[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fS75lMhH0_3F6JbjrCudiNWSSJDx5pA9lzwxEa_DoPRQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":97,"crawl_stats":38,"alternatives":105,"analysis":202,"fingerprints":429},"mail-subscribe-list","Mail Subscribe List","2.1.10","Richard Leishman","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfwd\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fappsumo.com\u002Fsearch?tags=wordpress&utm_source=sumo&utm_medium=wp-widget&utm_campaign=mail-subscribe-list\" rel=\"nofollow ugc\">Check out the latest WordPress deals for your site.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This is a \u003Cstrong>simple plugin\u003C\u002Fstrong> that allows visitors to enter their name and email address on your website, the visitors details are then added to the subscribers list which is available to view and modify in the WordPress admin area.\u003C\u002Fp>\n\u003Cp>This plugin can be used not only for Mailing List subscriptions but can be used generally for collecting email address and\u002For peoples names that are visiting your website.\u003C\u002Fp>\n\u003Cp>The name\u002Femail form can not only be customised but can also be displayed on any WordPress page by using either the ‘Subscribe Widget’, WordPress shortcode [smlsubform] or from your WordPress theme by calling the php function.\u003C\u002Fp>\n\u003Cp>I developed this plugin as I could not find any plugin that simply allows users to submit their name and email address to a simple list viewable in the WordPress admin, all the plugins that I found had lots of extra features such as 3rd party integration, mass emailing and double opt-in, my clients do not need any of these features.\u003C\u002Fp>\n\u003Ch4>Extra Options\u003C\u002Fh4>\n\u003Cp>I have developed some customizable options that allow you to change the way the plugin is displayed.\u003C\u002Fp>\n\u003Cp>Below is an explanation of what each option does:-\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“prepend”     ->  Adds a paragraph of text just inside the top of the form.\u003C\u002Fli>\n\u003Cli>“showname”    ->  If true, this with show the name label and input field for capturing the users name.\u003C\u002Fli>\n\u003Cli>“nametxt”     ->  Text that is displayed to the left of the name input field.\u003C\u002Fli>\n\u003Cli>“nameholder”  ->  Text that is displayed inside the name input box as a place holder.\u003C\u002Fli>\n\u003Cli>“emailtxt”    ->  Text that is displayed to the left of the email input field.\u003C\u002Fli>\n\u003Cli>“emailholder” ->  Text that is displayed inside the email input box as a place holder.\u003C\u002Fli>\n\u003Cli>“showsubmit”  ->  If true, this with show the submit button, return required to submit form.\u003C\u002Fli>\n\u003Cli>“submittxt”   ->  Text\u002Fvalue that will be displayed on the form submit button.\u003C\u002Fli>\n\u003Cli>“jsthanks”    ->  If true, this will display a JavaScript Alert Thank You message instead of a paragraph above the form.\u003C\u002Fli>\n\u003Cli>“thankyou”    ->  Thank you message that will be displayed when someone subscribes. (Will not show if blank)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Extra Options – How to Use (Short Code Method)\u003C\u002Fh4>\n\u003Cp>Short codes can be used simply putting the code into your wordpress page, here is an example of the shortcode in use.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[smlsubform prepend=\"\" showname=true nametxt=\"Name:\" nameholder=\"Name...\" emailtxt=\"Email:\" emailholder=\"Email Address...\" showsubmit=true submittxt=\"Submit\" jsthanks=false thankyou=\"Thank you for subscribing to our mailing list\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Extra Options – How to Use (PHP Method)\u003C\u002Fh4>\n\u003Cp>The PHP method can be used by putting the following PHP code into your WordPress theme, here is an example of php code for your template.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$args = array(\n'prepend' => '', \n'showname' => true,\n'nametxt' => 'Name:', \n'nameholder' => 'Name...', \n'emailtxt' => 'Email:',\n'emailholder' => 'Email Address...', \n'showsubmit' => true, \n'submittxt' => 'Submit', \n'jsthanks' => false,\n'thankyou' => 'Thank you for subscribing to our mailing list'\n);\necho smlsubform($args);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Simple customizable plugin that displays a name\u002Femail form where visitors can submit their information, manageable in the WordPress admin.",4000,183620,88,60,"2023-08-08T02:23:00.000Z","6.2.9","3.0","",[20,21,22,23,24],"email","list","mail","newsletter","subscribe","http:\u002F\u002Fwww.webfwd.co.uk\u002Fpackages\u002Fwordpress-hosting\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmail-subscribe-list.2.1.10.zip",55,5,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[33,47,58,71,84],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-58018","mail-subscribe-list-authenticated-contributor-stored-cross-site-scripting","Mail Subscribe List \u003C= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.1.10","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:29:54",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1fce3120-1e50-464f-bfa9-a9260e47afa2?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":53,"updated_date":54,"references":55,"days_to_patch":57},"CVE-2023-23657","mail-subscribe-list-authenticated-contributor-stored-cross-site-scripting-via-smlsubform-shortcode","Mail Subscribe List \u003C= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via smlsubform shortcode","The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘smlsubform’ shortcode in versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.1.9","2023-04-20 00:00:00","2024-01-22 19:56:02",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F55b39859-b8a0-418b-ae7a-cd42d6e0bf00?source=api-prod",278,{"id":59,"url_slug":60,"title":61,"description":62,"plugin_slug":4,"theme_slug":38,"affected_versions":63,"patched_in_version":64,"severity":40,"cvss_score":65,"cvss_vector":66,"vuln_type":43,"published_date":67,"updated_date":54,"references":68,"days_to_patch":70},"WF-75424878-5976-4dc6-8a09-8eb46a7425b8-mail-subscribe-list","mail-subscribe-list-stored-cross-site-scripting","Mail Subscribe List \u003C= 2.1.6 - Stored Cross-Site Scripting","The plugin Mail Subscribe List for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.1.6","2.1.7",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-05-26 00:00:00",[69],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F75424878-5976-4dc6-8a09-8eb46a7425b8?source=api-prod",607,{"id":72,"url_slug":73,"title":74,"description":75,"plugin_slug":4,"theme_slug":38,"affected_versions":76,"patched_in_version":77,"severity":78,"cvss_score":79,"cvss_vector":80,"vuln_type":81,"published_date":67,"updated_date":54,"references":82,"days_to_patch":70},"CVE-2022-1603","mail-subscribe-list-cross-site-request-forgery","Mail Subscribe List \u003C= 2.1.3 - Cross-Site Request Forgery","The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list","\u003C2.1.4","2.1.4","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)",[83],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd10a0372-1ab3-474e-8d5c-33f71fddfe06?source=api-prod",{"id":85,"url_slug":86,"title":87,"description":88,"plugin_slug":4,"theme_slug":38,"affected_versions":89,"patched_in_version":90,"severity":40,"cvss_score":91,"cvss_vector":92,"vuln_type":43,"published_date":93,"updated_date":54,"references":94,"days_to_patch":96},"CVE-2013-10026","mail-subscribe-list-unauthenticated-stored-cross-site-scripting","Mail Subscribe List \u003C= 2.0.9 - Unauthenticated Stored Cross-Site Scripting","The Mail Subscribe List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sml_name' and 'sml_email' parameters in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.0.9","2.1",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2014-08-01 00:00:00",[95],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9d0782ef-b74e-4540-a11d-280e432fc127?source=api-prod",3462,{"slug":98,"display_name":7,"profile_url":8,"plugin_count":99,"total_installs":100,"avg_security_score":101,"avg_patch_time_days":102,"trust_score":103,"computed_at":104},"webfwd",3,4080,75,1239,62,"2026-04-04T15:14:23.685Z",[106,132,153,169,188],{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":126,"download_link":127,"security_score":128,"vuln_count":129,"unpatched_count":130,"last_vuln_date":131,"fetched_at":31},"newsletters-lite","Newsletters","4.13","Tribulant Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontrid\u002F","\u003Cp>A full-featured WordPress newsletter plugin created by \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Tribulant\u003C\u002Fa> for WordPress which fulfills all subscribers, emails, marketing and newsletter related needs for both personal and business environments.\u003C\u002Fp>\n\u003Cp>It has robust, efficient and unique features! This is an all-in-one newsletter tool for your WordPress site can be configured to behave as desired and it will provide the best experience for your email subscribers at the same time.\u003C\u002Fp>\n\u003Cp>The software works the way you do so you can focus on creating newsletters and giving your website the necessary exposure!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Some of the features in the WordPress Newsletter plugin include (see PRO Version section below to view the limitations of this LITE version):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Mailing Lists \u003C\u002Fli>\n\u003Cli>Bounce Email Management \u003C\u002Fli>\n\u003Cli>Newsletter Queue & Scheduling \u003C\u002Fli>\n\u003Cli>Newsletter Templates \u003C\u002Fli>\n\u003Cli>Drag & Drop Newsletter & Template Builder \u003C\u002Fli>\n\u003Cli>Complete Email History \u003C\u002Fli>\n\u003Cli>Unlimited Sidebar Widgets \u003C\u002Fli>\n\u003Cli>Post\u002FPage Opt-In Embedding \u003C\u002Fli>\n\u003Cli>Subscription Forms Builder \u003C\u002Fli>\n\u003Cli>Offsite Subscription Forms \u003C\u002Fli>\n\u003Cli>Publish Newsletter as a Post \u003C\u002Fli>\n\u003Cli>Send Post as a Newsletter \u003C\u002Fli>\n\u003Cli>Add Email Attachments \u003C\u002Fli>\n\u003Cli>SMTP Authentication \u003C\u002Fli>\n\u003Cli>Ajax Powered Features \u003C\u002Fli>\n\u003Cli>Import\u002FExport Subscribers \u003C\u002Fli>\n\u003Cli>Paid Subscriptions (PayPal & 2Checkout) \u003C\u002Fli>\n\u003Cli>Integrates with our Banner Rotator plugin \u003C\u002Fli>\n\u003Cli>WordPress Multisite Compatible \u003C\u002Fli>\n\u003Cli>Email Tracking \u003C\u002Fli>\n\u003Cli>IP Logging of Subscribers \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v2 \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA v3 \u003C\u002Fli>\n\u003Cli>hCaptcha \u003C\u002Fli>\n\u003Cli>Cloudflare Turnstile \u003C\u002Fli>\n\u003Cli>Really Simple CAPTCHA \u003C\u002Fli>\n\u003Cli>Newsletter Themes \u003C\u002Fli>\n\u003Cli>POP\u002FIMAP Bounce Handling \u003C\u002Fli>\n\u003Cli>Latest Posts Subscriptions \u003C\u002Fli>\n\u003Cli>Single\u002FMultiple Posts into Emails \u003C\u002Fli>\n\u003Cli>Bitly click tracking \u003C\u002Fli>\n\u003Cli>Autoresponders \u003C\u002Fli>\n\u003Cli>Newsletters by conditions \u003C\u002Fli>\n\u003Cli>Multilingual (qTranslate & WPML) \u003C\u002Fli>\n\u003Cli>Custom Post Types \u003C\u002Fli>\n\u003Cli>Custom Fields \u003C\u002Fli>\n\u003Cli>Link\u002Fclick tracking \u003C\u002Fli>\n\u003Cli>DKIM Signature \u003C\u002Fli>\n\u003Cli>WordPress Dashboard Widget \u003C\u002Fli>\n\u003Cli>and much more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the newsletter subscribe forms builder in action:\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FZHbXN72eqmU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Demo and Support\u003C\u002Fh4>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Ftribulant.net\u002Fnewsletter\u002F\" rel=\"nofollow ugc\">online demonstration\u003C\u002Fa> and view the \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-mailing-list-plugin\u002F31\u002F\" rel=\"nofollow ugc\">online documentation\u003C\u002Fa> for tips, tricks, guides, and more.\u003C\u002Fp>\n\u003Ch4>Extensions\u003C\u002Fh4>\n\u003Cp>There are many free and paid extension plugins for the WordPress Newsletter plugin. All extensions work with both Newsletters LITE and Newsletters PRO, no problem.\u003C\u002Fp>\n\u003Cp>Some extensions include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F42\u002Fwoocommerce-subscribers\" rel=\"nofollow ugc\">WooCommerce Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F28\u002Fcontact-form-7-subscribers\" rel=\"nofollow ugc\">Contact Form 7 Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F46\u002Fgoogle-analytics\" rel=\"nofollow ugc\">Google Analytics Tracking\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F6\u002Fembedded-images\" rel=\"nofollow ugc\">Embedded Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F26\u002Ftotal-ms-control\" rel=\"nofollow ugc\">Total MS Control\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F17\u002Fgravity-forms-subscribers\" rel=\"nofollow ugc\">Gravity Forms Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F16\u002Fformidable-subscribers\" rel=\"nofollow ugc\">Formidable Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F43\u002Fdigital-access-pass\" rel=\"nofollow ugc\">Digital Access Pass Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F36\u002Ftotal-control\" rel=\"nofollow ugc\">Total Control\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F32\u002Fs2member-subscribers\" rel=\"nofollow ugc\">s2Member Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fextensions\u002Fview\u002F31\u002Fwp-emember-subscribers\" rel=\"nofollow ugc\">WP eMember Subscribers\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fextensions\u002F1\u002Fwordpress-newsletter-plugin\" rel=\"nofollow ugc\">Visit the Newsletters extensions page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Email\u002FNewsletter Templates\u003C\u002Fh4>\n\u003Cp>Included with the newsletter plugin are several premade email\u002Fnewsletter templates.\u003C\u002Fp>\n\u003Cp>Shop our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Femailthemes\u002F\" title=\"newsletter templates\" rel=\"nofollow ugc\">newsletter templates\u003C\u002Fa> for more variety and high quality, premium, responsive newsletter templates.\u003C\u002Fp>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>All language files and the instructions to use them are in \u003Ca href=\"https:\u002F\u002Fpoeditor.com\u002Fjoin\u002Fproject\u002Fb31cab38f30cec409424dc273a131183\" rel=\"nofollow ugc\">POEditor\u003C\u002Fa>. Anyone can join the project to add languages and contribute translations for strings.\u003C\u002Fp>\n\u003Cp>Thank you for these wonderful people who contributed in translating the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Afrikaans (af_ZA) by \u003Ca href=\"https:\u002F\u002Fwww.contrid.co.za\" rel=\"nofollow ugc\">Antonie Potgieter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German (de_DE) by Peter Schonmann\u003C\u002Fli>\n\u003Cli>Greek (el_GR) by \u003Ca href=\"https:\u002F\u002Fwww.aio.gr\" rel=\"nofollow ugc\">Harris Karanikolas | AiO Systems Information\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) by Juan Llamosas\u003C\u002Fli>\n\u003Cli>French (fr_FR) by Kim Gjerstad\u003C\u002Fli>\n\u003Cli>Hungarian (hu_HU) by \u003Ca href=\"https:\u002F\u002Fwww.idsign.hu\" rel=\"nofollow ugc\">iD Sign | Gergely Almasi\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian (it_IT) by \u003Ca href=\"https:\u002F\u002Fwww.playcodestudio.com\" rel=\"nofollow ugc\">Matteo Galli | Playcode\u003C\u002Fa>, Johnny\u003C\u002Fli>\n\u003Cli>Lithuanian (lt_LT) by Tomas\u003C\u002Fli>\n\u003Cli>Dutch (nl_NL) by \u003Ca href=\"https:\u002F\u002Fwww.webzenz.nl\" rel=\"nofollow ugc\">Ronald de Caluwe | WebZenz\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Brazilian Portuguese (pt_BR) by Vitor Argos\u003C\u002Fli>\n\u003Cli>Portuguese (pt_PT) by wordpress.mowster.net\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO) by \u003Ca href=\"https:\u002F\u002Frichardconsulting.ro\" rel=\"nofollow ugc\">Richard Vencu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Swedish (sv_SE) by Tomas Lindhoff\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) by Sersah Namoglu\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Offsite HTML Code\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003Cscript type=\"text\u002Fjavascript\"> var wpmlAjax = \"' . $this -> url() . '\u002F' . $this -> plugin_name . '-ajax.php\"; \u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . $this -> url() . '\u002Fjs\u002Fwp-mailinglist.js\">\u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . get_option('siteurl') . '\u002Fwp-includes\u002Fjs\u002Fscriptaculous\u002Fprototype.js\">\u003C\u002Fscript>\n\u003Cscript type=\"text\u002Fjavascript\" src=\"' . get_option('siteurl') . '\u002Fwp-includes\u002Fjs\u002Fscriptaculous\u002Fscriptaculous.js?load=effects\">\u003C\u002Fscript>'\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>API Example\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u003C?php\n$url = 'https:\u002F\u002Fexample.com\u002Fwp-admin\u002Fadmin-ajax.php?action=newsletters_api';\n$data = array(\n    'api_method'        =>   'subscriber_add',\n    'api_key'           =>   '37C1D6053E817212348E507D29CCCE49',\n    'api_data'          =>   array(\n        'email'             => \"email@example.com\",\n        'list_id'           =>   array(1,2,3),\n    )\n);\n\n$data_string = wp_json_encode($data);\n\n$ch = curl_init($url);\ncurl_setopt($ch, CURLOPT_POST, true);\ncurl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);\ncurl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\ncurl_setopt($ch, CURLOPT_HTTPHEADER, array(\n    'Content-Type: application\u002Fjson',\n    'Content-Length: ' . strlen($data_string))\n);\n\n$result = json_decode(curl_exec($ch));\ncurl_close($ch);\n?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>PRO Version\u003C\u002Fh4>\n\u003Cp>The Newsletters LITE version has nearly all of the features that the PRO version has but it has some limitations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One mailing list.\u003C\u002Fli>\n\u003Cli>500 max subscribers.\u003C\u002Fli>\n\u003Cli>Send up to 1000 emails per month.\u003C\u002Fli>\n\u003Cli>Mail Type: Local Server and SMTP. No API integration with our \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fdocs\u002Fwordpress-mailing-list-plugin\u002F10570\u002Fsending-apis\u002F\" rel=\"nofollow ugc\">mail service providers\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>The “Drag & Drop Newsletter & Template Builder” cannot be used.\u003C\u002Fli>\n\u003Cli>Limited to Really Simple CAPTCHA and Google reCAPTCHA v2. The rest (reCAPTCHA v3, hCaptcha, Cloudflare Turnstile) cannot be used.\u003C\u002Fli>\n\u003Cli>No new custom dynamic fields can be added but you can edit current ones.\u003C\u002Fli>\n\u003Cli>No Resend button for emails and for the Send Manage Subscription Email link.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These limits should be sufficient for a personal blogger or a small business.\u003C\u002Fp>\n\u003Cp>To remove these limits, you can upgrade to the PRO version and submit your serial key inside the plugin.\u003Cbr \u002F>\nOr, download, install, and activate the PRO version from our website under Downloads, and then add your serial key. This is the preferred method. After installing the PRO version, you can safely deactivate and delete the LITE version without losing your data.\u003C\u002Fp>\n\u003Cp>In addition to the limits being removed, you will receive \u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">priority support\u003C\u002Fa> from \u003Ca href=\"https:\u002F\u002Ftribulant.com\" rel=\"nofollow ugc\">Tribulant\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F1\u002Fwordpress-newsletter-plugin\" rel=\"nofollow ugc\">Visit the Newsletters PRO page\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>3rd-Party Services\u003C\u002Fh4>\n\u003Cp>Our plugin makes use of some 3rd-party services or APIs to provide you with the latest technology and functionality. Here is a list of the services:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Postmark Spam Check API (https:\u002F\u002Fspamcheck.postmarkapp.com\u002F) – Fetch the spam score of an email\u002Fnewsletter\u003C\u002Fli>\n\u003Cli>IPEcho (https:\u002F\u002Fipecho.net\u002F) – Get the current mail exchange IP address\u003C\u002Fli>\n\u003Cli>IPLocate (https:\u002F\u002Fwww.iplocate.io\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003Cli>HostIP.info (https:\u002F\u002Fwww.hostip.info\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003Cli>geoPlugin (https:\u002F\u002Fwww.geoplugin.com\u002F) – To get the country of a user by IP address\u003C\u002Fli>\n\u003C\u002Ful>\n","Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.",2000,299778,94,244,"2026-02-03T21:15:00.000Z","6.9.4","3.8",[122,20,123,124,125],"bulk-email","mailing-list","newsletters","subscribers","https:\u002F\u002Ftribulant.com\u002Fplugins\u002Fview\u002F1\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnewsletters-lite.zip",76,26,0,"2025-12-31 00:00:00",{"slug":133,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":130,"num_ratings":130,"last_updated":18,"tested_up_to":142,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":149,"download_link":150,"security_score":151,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":152},"phplist-comment-subscriber","WP PHPList Comment Subscriber","1.0","jesseheap","https:\u002F\u002Fprofiles.wordpress.org\u002Fjesseheap\u002F","\u003Cp>This wordpress plugin gives users the option to subscribe to your \u003Ca href=\"http:\u002F\u002Fwww.phplist.com\u002F\" rel=\"nofollow ugc\">PHPList newsletter\u003C\u002Fa> when adding comments to your blog. It requires PHPLIST newsletter manager to work.\u003C\u002Fp>\n\u003Cp>It adds a checkbox with customizable text which gives the user the option of automatically being subscribed to your PHPLIST managed newsletter.  This integration provides another channel for capturing well-targeted newsletter opt-ins.\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>See an example of this plugin at \u003Ca href=\"http:\u002F\u002Fblog.pinkcakebox.com\u002Fyorkie-rehearsal-cake-2010-06-26.htm#comments\u002F\" title=\"Yorkie Groom's Cake\" rel=\"nofollow ugc\">Wedding Cake Newsletter Demo\u003C\u002Fa>\u003C\u002Fp>\n","This wordpress plugin gives users the option to subscribe to your PHPList newsletter when adding comments to your blog",10,2027,"3.1.4","2.0.2",[145,146,147,148],"comment-subscriber","email-newsletter","integration","phplist","http:\u002F\u002Fprojects.jesseheap.com\u002Fall-projects\u002Fwordpress-plugin-phplist-comment-subscriber\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphplist-comment-subscriber.zip",100,"2026-03-15T10:48:56.248Z",{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":130,"downloaded":161,"rating":130,"num_ratings":130,"last_updated":162,"tested_up_to":119,"requires_at_least":163,"requires_php":164,"tags":165,"homepage":167,"download_link":168,"security_score":151,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"cn-blog-mailer","CN Blog Mailer","3.1","creativenoesis","https:\u002F\u002Fprofiles.wordpress.org\u002Fcreativenoesis\u002F","\u003Cp>CN Blog Mailer is a lightweight, easy-to-use newsletter plugin that automatically sends your latest blog posts to subscribers. Perfect for bloggers who want to keep their audience engaged without the complexity of third-party email marketing services.\u003C\u002Fp>\n\u003Cp>Build your mailing list with customizable subscription forms, schedule automated email notifications, and track delivery – all from your WordPress dashboard.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automated Newsletters\u003C\u002Fstrong> – Schedule automatic newsletters with your latest posts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Unlimited Subscribers\u003C\u002Fstrong> – No subscriber limits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subscriber Management\u003C\u002Fstrong> – Easy-to-use subscriber list management\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subscription Forms\u003C\u002Fstrong> – Add subscribe forms anywhere with \u003Ccode>[cnbm_subscribe_form]\u003C\u002Fcode> shortcode\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Templates\u003C\u002Fstrong> – Email template customization (Colors, Fonts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Send Log\u003C\u002Fstrong> – Track all sent emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cron Monitoring\u003C\u002Fstrong> – Monitor your automated sending jobs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Sending\u003C\u002Fstrong> – Send newsletters on demand\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Emails\u003C\u002Fstrong> – Preview newsletters before sending\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable Queue System\u003C\u002Fstrong> – Handle large subscriber lists efficiently\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Bloggers who want to notify subscribers of new posts\u003C\u002Fli>\n\u003Cli>Small businesses sharing updates\u003C\u002Fli>\n\u003Cli>Content creators building an audience\u003C\u002Fli>\n\u003Cli>Anyone wanting simple email automation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Activate the plugin\u003C\u002Fli>\n\u003Cli>Configure your sending preferences\u003C\u002Fli>\n\u003Cli>Add the subscription form to your site\u003C\u002Fli>\n\u003Cli>Subscribers receive automatic newsletters with your latest posts\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit  \u003Ca href=\"https:\u002F\u002Fcreativenoesis.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">Creative Noesis Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>CN Blog Mailer stores subscriber information (email addresses, names, subscription dates) in your WordPress database. No data is sent to external services unless you configure an SMTP service.\u003C\u002Fp>\n\u003Cp>When subscribers use the unsubscribe link, they can opt to delete all their data.\u003C\u002Fp>\n\u003Cp>If you delete the plugin and choose to remove data, all subscriber information will be permanently deleted from your database.\u003C\u002Fp>\n","Simple automated newsletter plugin for WordPress. Automatically email your latest blog posts to subscribers with scheduled newsletters, subscription f &hellip;",229,"2026-02-13T08:34:00.000Z","5.8","7.4",[20,166,123,23,125],"email-notifications","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcn-blog-mailer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcn-blog-mailer.zip",{"slug":170,"name":171,"version":172,"author":173,"author_profile":174,"description":175,"short_description":176,"active_installs":130,"downloaded":177,"rating":130,"num_ratings":130,"last_updated":178,"tested_up_to":179,"requires_at_least":180,"requires_php":181,"tags":182,"homepage":185,"download_link":186,"security_score":187,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"maillister","MailLister","1.0.0","Ofek Nakar","https:\u002F\u002Fprofiles.wordpress.org\u002Fofeknakar01\u002F","\u003Cp>Mail Lister provide an easy solution to marketing system,\u003Cbr \u002F>\nyou can easily save and collect customers or visitors emails\u003Cbr \u002F>\nand inside Mail Lister dashboard,you can send customized html5 emails\u003Cbr \u002F>\nto you customers,our goal is to provide simple way to marketing emails,\u003Cbr \u002F>\nall you need is to customize your newsletter with html5 and css you can\u003Cbr \u002F>\neven add images or gifs, when you done you can edit your shorcode, copy it\u003Cbr \u002F>\nand paste it on the page you wish to display MailLister form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to install \u003C\u002Fli>\n\u003Cli>Easy to edit\u002Fmanage\u003C\u002Fli>\n\u003Cli>Genrate more Leads\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>A brief Example\u003C\u002Fh3>\n\u003Cp>Installation:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Activate\u003C\u002Fli>\n\u003Cli>Navigate to Mail Lister Menu\u003C\u002Fli>\n\u003Cli>Customize your shortcode\u003C\u002Fli>\n\u003Cli>Copy & paste the short code on any page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Hello,Hola,Shalom from MapleWP :), if there any need or support issue,you can reach us via\u003Cbr \u002F>\nWebsite \u003Ca href=\"https:\u002F\u002Fmaple-wp.com\u002F\" rel=\"nofollow ugc\">maple-wp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>MailLister\u003C\u002Fstrong> \u003Cem>MapleWP\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Mail Lister provide an easy solution to marketing system,",1070,"2022-06-22T07:55:00.000Z","5.9.13","4.7","7.0",[20,183,22,23,184],"email-list","subscriber","\u002FEmailLister","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmaillister.1.0.0.zip",85,{"slug":189,"name":190,"version":135,"author":191,"author_profile":192,"description":193,"short_description":10,"active_installs":130,"downloaded":194,"rating":130,"num_ratings":130,"last_updated":195,"tested_up_to":196,"requires_at_least":197,"requires_php":198,"tags":199,"homepage":200,"download_link":201,"security_score":187,"vuln_count":130,"unpatched_count":130,"last_vuln_date":38,"fetched_at":31},"nord-sub-news","Nord Sub News","nord07","https:\u002F\u002Fprofiles.wordpress.org\u002Fnord07\u002F","\u003Cp>This is a \u003Cstrong>simple plugin\u003C\u002Fstrong> that allows visitors to enter their name and email address on your website, the visitors details are then added to the subscribers list which is available to view and modify in the WordPress admin area.\u003C\u002Fp>\n\u003Cp>This plugin can be used not only for Mailing List subscriptions but can be used generally for collecting email address and\u002For peoples names that are visiting your website.\u003C\u002Fp>\n\u003Cp>The name\u002Femail form can not only be customised but can also be displayed on any WordPress page by using either the ‘Subscribe Widget’\u003C\u002Fp>\n",1065,"2019-03-13T12:19:00.000Z","5.1.22","4.3","5.3",[20,21,22,23,24],"http:\u002F\u002Fwww.google.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnord-sub-news.zip",{"attackSurface":203,"codeSignals":227,"taintFlows":258,"riskAssessment":416,"analyzedAt":428},{"hooks":204,"ajaxHandlers":220,"restRoutes":221,"shortcodes":222,"cronEvents":226,"entryPointCount":29,"unprotectedCount":130},[205,211,215],{"type":206,"name":207,"callback":208,"file":209,"line":210},"action","admin_menu","register_sml_menu","sml.php",58,{"type":206,"name":212,"callback":213,"file":209,"line":214},"admin_init","sml_export_csv",59,{"type":216,"name":217,"callback":218,"priority":219,"file":209,"line":151},"filter","widget_text","do_shortcode",11,[],[],[223],{"tag":224,"callback":224,"file":209,"line":225},"smlsubform",97,[],{"dangerousFunctions":228,"sqlUsage":229,"outputEscaping":238,"fileOperations":29,"externalRequests":130,"nonceChecks":29,"capabilityChecks":230,"bundledLibraries":257},[],{"prepared":219,"raw":230,"locations":231},2,[232,236],{"file":233,"line":234,"context":235},"index.php",99,"$wpdb->get_results() with variable interpolation",{"file":209,"line":237,"context":235},304,{"escaped":239,"rawEcho":240,"locations":241},57,7,[242,245,247,249,251,253,255],{"file":233,"line":243,"context":244},158,"raw output",{"file":209,"line":246,"context":244},241,{"file":209,"line":248,"context":244},243,{"file":209,"line":250,"context":244},245,{"file":209,"line":252,"context":244},261,{"file":209,"line":254,"context":244},264,{"file":209,"line":256,"context":244},309,[],[259,277,359],{"entryPoint":260,"graph":261,"unsanitizedCount":130,"severity":276},"\u003Cindex> (index.php:0)",{"nodes":262,"edges":273},[263,268],{"id":264,"type":265,"label":266,"file":233,"line":267},"n0","source","$_GET['page'] (x3)",12,{"id":269,"type":270,"label":271,"file":233,"line":267,"wp_function":272},"n1","sink","echo() [XSS]","echo",[274],{"from":264,"to":269,"sanitized":275},true,"low",{"entryPoint":278,"graph":279,"unsanitizedCount":130,"severity":276},"sml_subscribe_widget_control (sml.php:108)",{"nodes":280,"edges":347},[281,284,287,291,293,297,299,303,305,309,311,315,317,321,323,327,329,333,335,339,341,345],{"id":264,"type":265,"label":282,"file":209,"line":283},"$_POST['sml_subscribe_widget_title']",111,{"id":269,"type":270,"label":285,"file":209,"line":283,"wp_function":286},"update_option() [Settings Manipulation]","update_option",{"id":288,"type":265,"label":289,"file":209,"line":290},"n2","$_POST['sml_subscribe_widget_prepend']",112,{"id":292,"type":270,"label":285,"file":209,"line":290,"wp_function":286},"n3",{"id":294,"type":265,"label":295,"file":209,"line":296},"n4","$_POST['sml_subscribe_widget_jsthanks']",113,{"id":298,"type":270,"label":285,"file":209,"line":296,"wp_function":286},"n5",{"id":300,"type":265,"label":301,"file":209,"line":302},"n6","$_POST['sml_subscribe_widget_thankyou']",114,{"id":304,"type":270,"label":285,"file":209,"line":302,"wp_function":286},"n7",{"id":306,"type":265,"label":307,"file":209,"line":308},"n8","$_POST['sml_subscribe_widget_showname']",115,{"id":310,"type":270,"label":285,"file":209,"line":308,"wp_function":286},"n9",{"id":312,"type":265,"label":313,"file":209,"line":314},"n10","$_POST['sml_subscribe_widget_nametxt']",116,{"id":316,"type":270,"label":285,"file":209,"line":314,"wp_function":286},"n11",{"id":318,"type":265,"label":319,"file":209,"line":320},"n12","$_POST['sml_subscribe_widget_nameholder']",117,{"id":322,"type":270,"label":285,"file":209,"line":320,"wp_function":286},"n13",{"id":324,"type":265,"label":325,"file":209,"line":326},"n14","$_POST['sml_subscribe_widget_emailtxt']",118,{"id":328,"type":270,"label":285,"file":209,"line":326,"wp_function":286},"n15",{"id":330,"type":265,"label":331,"file":209,"line":332},"n16","$_POST['sml_subscribe_widget_emailholder']",119,{"id":334,"type":270,"label":285,"file":209,"line":332,"wp_function":286},"n17",{"id":336,"type":265,"label":337,"file":209,"line":338},"n18","$_POST['sml_subscribe_widget_showsubmit']",120,{"id":340,"type":270,"label":285,"file":209,"line":338,"wp_function":286},"n19",{"id":342,"type":265,"label":343,"file":209,"line":344},"n20","$_POST['sml_subscribe_widget_submittxt']",121,{"id":346,"type":270,"label":285,"file":209,"line":344,"wp_function":286},"n21",[348,349,350,351,352,353,354,355,356,357,358],{"from":264,"to":269,"sanitized":275},{"from":288,"to":292,"sanitized":275},{"from":294,"to":298,"sanitized":275},{"from":300,"to":304,"sanitized":275},{"from":306,"to":310,"sanitized":275},{"from":312,"to":316,"sanitized":275},{"from":318,"to":322,"sanitized":275},{"from":324,"to":328,"sanitized":275},{"from":330,"to":334,"sanitized":275},{"from":336,"to":340,"sanitized":275},{"from":342,"to":346,"sanitized":275},{"entryPoint":360,"graph":361,"unsanitizedCount":130,"severity":276},"\u003Csml> (sml.php:0)",{"nodes":362,"edges":402},[363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,389,394,397],{"id":264,"type":265,"label":282,"file":209,"line":283},{"id":269,"type":270,"label":285,"file":209,"line":283,"wp_function":286},{"id":288,"type":265,"label":289,"file":209,"line":290},{"id":292,"type":270,"label":285,"file":209,"line":290,"wp_function":286},{"id":294,"type":265,"label":295,"file":209,"line":296},{"id":298,"type":270,"label":285,"file":209,"line":296,"wp_function":286},{"id":300,"type":265,"label":301,"file":209,"line":302},{"id":304,"type":270,"label":285,"file":209,"line":302,"wp_function":286},{"id":306,"type":265,"label":307,"file":209,"line":308},{"id":310,"type":270,"label":285,"file":209,"line":308,"wp_function":286},{"id":312,"type":265,"label":313,"file":209,"line":314},{"id":316,"type":270,"label":285,"file":209,"line":314,"wp_function":286},{"id":318,"type":265,"label":319,"file":209,"line":320},{"id":322,"type":270,"label":285,"file":209,"line":320,"wp_function":286},{"id":324,"type":265,"label":325,"file":209,"line":326},{"id":328,"type":270,"label":285,"file":209,"line":326,"wp_function":286},{"id":330,"type":265,"label":331,"file":209,"line":332},{"id":334,"type":270,"label":285,"file":209,"line":332,"wp_function":286},{"id":336,"type":265,"label":337,"file":209,"line":338},{"id":340,"type":270,"label":285,"file":209,"line":338,"wp_function":286},{"id":342,"type":265,"label":343,"file":209,"line":344},{"id":346,"type":270,"label":285,"file":209,"line":344,"wp_function":286},{"id":386,"type":265,"label":387,"file":209,"line":388},"n22","$_POST",281,{"id":390,"type":270,"label":391,"file":209,"line":392,"wp_function":393},"n23","get_row() [SQLi]",284,"get_row",{"id":395,"type":265,"label":387,"file":209,"line":396},"n24",280,{"id":398,"type":270,"label":399,"file":209,"line":400,"wp_function":401},"n25","query() [SQLi]",287,"query",[403,404,405,406,407,408,409,410,411,412,413,414,415],{"from":264,"to":269,"sanitized":275},{"from":288,"to":292,"sanitized":275},{"from":294,"to":298,"sanitized":275},{"from":300,"to":304,"sanitized":275},{"from":306,"to":310,"sanitized":275},{"from":312,"to":316,"sanitized":275},{"from":318,"to":322,"sanitized":275},{"from":324,"to":328,"sanitized":275},{"from":330,"to":334,"sanitized":275},{"from":336,"to":340,"sanitized":275},{"from":342,"to":346,"sanitized":275},{"from":386,"to":390,"sanitized":275},{"from":395,"to":398,"sanitized":275},{"summary":417,"deductions":418},"The \"mail-subscribe-list\" plugin version 2.1.10 exhibits a mixed security posture.  On the positive side, the static analysis reveals good coding practices, with a high percentage of SQL queries using prepared statements and output properly escaped.  The attack surface is also relatively small and appears to have limited unprotected entry points based on the provided data. Nonce and capability checks are present, which are crucial for securing WordPress functionalities.\n\nHowever, the plugin's history of known vulnerabilities is a significant concern.  The presence of 5 known CVEs, with 1 currently unpatched and categorized as high severity, indicates a recurring pattern of security weaknesses.  The historical vulnerability types, including Cross-Site Scripting and Cross-Site Request Forgery, suggest potential issues with how user input is handled and processed, which could be exploited if not thoroughly addressed.\n\nIn conclusion, while the current static analysis shows some adherence to security best practices, the plugin's past vulnerability history, particularly the unpatched high-severity issue, poses a substantial risk.  Users should be cautious, and immediate attention should be given to addressing the outstanding vulnerability. Further investigation into the root cause of past vulnerabilities is recommended to prevent future occurrences.",[419,422,424,426],{"reason":420,"points":421},"Unpatched high severity vulnerability",20,{"reason":423,"points":267},"History of medium severity vulnerabilities",{"reason":425,"points":140},"History of cross-site scripting vulnerabilities",{"reason":427,"points":140},"History of cross-site request forgery vulnerabilities","2026-03-16T18:16:38.739Z",{"wat":430,"direct":437},{"assetPaths":431,"generatorPatterns":434,"scriptPaths":435,"versionParams":436},[432,433],"\u002Fwp-content\u002Fplugins\u002Fmail-subscribe-list\u002Fsml-subscribe-form.css","\u002Fwp-content\u002Fplugins\u002Fmail-subscribe-list\u002Fsml-subscribe-form.js",[],[],[],{"cssClasses":438,"htmlComments":463,"htmlAttributes":464,"restEndpoints":472,"jsGlobals":473,"shortcodeOutput":475},[439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462],"sml_subscribe","sml_hiddenfield","prepend","sml_thankyou","sml_name","sml_namelabel","sml_nameinput","sml_email","sml_emaillabel","sml_emailinput","sml_submit","sml_submitbtn","sml_subscribe_widget_title","sml_subscribe_widget_prepend","sml_subscribe_widget_jsthanks","sml_subscribe_widget_thankyou","sml_subscribe_widget_showname","sml_subscribe_nameoptions","sml_subscribe_widget_nametxt","sml_subscribe_widget_nameholder","sml_subscribe_widget_emailtxt","sml_subscribe_widget_emailholder","sml_subscribe_widget_showsubmit","sml_subscribe_widget_submittxt",[],[465,466,467,468,469,470,471],"data-sml_subscribe_widget_showname","data-sml_subscribe_widget_nametxt","data-sml_subscribe_widget_nameholder","data-sml_subscribe_widget_emailtxt","data-sml_subscribe_widget_emailholder","data-sml_subscribe_widget_showsubmit","data-sml_subscribe_widget_submittxt",[],[474],"window.onload",[476,477,478,479,480,481,482,483],"\u003Cform class=\"sml_subscribe\"","\u003Cinput class=\"sml_hiddenfield\" name=\"sml_subscribe\"","\u003Cp class=\"sml_thankyou\">","\u003Clabel class=\"sml_namelabel\"","\u003Cinput class=\"sml_nameinput\"","\u003Clabel class=\"sml_emaillabel\"","\u003Cinput class=\"sml_emailinput\"","\u003Cinput name=\"submit\" class=\"btn sml_submitbtn\""]