[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frVe9xjfy3jQrFP_PoPyxSm1KG8shLAKnoZrIbT0lwDU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":149,"fingerprints":231},"host-header-injection-fix","Host Header Injection Fix","3.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>👉 Enables custom headers for WP email notifications\u003C\u002Fp>\n\u003Cp>👉 Also provides a “set it and forget it” security fix for WP \u003C 5.5\u003C\u002Fp>\n\u003Cp>👉 Uses only 50KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As of WordPress 5.5, this plugin no longer is necessary to fix the \u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">host-header security issue\u003C\u002Fa> reported in \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">Ticket #25239\u003C\u002Fa> \u003Cstrong>finally\u003C\u002Fstrong> is fixed, and mentioned in this post \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2020\u002F07\u002Fwordpress-5-5-beta-4\u002F\" rel=\"ugc\">WordPress 5.5 Beta 4\u003C\u002Fa>. Thank You WordPress devs!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is this plugin still useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Yes, it enables you to choose the “From”, “Name”, and “Return-Path” headers for all WP notification emails. And for versions of WordPress less than 5.5, this plugin continues to fix the host-header injection security issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This simple plugin does three things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sets custom From, Name, and Return-Path for WP notifications\u003C\u002Fli>\n\u003Cli>Fixes a security vulnerability in WordPress versions \u003C 5.5\u003C\u002Fli>\n\u003Cli>Fixes a bug where invalid email addresses may be generated (in WordPress versions \u003C 5.5)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Choose from the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use WordPress defaults (insecure for WP \u003C 5.5)\u003C\u002Fli>\n\u003Cli>Use “Email Address” from WP General Settings\u003C\u002Fli>\n\u003Cli>Use a custom name and address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plus there is an option to use the specified From address as the Return-Path header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The security issue fixed by this plugin has been known about since way back in WordPress version 2.3. There has been some talk about fixing, but nothing has been implemented. While the issue does not affect all sites, it does affect a good percentage of them, including some of my own projects. So, not wanting to get hacked, I decided to write my own solution. Hopefully this issue gets fixed in a future version of WordPress, and this plugin will become unnecessary.\u003C\u002Fp>\n\u003Cp>As a bonus, setting an explicit From address resolves a long-standing bug whereby an invalid email address is generated under the following conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A “From” address is not set, \u003C\u002Fli>\n\u003Cli>And the \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> is empty\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So by explicitly setting a “From” address, we prevent this bug from happening.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Issue\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>What is the security issue addressed by this plugin? Follows is a quick summary. To learn more in-depth, check out the resources linked in the next section.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP uses \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> to set the “From” header in email notifications\u003C\u002Fli>\n\u003Cli>This includes sensitive email notifications like password resets and user registration\u003C\u002Fli>\n\u003Cli>In some cases, an attacker could modify the “From” header and intercept the email\u003C\u002Fli>\n\u003Cli>Using the intercepted email, an attacker could gain access to your site and wreak havoc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Infos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This security vulnerability is well-known and has been around for a looong time. To learn more, check out these articles:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">WP Core Trac Ticket\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">Exploit Box Info\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.exploit-db.com\u002Fexploits\u002F41963\" rel=\"nofollow ugc\">Exploit Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Host Header Injection Fix is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Sets custom headers for WP notification emails. Also fixes a security issue with WP versions \u003C 5.5.",500,25319,100,6,"2026-01-29T19:57:00.000Z","6.9.4","4.7","5.6.20",[20,21,22,23,24],"email","headers","injection","notification","security","https:\u002F\u002Fperishablepress.com\u002Fhost-header-injection-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-header-injection-fix.3.5.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"specialk",30,1241610,98,328,78,"2026-04-05T16:34:40.930Z",[40,60,77,100,125],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":27,"num_ratings":27,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"update-notifier","Update Notifier","1.4.1","Jon Cave","https:\u002F\u002Fprofiles.wordpress.org\u002Fduck_\u002F","\u003Cp>If you don’t check your admin panel on your WordPress install very often (maybe because you prefer to use remote publishing) or you want to make sure\u003Cbr \u002F>\nthat your clients’ WordPress installations are updated, then this is the plugin for you. You don’t have to login to your admin panel regularly,\u003Cbr \u002F>\nsuscribe to an RSS feed, or do anything apart from installing this plugin to be notified when an update to WordPress is released.\u003C\u002Fp>\n\u003Cp>All you have to do is install Update Notifier and forget it until you receive an email telling you to update.\u003C\u002Fp>\n\u003Cp>To change Update Notifier’s options, go to Update Notifier under the main Settings menu. From there you can add a secondary email address\u003Cbr \u002F>\nwhich will also receive update notifications and you can activate update notifications for themes and plugins.\u003C\u002Fp>\n","Sends email notifications if a new version of WordPress available. Notifications about updates for plugins and themes can also be sent.",700,18097,"2010-09-20T12:13:00.000Z","3.0.5","3.0","",[55,20,23,24,56],"admin","upgrade","http:\u002F\u002Flionsgoroar.co.uk\u002Fwordpress\u002Fupdate-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notifier.1.4.1.zip",85,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":27,"num_ratings":27,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":53,"tags":73,"homepage":75,"download_link":76,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"second-factor","Second Factor","1.0","apokalyptik","https:\u002F\u002Fprofiles.wordpress.org\u002Fapokalyptik\u002F","\u003Cp>This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication.  The process goes like this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>A user logs into your blog.\n\u003Cul>\n\u003Cli>Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The user gets the email with the code.\u003C\u002Fli>\n\u003Cli>The user then enters the code at the page which is now presented to them when they are trying to access your blog\n\u003Cul>\n\u003Cli>Behind the scenes the token is checked for validity, and a cookie is added to the users session.  They are now allowed access to your blog.  If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Require secondary authentication for registered user access",10,1996,"2010-11-18T22:29:00.000Z","3.1.4","3.0.1",[74],"authentication-security-email-login-notification-factor","http:\u002F\u002Fwordpress.org\u002F#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecond-factor.1.0.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":27,"downloaded":85,"rating":13,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":97,"download_link":98,"security_score":99,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"unified","Unified – Email Log, Email Queue, Page cache and more","1.2.0","Daev.tech","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaevsupport\u002F","\u003Cp>Unified aims to provide standard functionality that almost all sites use or should use, such as page caching, clean responses, custom SMTP and good security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Our current features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email log\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Searchable list of email sent from the site, where emails content can be viewed, re-send and more.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Queue\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Never make the user wait for emails being sent by the system again, where it might fail\u003C\u002Fli>\n\u003Cli>Queue emails and send the emails in the background instead, with support for retrying when mails cant be sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page caching\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Very fast page caching – Just enable and we take care of the rest\u003C\u002Fli>\n\u003Cli>WooCommerce support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP setup\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Configure a custom SMTP server to send your emails through\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean-up\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Clean up the response generated by WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Configure security headers to make your site more safe\u003C\u002Fli>\n\u003Cli>Enable header X-Frame-Options\u003C\u002Fli>\n\u003Cli>Enable header X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Enable header Referrer-Policy\u003C\u002Fli>\n\u003Cli>Enable header Strict-Transport-Security (HSTS)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Our goal is to make the functionality simple, with high performance and low memory footprint, over the cost, which is that it can not support all the same features as the specialized plugins.\u003C\u002Fp>\n\u003Cp>But the argument here is that simplicity, high performance, low memory usage and easy setup is more important than frontend users gets served 10ms faster with the bloated specialized plugins.\u003C\u002Fp>\n\u003Cp>Having specialized plugins for common functional needs could seem like a good idea, but they are often over-engineered and bloated.\u003Cbr \u002F>\nEach plugin often has its own libraries loaded, configurations, files and more to make it work.\u003C\u002Fp>\n\u003Cp>So you have to configure them in different places and they may not even work well together.\u003C\u002Fp>\n\u003Cp>Also, having many plugins, tend to make to the admin section (\u002Fwp-admin) very slow, as it often loads the entire world in all plugins, each of them checking their licenses etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What if Unified doesnt support feature X that I need?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Unified does not intend to be the plugin with all functionality, but only the have the basics with high performance.\u003Cbr \u002F>\nBut we would appreciate your input, if you feel like something is missing. Please contact \u003Ca href=\"mailto:support@daev.tech\" rel=\"nofollow ugc\">support@daev.tech\u003C\u002Fa> for the details.\u003C\u002Fp>\n\u003Cp>As example, if you need another SMTP plugin with a certain feature set, you can just install that and disable it in Unified.\u003Cbr \u002F>\nWhen you disable features in Unified, you \u003Cstrong>really\u003C\u002Fstrong> disable it, so that it no longer loads anything.\u003C\u002Fp>\n\u003Ch3>Plan for Unified\u003C\u002Fh3>\n\u003Cp>We have great plans for Unified and many features planned already.\u003C\u002Fp>\n\u003Cp>Our ultimate vision for Unified, is that our users use Unified as a base plugin on their sites, to cover most of the standard functionality that most sites use.\u003C\u002Fp>\n","Unified is a plugin that combines functionalities that most sites use, all in one plugin, with a sharp focus on high performance and low memory usage.",2270,2,"2024-07-11T11:38:00.000Z","6.6.5","5.7","7.2",[92,93,94,95,96],"email-log","email-queue","page-caching","security-headers","smtp","https:\u002F\u002Fdaev.tech\u002Funified","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funified.1.2.0.zip",92,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":16,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":121,"download_link":122,"security_score":35,"vuln_count":123,"unpatched_count":27,"last_vuln_date":124,"fetched_at":29},"mailpoet","MailPoet – Newsletters, Email Marketing, and Automation","5.22.1","MailPoet","https:\u002F\u002Fprofiles.wordpress.org\u002Fmailpoet\u002F","\u003Cp>Use MailPoet to create, send, manage, and grow your email marketing campaigns – all without leaving your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Our newsletter builder integrates perfectly with WordPress so any website owner can create beautiful emails from scratch, or by using our responsive templates that display flawlessly across all devices.\u003C\u002Fp>\n\u003Cp>Schedule your newsletters, send them right away, or set up new blog post notifications to send automatically, in just a few clicks.\u003C\u002Fp>\n\u003Cp>Trusted by 500,000 WordPress websites since 2011.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With a free plan to get started, and scaling paid plans with enhanced functionality available, MailPoet is an email marketing solution suitable for both beginners and proficient email marketers.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002F\" rel=\"nofollow ugc\">Visit our website for more information on plans and pricing\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>All features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create and add a newsletter subscription form to your website\u003C\u002Fli>\n\u003Cli>Manage your subscribers and subscriber lists in WordPress\u003C\u002Fli>\n\u003Cli>Build and send newsletters with WordPress\u003C\u002Fli>\n\u003Cli>Create automatic emails to send new post notifications\u003C\u002Fli>\n\u003Cli>Send automated welcome emails\u003C\u002Fli>\n\u003Cli>Behavior and interest-based subscriber segmentation options\u003C\u002Fli>\n\u003Cli>Pre-built and customizable email and subscription form templates\u003C\u002Fli>\n\u003Cli>Multiple subscription form placements: below pages, fixed bar, popup, slide-in, shortcode, on exit intent\u003C\u002Fli>\n\u003Cli>WooCommerce emails: abandoned cart, first purchase, specific product, product category, order status change, review added\u003C\u002Fli>\n\u003Cli>Customize WooCommerce transactional emails\u003C\u002Fli>\n\u003Cli>Automate subscriber management (add\u002Fremove from list, add\u002Fremove tags, update subscriber data) (paid plan required)\u003C\u002Fli>\n\u003Cli>Create custom automation triggers and actions (paid plan required)\u003C\u002Fli>\n\u003Cli>Branch your automations with if\u002Felse conditions to improve engagement (paid plan required)\u003C\u002Fli>\n\u003Cli>Reliable email delivery with MailPoet Sending Service (available for free – plan required)\u003C\u002Fli>\n\u003Cli>Basic engagement statistics (available for free) and detailed engagement statistics (paid plan required)\u003C\u002Fli>\n\u003Cli>Multi-condition segmentation (paid plan required)\u003C\u002Fli>\n\u003Cli>Google Analytics integration (paid plan required)\u003C\u002Fli>\n\u003Cli>Support via our Knowledge Base and Community Forums (available for free), and Priority Customer Support (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why choose MailPoet\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use WordPress newsletter builder\u003C\u002Fli>\n\u003Cli>Beautiful templates that work perfectly across all devices\u003C\u002Fli>\n\u003Cli>No configuration needed: works out of the box\u003C\u002Fli>\n\u003Cli>Manage everything within your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Higher delivery rates with the MailPoet Sending Service\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>Free plan for small senders or those just starting out\u003C\u002Fli>\n\u003Cli>Advanced functionality available to help achieve growth.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce emails\u003C\u002Fh4>\n\u003Cp>Promote your business, sell more products, and enhance your customer service with MailPoet’s WooCommerce features.\u003C\u002Fp>\n\u003Cp>Use the automated email options to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Welcome your new customers when they make their first purchase\u003C\u002Fli>\n\u003Cli>Upsell by sending emails to customers who purchased a specific product or from a specific product category\u003C\u002Fli>\n\u003Cli>Convert more customers by sending a series of abandoned cart emails\u003C\u002Fli>\n\u003Cli>Re-engage customers who haven’t made a purchase in a while with personalized offers (paid plan required)\u003C\u002Fli>\n\u003Cli>Follow up with customers who left a review to encourage more engagement (paid plan required).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And with WooCommerce-specific segmentation options, you’ll be able to send targeted emails to your customers based on criteria such as their country, the number of orders they’ve placed, how much they’ve spent, and if they have an active product subscription (powered by \u003Cstrong>WooCommerce Subscriptions\u003C\u002Fstrong>) or membership (powered by \u003Cstrong>WooCommerce Memberships\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>In addition, you’ll also be able to increase brand recognition by customizing your WooCommerce transactional emails. Create a unified brand experience by changing the layout, colors, and fonts used in your emails, as well as adding any images or additional information to them.\u003C\u002Fp>\n\u003Ch4>MailPoet Sending Service\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>The MailPoet Sending Service is free if you only have a few subscribers, with scaling plans available thereafter. \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Read more.\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sending emails and newsletters with your host is not a good idea. You might face sending speed limitations and see your emails ending up in the spam box.\u003C\u002Fp>\n\u003Cp>To help your sending go without a hitch, we’ve created an advanced email delivery infrastructure built for WordPress. Our technology allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reach inboxes, not spam boxes\u003C\u002Fli>\n\u003Cli>Send your emails super fast (up to 50,000 emails per hour)\u003C\u002Fli>\n\u003Cli>Maintain your sender reputation and improve engagement levels with automated bounce and complaint handling. Stop sending to non-deliverable and complaining addresses, automatically\u003C\u002Fli>\n\u003Cli>Authenticate your emails (with SPF and DKIM) to improve deliverability and avoid spam boxes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The MailPoet Sending Service is very easy to set up, you just have to enter a key in your WordPress dashboard and you’re all set!\u003C\u002Fp>\n\u003Ch4>MailPoet plans and pricing\u003C\u002Fh4>\n\u003Cp>MailPoet is available to download for free. Our free download includes all of the features listed above (with the exception of those indicating a plan requirement) under the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Up to 1,000 subscribers\u003C\u002Fli>\n\u003Cli>MailPoet branding in emails\u003C\u002Fli>\n\u003Cli>Send emails with your own sending method (host, SendGrid, Amazon SES, etc).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Or if you opt for a MailPoet plan, you’ll get access to the MailPoet Sending Service.\u003C\u002Fp>\n\u003Cp>A free plan is available for those who want to get started with a few subscribers and would like to use the MailPoet Sending Service. And our paid plans offer features and functionality for those with larger lists who are looking to grow their business using email marketing.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fwww.mailpoet.com\u002Fpricing\" rel=\"nofollow ugc\">our pricing page\u003C\u002Fa> for full details on what’s included in each plan.\u003C\u002Fp>\n\u003Ch4>Before you install\u003C\u002Fh4>\n\u003Cp>Please note:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Multisite support is limited\u003C\u002Fli>\n\u003Cli>Review \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F152-minimum-requirements-for-mailpoet-3\" rel=\"nofollow ugc\">our minimum requirements\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Albanian\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Catalan\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003Cli>Danish\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>Dutch (Formal)\u003C\u002Fli>\n\u003Cli>French (Canada)\u003C\u002Fli>\n\u003Cli>French (France)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>German (Switzerland)\u003C\u002Fli>\n\u003Cli>German (Formal)\u003C\u002Fli>\n\u003Cli>Greek\u003C\u002Fli>\n\u003Cli>Hindi\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Japanese\u003C\u002Fli>\n\u003Cli>Polish\u003C\u002Fli>\n\u003Cli>Portuguese (Brazil)\u003C\u002Fli>\n\u003Cli>Portuguese (Portugal)\u003C\u002Fli>\n\u003Cli>Romanian\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>Serbian\u003C\u002Fli>\n\u003Cli>Slovak\u003C\u002Fli>\n\u003Cli>Spanish (Mexico)\u003C\u002Fli>\n\u003Cli>Spanish (Spain)\u003C\u002Fli>\n\u003Cli>Swedish\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003Cli>Ukrainian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We welcome experienced translators to translate directly on \u003Ca href=\"https:\u002F\u002Fwww.transifex.com\u002Fwysija\u002Fmp3\u002F\" rel=\"nofollow ugc\">our Transifex project\u003C\u002Fa>. Please note that any translations submitted via the “Translating WordPress” website will not work.\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmailpoet\u002Fmailpoet\u002F\" rel=\"nofollow ugc\">Our repository\u003C\u002Fa> is public on GitHub.\u003C\u002Fp>\n\u003Cp>Have a question for us? Reach us at security@ our domain, or report security issues to our \u003Ca href=\"https:\u002F\u002Fhackerone.com\u002Fautomattic\" rel=\"nofollow ugc\">Bug Bounty program\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Use of 3rd Party Services\u003C\u002Fh4>\n\u003Cp>MailPoet uses the following services that are necessary for its full functionality:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.com\u002F\" rel=\"nofollow ugc\">Translate WordPress.com\u003C\u002Fa> – used to download translations for the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To improve user experience, MailPoet may use the following 3rd party libraries if the \u003Cem>Load 3rd-party libraries\u003C\u002Fem> setting is enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffonts.google.com\u002F\" rel=\"nofollow ugc\">Google Fonts\u003C\u002Fa> – used in Form Editor which you can use to customize your forms, and in the Email Editor to style emails. This can be individually \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F332-how-to-disable-google-fonts\" rel=\"nofollow ugc\">disabled by a filter\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms?hl=en\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy?hl=en\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublic-api.wordpress.com\u002F\" rel=\"nofollow ugc\">WordPress.com\u003C\u002Fa> – used for searching in Knowledge Base with the help of AI.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002F\" rel=\"nofollow ugc\">Mixpanel\u003C\u002Fa> – used to send data about the usage of the MailPoet plugin when you \u003Ca href=\"https:\u002F\u002Fkb.mailpoet.com\u002Farticle\u002F130-sharing-your-data-with-us\" rel=\"nofollow ugc\">agree with sharing usage data with us\u003C\u002Fa>. \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fterms-of-use\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmixpanel.com\u002Flegal\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002F\" rel=\"nofollow ugc\">Satismeter\u003C\u002Fa> – used to ask for feedback. \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.satismeter.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002F\" rel=\"nofollow ugc\">Crowdsignal\u003C\u002Fa> – used to load our deactivation poll to improve our plugin. \u003Ca href=\"https:\u002F\u002Fcrowdsignal.com\u002Fterms\u002F\" rel=\"nofollow ugc\">TOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Loading all these libraries is disabled by default. The option can be enabled in the \u003Cem>MailPoet’s Settings > Advanced > Load 3rd-party libraries\u003C\u002Fem>.\u003C\u002Fp>\n","Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more",500000,63908206,88,1411,"2026-03-10T13:02:00.000Z","6.8","7.4",[116,117,118,119,120],"email-automation","email-marketing","newsletter","post-notification","woocommerce-emails","https:\u002F\u002Fwww.mailpoet.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailpoet.5.22.1.zip",3,"2025-03-06 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":145,"download_link":146,"security_score":59,"vuln_count":147,"unpatched_count":27,"last_vuln_date":148,"fetched_at":29},"aryo-activity-log","Activity Log – Monitor & Record User Changes","2.11.2","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cstrong>AN EASY TO USE & FULLY SUPPORTED WORDPRESS ACTIVITY LOG PLUGIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Want to monitor and track your WordPress website activity? Find out exactly who does what on your WordPress website with this plugin. Activity Log is like an airplane’s black box that logs every action in the WordPress admin, and lets you see exactly what users are doing on your WordPress website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If someone is trying to hack your site\u003C\u002Fli>\n\u003Cli>When a post was published, and who published it\u003C\u002Fli>\n\u003Cli>If a plugin\u002Ftheme was activated\u002Fdeactivated\u003C\u002Fli>\n\u003Cli>Suspicious admin activity\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s so essential; you’ll wonder how you ever managed your website without it. The plugin is also lightning fast and works behind the scenes, so it doesn\\’t affect site and admin performance. For optimal performance, we built the plugin so that it runs on a separate table in the database.\u003C\u002Fp>\n\u003Cp>If you have more than a handful of users, keeping track of who did what is virtually impossible. This plugin solves that issue by tracking what actions were initiated by which users, and displaying it in an easy-to-use and easy-to-filter view on the dashboard of your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New! Introducing Email Logging\u003C\u002Fstrong> – Capture all emails sent from your WordPress site for streamlined debugging and compliance. Gain better visibility into email communication, aiding both troubleshooting and record-keeping. This is particularly beneficial for WooCommerce stores, allowing you to easily track sent emails alongside other critical site events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Export to CSV\u003C\u002Fstrong> – Export your Activity Log data records to CSV. Developers can easily add support for custom data formats with our new dedicated Export API.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Privacy and GDPR Compliance\u003C\u002Fstrong> – We provide the tools to help you adhere to GDPR compliance standards, including Export\u002FErasure of data via the WordPress Privacy Tools.\u003C\u002Fp>\n\u003Ch3>With the Activity Log you can record:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress\u003C\u002Fstrong> – Core updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Posts\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pages\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tags\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Categories\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Taxonomies\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Menus\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Media\u003C\u002Fstrong> – Created, updated, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comments\u003C\u002Fstrong> – Created, approved, unapproved, trashed, untrashed, spammed, unspammed, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Users\u003C\u002Fstrong> – Login, logout, login failed, update profile, registered, deleted\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins\u003C\u002Fstrong> – Installed, updated, activated, deactivated, changed\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Themes\u003C\u002Fstrong> – Installed, updated, deleted, activated, changed (Editor and Customizer)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widgets\u003C\u002Fstrong> – Added to sidebar, deleted from sidebar, order widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Setting\u003C\u002Fstrong> – General, writing, reading, discussion, media, permalinks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options\u003C\u002Fstrong> – Extended custom settings for 3rd party plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export\u003C\u002Fstrong> – Exported activity log file\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce\u003C\u002Fstrong> – Track products, orders, customers, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>bbPress\u003C\u002Fstrong> – Forums, topics, replies, taxonomies, and other actions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Emails sent from WordPress site\u003C\u002Fstrong> – Sending successful, sending failed\u003C\u002Fli>\n\u003Cli>There’s more, of course, but you get the point…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For each event recorded by the activity log, the following details are also logged:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Date and time of occurrence\u003C\u002Fli>\n\u003Cli>User and user role responsible for the change\u003C\u002Fli>\n\u003Cli>Source IP address from which the change originated\u003C\u002Fli>\n\u003Cli>Affected object where the change occurred\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin doesn\\’t require any kind of setup; it works right out of the box (just another reason people love it)!\u003C\u002Fp>\n\u003Ch3>Data Storage and Performance Optimization\u003C\u002Fh3>\n\u003Cp>In order to ensure optimal performance of your website, all events and logs data are stored in a dedicated custom table within your WordPress database. This approach significantly reduces the impact on your website’s performance, ensuring seamless operation even during peak traffic periods.\u003C\u002Fp>\n\u003Ch3>Uninstall Clean-up\u003C\u002Fh3>\n\u003Cp>We understand the importance of maintaining a clean and efficient database environment. That’s why our plugin features an uninstall hook that seamlessly removes all traces of its presence from your website when uninstalling. This meticulous clean-up process ensures that your database remains lean and clutter-free even after our plugin has been removed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With our optimized data storage, thorough logging, and meticulous clean-up process, you can trust that our plugin will enhance the functionality and security of your WordPress site without compromising its performance.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What users have to say\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>“Its tools, particularly for data privacy and GDPR compliance, make it indispensable for websites operating within European Union boundaries or dealing with EU citizens’ data”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fblog.hubspot.com\u002Fwebsite\u002F8-best-plugins-tracking-user-activity-wordpress\" rel=\"nofollow ugc\">HubSpot.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“If you’re after a competent WP security audit log plugin with all the basic features you need, Activity Log is it!”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwpastra.com\u002Fplugins\u002Fwordpress-activity-log-plugins\u002F\" rel=\"nofollow ugc\">WPAstra.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log features a remarkably straightforward dashboard interface, providing administrators with an at-a-glance understanding of site interactions”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.malcare.com\u002Fblog\u002Fwordpress-activity-log\u002F\" rel=\"nofollow ugc\">Malcare.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Best 10 Free WordPress Plugins of the Month: Keeping tabs on what your users do with their access to the Dashboard”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fmanagewp.com\u002Fbest-free-wordpress-plugins-july-2014\" rel=\"nofollow ugc\">ManageWP.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Thanks to this step, we’ve discovered that our site was undergoing a brute force attack”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fartdriver.com\u002Fblog\u002Fwordpress-site-hacked-solution-time\" rel=\"nofollow ugc\">Artdriver.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Optimized code – The plugin itself is blazing fast and leaves almost no footprint on the server”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.freshtechtips.com\u002F2014\u002F01\u002Fbest-audit-trail-plugins-for-wordpress.html\" rel=\"nofollow ugc\">FreshTechTips.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Activity Log lets you track a huge range of activities. Overall, very easy to use and setup”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwww.elegantthemes.com\u002Fblog\u002Ftips-tricks\u002F5-best-ways-to-monitor-wordpress-activity-via-the-dashboard\" rel=\"nofollow ugc\">ElegantThemes.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributions:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Would you like to contribute to this plugin?\u003C\u002Fstrong> You’re more than welcome to submit your pull requests on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpojome\u002Factivity-log\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>. And, if you have any notes about the code, please open a ticket on the issue tracker.\u003C\u002Fp>\n","This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.",200000,3995902,86,74,"2024-11-12T14:55:00.000Z","6.7.5","6.0","7.0",[142,143,92,24,144],"activity-log","audit-log","user-log","https:\u002F\u002Factivitylog.io\u002F?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faryo-activity-log.2.11.2.zip",9,"2024-11-20 17:10:23",{"attackSurface":150,"codeSignals":201,"taintFlows":222,"riskAssessment":223,"analyzedAt":230},{"hooks":151,"ajaxHandlers":197,"restRoutes":198,"shortcodes":199,"cronEvents":200,"entryPointCount":27,"unprotectedCount":27},[152,158,163,167,171,175,179,182,186,189,193],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","admin_menu","add_menu","host-header-injection-fix.php",46,{"type":159,"name":160,"callback":161,"file":156,"line":162},"filter","admin_init","add_settings",47,{"type":153,"name":164,"callback":165,"file":156,"line":166},"admin_enqueue_scripts","admin_scripts",48,{"type":159,"name":168,"callback":169,"priority":68,"file":156,"line":170},"plugin_action_links","action_links",49,{"type":159,"name":172,"callback":173,"priority":68,"file":156,"line":174},"plugin_row_meta","plugin_links",50,{"type":159,"name":176,"callback":177,"priority":68,"file":156,"line":178},"admin_footer_text","footer_text",51,{"type":153,"name":160,"callback":180,"file":156,"line":181},"check_version",52,{"type":153,"name":183,"callback":184,"file":156,"line":185},"init","load_i18n",53,{"type":159,"name":187,"callback":187,"file":156,"line":188},"wp_mail_from",55,{"type":159,"name":190,"callback":191,"file":156,"line":192},"wp_mail_from_name","wp_mail_name",56,{"type":153,"name":194,"callback":195,"file":156,"line":196},"phpmailer_init","wp_return_path",57,[],[],[],[],{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":220,"bundledLibraries":221},[],{"prepared":27,"raw":27,"locations":204},[],{"escaped":206,"rawEcho":207,"locations":208},19,5,[209,212,214,216,218],{"file":156,"line":210,"context":211},269,"raw output",{"file":156,"line":213,"context":211},270,{"file":156,"line":215,"context":211},318,{"file":156,"line":217,"context":211},369,{"file":156,"line":219,"context":211},389,1,[],[],{"summary":224,"deductions":225},"The 'host-header-injection-fix' plugin v3.5 exhibits a strong security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the code signals indicate good development practices, with no dangerous functions used, all SQL queries being properly prepared, and a high percentage of output escaping. The plugin also avoids common risks like file operations and external HTTP requests.\n\nThe vulnerability history is equally encouraging, with zero known CVEs and no recorded past vulnerabilities. This suggests a well-maintained and secure codebase. The taint analysis also shows no concerning flows, reinforcing the confidence in the plugin's safety. \n\nWhile the analysis is positive, it's worth noting the lack of nonce checks and the single capability check. Although the attack surface is currently zero, if any new entry points were introduced without proper authentication and authorization, these could become a future concern. Overall, this plugin appears to be very secure and well-developed.",[226,228],{"reason":227,"points":207},"No nonce checks detected",{"reason":229,"points":123},"Low number of capability checks","2026-03-16T19:36:39.669Z",{"wat":232,"direct":238},{"assetPaths":233,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[234],"\u002Fwp-content\u002Fplugins\u002Fhost-header-injection-fix\u002F",[],[],[],{"cssClasses":239,"htmlComments":240,"htmlAttributes":241,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":244},[],[],[],[],[],[]]