[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIHQWCK-6LXQ0mktri8yUgPCouXi-abkDrR3LpM907ss":3,"$fP6PA3y5NX-UMZ0VEAj4zL4yJXafsBCudj1-72TuuyjY":233,"$fyvv5e1wOC8QAT1oSib49XHbOP_h6n8Y98MJlO_K34yY":237},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":32,"crawl_stats":28,"alternatives":39,"analysis":137,"fingerprints":212},"fay-emails-encoder","WP Emails Encoder","3.1.1",".fay","https:\u002F\u002Fprofiles.wordpress.org\u002Ffay-1\u002F","\u003Cp>Encode emails to avoid spams. Template to use [@encode@ email=”ilove@gmail.com” display=”Gmail Lover”]\u003C\u002Fp>\n\u003Cp>The encoded result (kind of \u003Ca href=”mailto:&#105&#108ў&#046com”>Gmail Lover\u003C\u002Fa>) is made undetectable by bad bots but still readable for browsers\u003C\u002Fp>\n\u003Cp>See screenshots for more details.\u003C\u002Fp>\n","Encode emails to avoid spams. Template to use [@encode@ email=\"ilove@gmail.com\" display=\"Gmail Lover\"]",60,5764,100,1,"2016-05-24T19:30:00.000Z","4.5.33","3.0","",[20,21,22,23],"email","encode","security","spam","http:\u002F\u002Ffaycaltirich.blogspot.com\u002F1979\u002F01\u002Ffay-emails-encoder-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffay-emails-encoder.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":26,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"fay-1",6,390,30,84,"2026-05-20T02:37:58.199Z",[40,57,76,97,118],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":13,"downloaded":48,"rating":27,"num_ratings":27,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":18,"tags":52,"homepage":55,"download_link":56,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dbd-mailto-encoder","DBD Mailto Encoder","1.1","dubhunter","https:\u002F\u002Fprofiles.wordpress.org\u002Fdubhunter\u002F","\u003Cp>Spam is one of the most frustrating things about the internet.\u003Cbr \u002F>\nAnd, even more frustrating is how spiders scrape blogs and other sites for email addresses to spam.\u003Cbr \u002F>\nWouldn’t it be nice if you could put mailto links just how you were taught, without fear of spiders?\u003Cbr \u002F>\nWell now you can! With this plugin, all mailto links will be filtered on display and converted to their unicode counterparts.\u003C\u002Fp>\n","Spam is one of the most frustrating things about the internet.",6661,"2010-05-03T17:37:00.000Z","2.9.2","2.0",[20,21,53,23,54],"mailto","spider","http:\u002F\u002Fwww.dontblinkdesign.com\u002Fwordpress-dbd-mailto-encoder","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdbd-mailto-encoder.1.1.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":13,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":74,"download_link":75,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"dm-confirm-email","DM Confirm Email","1.4","Michael","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonmhico\u002F","\u003Cp>Having so many spam registrations? Tired of getting fake users with fake emails? Good news! DM Confirm Email will solve your problems.\u003Cbr \u002F>\nDM Confirm Email will send a confirmation email and the only time it will actually “create” the account for the user if the email address is confirmed.\u003C\u002Fp>\n\u003Cp>Also allows you to send a welcome message to newly confirmed and created users which is great to give your new users initial instructions or other information that can be helpful to new users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdonmhi.co\u002Fprojects\u002Fdm-confirm-email\" rel=\"nofollow ugc\">DM Confirm Email\u003C\u002Fa> integrates seamlessly with wordpress registration system and uses all native registration hooks which allows all your current customization and plugins to the registration work.\u003C\u002Fp>\n\u003Ch4>Additional Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdonmhi.co\u002Fprojects\u002Fdm-confirm-email\u002F#demo\" rel=\"nofollow ugc\">See DM Confirm Email in action\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdm-confirm-email\" rel=\"ugc\">Review the plugin and let me know what you think!\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdm-confirm-email\" rel=\"ugc\">Have a question? Or found a bug?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdonmhi.co\u002Fprojects\u002Fdm-confirm-email\" rel=\"nofollow ugc\">For suggestions and ideas for future release. Comment here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fdonmhico\" rel=\"nofollow ugc\">Follow me @donMhico\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Reduce unwanted and spam registration.\u003C\u002Fli>\n\u003Cli>Verifies and confirms email addresses of user registrations.\u003C\u002Fli>\n\u003Cli>Customize the confirmation email that will be sent.\u003C\u002Fli>\n\u003Cli>Allows html email content.\u003C\u002Fli>\n\u003Cli>Resend confirmation email feature\u003C\u002Fli>\n\u003Cli>Define the number of days before the confirmation keys will be expired.\u003C\u002Fli>\n\u003Cli>Customize all warning and successful messages in the wordpress side.\u003C\u002Fli>\n\u003Cli>Ability to send welcome message to new users.\u003C\u002Fli>\n\u003Cli>Prevents waste of resources and web space by only creating user account to confirmed emails.\u003C\u002Fli>\n\u003Cli>Uses all the native registration hooks for more advanced customization.\u003C\u002Fli>\n\u003Cli>Seamless integration\u003C\u002Fli>\n\u003Cli>NEW! Ability to edit the email message containing the password of the new account that will be sent to the user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Future\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display all pending registrations that need confirmation on the Dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect your wordpress site with spam registration. DM Confirm Email requires new users to confirm their email addresses.",21904,82,7,"2014-03-11T14:27:00.000Z","3.7.41","3.6",[72,20,73,22,23],"confirm","registration","http:\u002F\u002Fdonmhi.co\u002Fprojects\u002Fdm-confirm-email\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdm-confirm-email.1.4.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":27,"num_ratings":27,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":95,"download_link":96,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"protect-my-infos","Protect My Infos","1.3.8","Yuga Web","https:\u002F\u002Fprofiles.wordpress.org\u002Fyugaweb\u002F","\u003Cp>\u003Cstrong>Protect My Infos\u003C\u002Fstrong> is a WordPress plugin designed to protect sensitive information, such as phone numbers and email addresses, by obfuscating or hiding them on the frontend of your site.\u003C\u002Fp>\n\u003Cp>Emails and phone numbers are encoded and hidden from bots, while visitors can interact with placeholders to reveal the information.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate sensitive information with placeholders, blur effects, or base64 encoding.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[protect_my_infos]\u003C\u002Fcode> shortcode for integration in posts or pages.\u003C\u002Fli>\n\u003Cli>Fully customizable settings for icons, colors, and reveal texts.\u003C\u002Fli>\n\u003Cli>Easy-to-use admin interface.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with the PayPal Donate API to facilitate donations via PayPal’s secure platform.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service Name\u003C\u002Fstrong>: PayPal Donate API\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: To provide a “Donate” button for collecting user donations securely via PayPal.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>Donation amount\u003C\u002Fli>\n\u003Cli>Currency\u003C\u002Fli>\n\u003Cli>PayPal Merchant ID\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When\u003C\u002Fstrong>: Data is sent to PayPal only when a user interacts with the “Donate” button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Links\u003C\u002Fstrong>:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Flegalhub-full\" rel=\"nofollow ugc\">PayPal Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Fwebapps\u002Fmpp\u002Fua\u002Fprivacy-full\" rel=\"nofollow ugc\">PayPal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: This plugin does not store or process sensitive personal information. All payment transactions are handled securely by PayPal’s platform.\u003C\u002Fp>\n","Protect sensitive information like emails and phone numbers from bots with advanced obfuscation techniques.",80,980,"2025-12-11T15:33:00.000Z","6.9.4","5.0","7.2",[91,92,93,94,22],"anti-spam","email-obfuscation","phone-number-protection","privacy","https:\u002F\u002Fwww.yugaweb.com\u002Fprotect-my-infos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-my-infos.1.3.8.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":13,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":89,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"validator-pizza","MailCheck.ai","1.3.0","tompec","https:\u002F\u002Fprofiles.wordpress.org\u002Ftompec\u002F","\u003Cp>\u003Cstrong>MailCheck.ai is now UserCheck.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fusercheck\u002F\" rel=\"ugc\">new version\u003C\u002Fa> of this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MailCheck.ai is a powerful WordPress plugin that prevents disposable or throwaway email addresses from registering or commenting on your site. This helps to protect your site from spam and maintain the quality of your user base.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically checks email addresses against a constantly updated database of disposable email domains\u003C\u002Fli>\n\u003Cli>Works out of the box with no configuration required\u003C\u002Fli>\n\u003Cli>No API key needed\u003C\u002Fli>\n\u003Cli>Caches results for improved performance\u003C\u002Fli>\n\u003Cli>Seamlessly integrates with WordPress registration and comment forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin uses the API provided by \u003Ca href=\"https:\u002F\u002Fwww.mailcheck.ai\" rel=\"nofollow ugc\">MailCheck.ai\u003C\u002Fa>, which is constantly updated to include the latest disposable email domains. This ensures your site stays protected against new disposable email providers.\u003C\u002Fp>\n\u003Cp>MailCheck.ai is free to use and starts working immediately after installation. No registration or configuration is required.\u003C\u002Fp>\n","Prevent disposable email addresses from registering or commenting on your site with MailCheck.ai.",4990,4,"2024-08-27T03:13:00.000Z","6.6.5","5.2",[111,112,22,113,114],"disposable-email","email-validation","spam-prevention","user-registration","https:\u002F\u002Fwww.mailcheck.ai","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvalidator-pizza.1.3.0.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":27,"num_ratings":27,"last_updated":128,"tested_up_to":129,"requires_at_least":88,"requires_php":89,"tags":130,"homepage":135,"download_link":136,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"mail-cloak","Mail Cloak","1.3.2","Rizonepress","https:\u002F\u002Fprofiles.wordpress.org\u002Frizonepress\u002F","\u003Cp>Mail Cloak is a comprehensive WordPress security plugin that provides enterprise-level protection for email addresses while offering advanced bot detection and automated threat monitoring. Using sophisticated encoding techniques and behavioral analysis, it protects your email addresses from spam bots and scrapers while maintaining perfect usability for legitimate visitors.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Email Protection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multiple Encoding Methods – Matrix encoding and HTML entities for optimal protection\u003C\u002Fli>\n\u003Cli>Timed Reveal Protection – Configurable delayed display with custom placeholder characters\u003C\u002Fli>\n\u003Cli>Smart Content Processing – Automatically protects emails in posts, pages, widgets, and page builders\u003C\u002Fli>\n\u003Cli>Button & Link Preservation – Maintains styling and functionality of page builder elements\u003C\u002Fli>\n\u003Cli>Universal Coverage – Works with Elementor, Divi, SeedProd, WPBakery, and all major page builders\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Bot Detection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multi-Layer Detection – 15+ sophisticated detection methods including user agent analysis, behavioral monitoring, and automation tool detection\u003C\u002Fli>\n\u003Cli>Intelligent Whitelist – Pre-configured whitelist for legitimate crawlers (Google, Bing, Facebook, WordPress tools)\u003C\u002Fli>\n\u003Cli>Real-Time Monitoring – Live bot activity tracking with detailed analytics dashboard\u003C\u002Fli>\n\u003Cli>Automated IP Blocking – Automatic blocking of malicious IPs with configurable thresholds\u003C\u002Fli>\n\u003Cli>Honeypot Traps – Optional invisible email traps for enhanced bot detection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security & Analytics:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive Dashboard – Real-time bot detection statistics with 7-day activity graphs\u003C\u002Fli>\n\u003Cli>Detection Method Analytics – Performance tracking for each detection method\u003C\u002Fli>\n\u003Cli>IP Management – Automatic IP blocking with 24-hour expiration and manual override\u003C\u002Fli>\n\u003Cli>Activity Logging – Detailed logs of all bot interactions and detection events\u003C\u002Fli>\n\u003Cli>Performance Optimized – Lightweight implementation with minimal server impact\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Bot Detection Methods\u003C\u002Fh4>\n\u003Col>\n\u003Cli>User Agent Analysis – Detects known bot signatures while allowing legitimate crawlers\u003C\u002Fli>\n\u003Cli>Behavioral Monitoring – Tracks mouse movement, keyboard input, and interaction patterns\u003C\u002Fli>\n\u003Cli>Speed Analysis – Identifies rapid page access and automated browsing patterns\u003C\u002Fli>\n\u003Cli>Browser Fingerprinting – Detects headless browsers and automation tools\u003C\u002Fli>\n\u003Cli>WebGL Analysis – Identifies suspicious graphics rendering signatures\u003C\u002Fli>\n\u003Cli>DOM Monitoring – Tracks programmatic element access and manipulation\u003C\u002Fli>\n\u003Cli>Network Timing – Analyzes page load characteristics and request patterns\u003C\u002Fli>\n\u003Cli>Automation Detection – Identifies Selenium, Puppeteer, PhantomJS, and similar tools\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Whitelisted Services (Default)\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Search Engines:\u003C\u002Fstrong> Google, Bing, Yahoo, Yandex, DuckDuckGo, Baidu\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Social Media:\u003C\u002Fstrong> Facebook, Twitter, LinkedIn\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Tools:\u003C\u002Fstrong> Jetpack, WP caches, monitoring services\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SEO Tools:\u003C\u002Fstrong> SEMrush, Ahrefs, Archive.org\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Legitimate Services:\u003C\u002Fstrong> Uptime monitors, analytics tools, news aggregators\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Business websites with contact information\u003C\u002Fli>\n\u003Cli>E-commerce sites with customer service emails\u003C\u002Fli>\n\u003Cli>Professional directories and member listings\u003C\u002Fli>\n\u003Cli>High-traffic websites requiring advanced security\u003C\u002Fli>\n\u003Cli>Sites targeted by email scrapers and spam bots\u003C\u002Fli>\n\u003Cli>WordPress sites needing comprehensive bot protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Enterprise Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Three-Tab Admin Interface – Email Protection, Bot Detection, and Analytics Dashboard\u003C\u002Fli>\n\u003Cli>Customizable Whitelist – Add or remove allowed crawlers and services\u003C\u002Fli>\n\u003Cli>Automated Threat Response – Configurable IP blocking with smart thresholds\u003C\u002Fli>\n\u003Cli>Real-Time Analytics – Live monitoring with detailed detection breakdowns\u003C\u002Fli>\n\u003Cli>Professional Dashboard – Color-coded statistics and activity graphs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Support & Documentation:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For detailed documentation, tutorials, and support, visit \u003Ca href=\"https:\u002F\u002Frizonepress.com\" rel=\"nofollow ugc\">Rizonepress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enterprise-level bot detection and prevention\u003C\u002Fli>\n\u003Cli>Automated threat response with IP blocking\u003C\u002Fli>\n\u003Cli>Real-time security monitoring and analytics\u003C\u002Fli>\n\u003Cli>Comprehensive protection against email scraping\u003C\u002Fli>\n\u003Cli>Advanced behavioral analysis and fingerprinting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Compatibility:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress 5.0+ (tested up to 6.7)\u003C\u002Fli>\n\u003Cli>PHP 7.2+ required\u003C\u002Fli>\n\u003Cli>All major themes and page builders\u003C\u002Fli>\n\u003Cli>Multisite compatible\u003C\u002Fli>\n\u003Cli>GDPR compliant (no personal data collection)\u003C\u002Fli>\n\u003C\u002Ful>\n","Advanced email protection with intelligent bot detection and automated security monitoring for WordPress websites.",40,620,"2025-05-28T23:21:00.000Z","6.8.5",[91,131,132,133,134],"bot-detection","email-cloaking","email-security","spam-protection","https:\u002F\u002Frizonepress.com\u002Fplugins\u002Fmail-cloak","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmail-cloak.1.3.2.zip",{"attackSurface":138,"codeSignals":163,"taintFlows":176,"riskAssessment":204,"analyzedAt":211},{"hooks":139,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":27,"unprotectedCount":27},[140,146,150,155],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","admin_menu","add_admin_menu","fay-emails-encoder.php",17,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_init","add_email_encoder_js",18,{"type":151,"name":152,"callback":153,"file":144,"line":154},"filter","media_buttons_context","add_media_button_helper",19,{"type":151,"name":156,"callback":157,"file":144,"line":158},"the_content","antispambot_filter",22,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":14,"bundledLibraries":175},[],{"prepared":27,"raw":27,"locations":166},[],{"escaped":27,"rawEcho":168,"locations":169},2,[170,173],{"file":144,"line":171,"context":172},66,"raw output",{"file":144,"line":174,"context":172},67,[],[177,195],{"entryPoint":178,"graph":179,"unsanitizedCount":14,"severity":194},"options_page (fay-emails-encoder.php:59)",{"nodes":180,"edges":191},[181,186],{"id":182,"type":183,"label":184,"file":144,"line":185},"n0","source","$_POST['fee_active']",63,{"id":187,"type":188,"label":189,"file":144,"line":185,"wp_function":190},"n1","sink","update_option() [Settings Manipulation]","update_option",[192],{"from":182,"to":187,"sanitized":193},false,"low",{"entryPoint":196,"graph":197,"unsanitizedCount":27,"severity":194},"\u003Cfay-emails-encoder> (fay-emails-encoder.php:0)",{"nodes":198,"edges":201},[199,200],{"id":182,"type":183,"label":184,"file":144,"line":185},{"id":187,"type":188,"label":189,"file":144,"line":185,"wp_function":190},[202],{"from":182,"to":187,"sanitized":203},true,{"summary":205,"deductions":206},"The \"fay-emails-encoder\" plugin v3.1.1 exhibits a generally strong security posture based on the provided static analysis. The plugin has no known CVEs, zero recorded vulnerabilities, and a small attack surface with no apparent unprotected entry points like AJAX handlers, REST API routes, or shortcodes.  The code also demonstrates good practices by not performing file operations or external HTTP requests, and all SQL queries are secured with prepared statements.\n\nHowever, there are significant concerns regarding output escaping and taint analysis. A concerning 100% of the identified output points are not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the data originates from untrusted sources. Furthermore, the taint analysis reveals one flow with an unsanitized path, which, while not classified as critical or high severity, warrants attention as it indicates a potential pathway for malicious data to be processed without proper validation.\n\nThe lack of any vulnerability history is a positive indicator, suggesting the developers have a history of producing secure code or have effectively addressed past issues. However, the presence of unescaped output and unsanitized taint flows in this version are notable weaknesses that should be addressed to maintain this strong record.",[207,209],{"reason":208,"points":34},"Outputs not properly escaped",{"reason":210,"points":106},"Flows with unsanitized paths","2026-03-16T21:41:02.898Z",{"wat":213,"direct":219},{"assetPaths":214,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[215],"\u002Fwp-content\u002Fplugins\u002Ffay-emails-encoder\u002Femail-encoder.js",[],[215],[],{"cssClasses":220,"htmlComments":221,"htmlAttributes":223,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":230},[],[222],"\u003C!-- Last Action -->",[224,225,226,227],"id=\"email-encoder\"","name=\"fee_active\"","value=\"yes\"","name=\"fee_submit\"",[],[],[231,232],"\u003Ca href=\"mailto:","\">",{"error":203,"url":234,"statusCode":235,"statusMessage":236,"message":236},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Ffay-emails-encoder\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":168,"versions":238},[239,246],{"version":240,"download_url":241,"svn_tag_url":242,"released_at":28,"has_diff":193,"diff_files_changed":243,"diff_lines":28,"trac_diff_url":244,"vulnerabilities":245,"is_current":193},"2.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffay-emails-encoder.2.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffay-emails-encoder\u002Ftags\u002F2.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Ffay-emails-encoder%2Ftags%2F1.0&new_path=%2Ffay-emails-encoder%2Ftags%2F2.5",[],{"version":247,"download_url":248,"svn_tag_url":249,"released_at":28,"has_diff":193,"diff_files_changed":250,"diff_lines":28,"trac_diff_url":28,"vulnerabilities":251,"is_current":193},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffay-emails-encoder.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Ffay-emails-encoder\u002Ftags\u002F1.0\u002F",[],[]]