[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2tGI4hqB9ArnqykJHj5piHv-aiJ_L92QEmQR3Mp_G28":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":75},"gf-upload-to-email-attachment","GF Upload to Email Attachment","2.3.2","WP CMS Ninja","https:\u002F\u002Fprofiles.wordpress.org\u002Fbilliardgreg\u002F","\u003Cp>Gravity Forms was built to be able to store all uploaded files to the server and email you a link.  There are times that you need to have that file get attached to the notification email.  You can now tick a checkbox in the notifications area to specify whether or not you want the file attached. If multiple files you are then able to have it attempt to zip before sending too.\u003C\u002Fp>\n\u003Cp>Works with both single and multiple upload boxes as well as multiiple notifiations.  I left the old GFUEA and GFUEANZ designations in the name for people still using it.\u003C\u002Fp>\n","This allows you to create a notification in gravity forms of an email that would send with the files being uploaded by that form as an attachment.",600,15363,98,11,"2020-03-11T14:18:00.000Z","5.3.21","4.2.2","",[],"http:\u002F\u002Fwpcms.ninja\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgf-upload-to-email-attachment.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"billiardgreg",4,680,89,9,86,"2026-04-04T18:32:08.038Z",[],{"attackSurface":37,"codeSignals":62,"taintFlows":70,"riskAssessment":71,"analyzedAt":74},{"hooks":38,"ajaxHandlers":58,"restRoutes":59,"shortcodes":60,"cronEvents":61,"entryPointCount":23,"unprotectedCount":23},[39,46,50,54],{"type":40,"name":41,"callback":42,"priority":43,"file":44,"line":45},"filter","gform_notification","GFUEA_custom_notification_attachments",10,"gf-upload-to-email-attachment.php",12,{"type":40,"name":47,"callback":48,"priority":43,"file":44,"line":49},"gform_confirmation","gfuea_clean_zips",60,{"type":40,"name":51,"callback":52,"priority":43,"file":44,"line":53},"gform_notification_ui_settings","gf_upload_notification_setting",124,{"type":40,"name":55,"callback":56,"priority":43,"file":44,"line":57},"gform_pre_notification_save","gf_upload_notification_save",141,[],[],[],[],{"dangerousFunctions":63,"sqlUsage":64,"outputEscaping":66,"fileOperations":68,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":69},[],{"prepared":23,"raw":23,"locations":65},[],{"escaped":23,"rawEcho":23,"locations":67},[],2,[],[],{"summary":72,"deductions":73},"Based on the provided static analysis and vulnerability history, the \"gf-upload-to-email-attachment\" v2.3.2 plugin exhibits a strong security posture. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code analysis reveals no dangerous functions, all SQL queries are prepared, and output is properly escaped, indicating adherence to secure coding practices. The lack of any recorded vulnerabilities, past or present, is a highly positive indicator of the plugin's reliability and security. The plugin also does not bundle any external libraries, which can sometimes introduce vulnerabilities if they are outdated or have known exploits. \n\nWhile the static analysis shows zero total flows and zero flows with unsanitized paths, it's important to note that the scope of the taint analysis might be limited if there are no complex data flows or user-controllable inputs processed. The presence of file operations, though not flagged as a direct risk in this analysis, warrants careful consideration in a broader security review, as improper handling can lead to vulnerabilities. The lack of nonce and capability checks on any identified entry points is not a concern here because there are no entry points identified at all.\n\nIn conclusion, this plugin appears to be very secure based on the data. Its minimal attack surface, clean code signals regarding SQL and output handling, and a complete absence of vulnerability history are significant strengths. The primary area for potential, though unconfirmed, concern would be the precise implementation of the file operations if they involve user-supplied data, but without further information, this remains speculative. Overall, the plugin demonstrates a strong commitment to security.",[],"2026-03-16T19:26:35.857Z",{"wat":76,"direct":82},{"assetPaths":77,"generatorPatterns":79,"scriptPaths":80,"versionParams":81},[78],"\u002Fwp-content\u002Fplugins\u002Fgf-upload-to-email-attachment\u002Fgf-upload-to-email-attachment.php",[],[],[],{"cssClasses":83,"htmlComments":84,"htmlAttributes":85,"restEndpoints":92,"jsGlobals":93,"shortcodeOutput":94},[],[],[86,87,88,89,90,91],"name=\"gfu_attach_upload_to_email\"","name=\"gfu_zip_attachment\"","name=\"gfu_delete_files\"","for=\"gfu_attach_upload_to_email\"","for=\"gfu_zip_attachment\"","for=\"gfu_delete_files\"",[],[],[]]