin version 1.0.1 exhibits a concerning security posture, primarily due to a significant history of vulnerabilities and several red flags in the static analysis. While the plugin presents a relatively small attack surface with no apparent unprotected AJAX handlers, REST API routes, or shortcodes, the presence of the `create_function` dangerous function and a high percentage of unsanitized paths in taint analysis are critical concerns.  The output escaping is also severely lacking, with only 17% of outputs properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities.\n\nThe plugin's vulnerability history is particularly alarming, with four known CVEs, all of which remain unpatched, including a critical SQL injection and a CSRF vulnerability. This pattern of recurring and unaddressed vulnerabilities suggests a lack of commitment to secure coding practices and timely patching within the plugin's development. The existence of multiple critical and high-severity issues in past CVEs further amplifies the risk.\n\nIn conclusion, despite a seemingly limited direct attack surface, the 'enl-newsletter' plugin should be approached with extreme caution. The combination of poor output escaping, dangerous function usage, extensive unsanitized data flows, and a history of unpatched critical vulnerabilities makes it a significant security risk. Users are strongly advised to deactivate and seek alternative solutions until these issues are thoroughly addressed and verified.",[476,478,480,482,484,487,489,491,493],{"reason":477,"points":279},"Unpatched Critical CVE",{"reason":479,"points":107},"Unpatched High CVE",{"reason":481,"points":11},"Unpatched Medium CVE (x2)",{"reason":483,"points":266},"High severity taint flows (x9)",{"reason":485,"points":486},"Dangerous function: create_function",8,{"reason":488,"points":131},"Low output escaping percentage (17%)",{"reason":490,"points":213},"Unsanitized paths in taint analysis (11\u002F11)",{"reason":492,"points":11},"No nonce checks",{"reason":494,"points":11},"No capability checks","2026-03-17T01:24:16.825Z",{"wat":497,"direct":506},{"assetPaths":498,"generatorPatterns":501,"scriptPaths":502,"versionParams":503},[499,500],"\u002Fwp-content\u002Fplugins\u002Fenl-newsletter\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fenl-newsletter\u002Fjs\u002Fscript.js",[],[500],[504,505],"enl-newsletter\u002Fcss\u002Fstyle.css?ver=","enl-newsletter\u002Fjs\u002Fscript.js?ver=",{"cssClasses":507,"htmlComments":509,"htmlAttributes":510,"restEndpoints":512,"jsGlobals":513,"shortcodeOutput":514},[508],"enl_form",[],[511],"data-enl-id",[],[],[],{"error":516,"url":517,"statusCode":518,"statusMessage":519,"message":519},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fenl-newsletter\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":521},[522],{"version":523,"download_url":524,"svn_tag_url":525,"released_at":38,"has_diff":48,"diff_files_changed":526,"diff_lines":38,"trac_diff_url":38,"vulnerabilities":527,"is_current":48},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenl-newsletter.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fenl-newsletter\u002Ftags\u002F1.0.0\u002F",[],[528,529,530,531],{"id":34,"url_slug":35,"title":36,"severity":40,"cvss_score":41,"vuln_type":43,"patched_in_version":38},{"id":76,"url_slug":77,"title":36,"severity":79,"cvss_score":80,"vuln_type":43,"patched_in_version":38},{"id":51,"url_slug":52,"title":53,"severity":55,"cvss_score":56,"vuln_type":58,"patched_in_version":38},{"id":65,"url_slug":66,"title":67,"severity":55,"cvss_score":69,"vuln_type":58,"patched_in_version":38}]