[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFs1r-1qoNtcn-mT1KQr-bovNNtlP8Egx2Tj0D7aSnCY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":38,"fingerprints":227},"mailpoet-wysija-mandrill-spam-and-bounce-cleaner","MailPoet Newsletters – Mandrill Spam and Bounce Cleaner","1.0","chrismedina","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrismedina\u002F","\u003Cp>If you use the MandrillApp service to send your MailPoet (formerly Wysija) newsletter emails, then this is a great add-on for you. In order to keep your Mandrill reputation high (which affects your rate limit for sending) you must be sure that Mandrill bounces, spam complaints, and unsubscribes are wiped from your newsletter.\u003C\u002Fp>\n\u003Cp>MailPoet will not receive spam complaints that were sent to Mandrill so it’s best to get ALL of the spam complaints out of your newsletter before your Mandrill reputation drops.\u003C\u002Fp>\n\u003Cp>MailPoet Mandrill Spam and Bounce Cleaner allows you remove all of the errors, bounces, rejections, spam complaints, unsubscribes from your newsletter list. It also allows you to compare the bounces, unsubscribes between MailPoet and the Mandrill API for reconciliation purposes.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Gather error list from Mandrill API of: soft bounce emails, hard bounce emails, rejected emails, spam complaint emails, and unsubscribe emails\u003C\u002Fli>\n\u003Cli>Delete \u002F Unsubscribe soft bounces, hard bounces, reject, spam complaints, and unsubscribe emails from the Mandrill API\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows MailPoet users to easily unsubscribe or delete newsletter subscribers who have bounced, rejected, reported you for spam and more.",10,4222,74,3,"2015-05-09T06:33:00.000Z","4.1.42","3.1","",[20,21,22,23,24],"mailpoet-bounce-cleaner","mailpoet-email-cleaner","mailpoet-mandrill-cleaner","mailpoet-newsletter-cleaner","newsletter-spam-delete","http:\u002F\u002Fwww.chrismedinaphp.com\u002Fplugins\u002Fmailpoet-mandrill-cleaner.zip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T09:18:00.430Z",[],{"attackSurface":39,"codeSignals":86,"taintFlows":150,"riskAssessment":210,"analyzedAt":226},{"hooks":40,"ajaxHandlers":69,"restRoutes":83,"shortcodes":84,"cronEvents":85,"entryPointCount":14,"unprotectedCount":14},[41,47,51,56,60,64],{"type":42,"name":43,"callback":44,"file":45,"line":46},"action","admin_enqueue_scripts","wnc_load_custom_wp_admin_style","core\\base.php",95,{"type":42,"name":48,"callback":49,"file":45,"line":50},"admin_footer","wnc_load_ajax",105,{"type":42,"name":52,"callback":53,"priority":54,"file":45,"line":55},"admin_menu","wnc_register_my_custom_menu_page",1000,141,{"type":42,"name":57,"callback":58,"file":45,"line":59},"plugins_loaded","wnc_initial",162,{"type":42,"name":61,"callback":62,"file":45,"line":63},"init","register_session",168,{"type":42,"name":65,"callback":66,"file":67,"line":68},"admin_notices","wnc_requirements_error","index.php",71,[70,75,79],{"action":71,"nopriv":72,"callback":73,"hasNonce":72,"hasCapCheck":72,"file":45,"line":74},"my_action",false,"wnc_ajax_callback",122,{"action":76,"nopriv":72,"callback":77,"hasNonce":72,"hasCapCheck":72,"file":45,"line":78},"search_action","wnc_ajax_search_callback",129,{"action":80,"nopriv":72,"callback":81,"hasNonce":72,"hasCapCheck":72,"file":45,"line":82},"update_action","wnc_ajax_update_callback",136,[],[],[],{"dangerousFunctions":87,"sqlUsage":93,"outputEscaping":96,"fileOperations":144,"externalRequests":33,"nonceChecks":145,"capabilityChecks":14,"bundledLibraries":146},[88],{"fn":89,"file":90,"line":91,"context":92},"unserialize","classes\\WNC_MailPoet.php",19,"$this->options = unserialize( base64_decode( $encoded_option ) );",{"prepared":94,"raw":28,"locations":95},16,[],{"escaped":97,"rawEcho":98,"locations":99},2,20,[100,104,106,109,111,113,115,118,120,121,123,125,127,129,131,133,136,138,141,143],{"file":101,"line":102,"context":103},"classes\\WNC_Mandrill.php",59,"raw output",{"file":45,"line":105,"context":103},119,{"file":107,"line":108,"context":103},"models\\WNC_Search_Model.php",180,{"file":107,"line":110,"context":103},194,{"file":107,"line":112,"context":103},258,{"file":107,"line":114,"context":103},260,{"file":116,"line":117,"context":103},"views\\WNC_Mandrill_Cleaner\\clean.tab.php",34,{"file":116,"line":119,"context":103},41,{"file":116,"line":35,"context":103},{"file":116,"line":122,"context":103},90,{"file":116,"line":124,"context":103},152,{"file":116,"line":126,"context":103},153,{"file":116,"line":128,"context":103},154,{"file":116,"line":130,"context":103},155,{"file":116,"line":132,"context":103},156,{"file":134,"line":135,"context":103},"views\\WNC_Mandrill_Cleaner\\settings.tab.php",11,{"file":134,"line":137,"context":103},47,{"file":139,"line":140,"context":103},"views\\WNC_Mandrill_Cleaner\\wnc_settings.view.php",23,{"file":139,"line":142,"context":103},26,{"file":139,"line":137,"context":103},5,4,[147],{"name":148,"version":29,"knownCves":149},"DataTables",[],[151,168,178,199],{"entryPoint":152,"graph":153,"unsanitizedCount":33,"severity":167},"wnc_ajax_callback (core\\base.php:108)",{"nodes":154,"edges":165},[155,160],{"id":156,"type":157,"label":158,"file":45,"line":159},"n0","source","$_POST",109,{"id":161,"type":162,"label":163,"file":45,"line":105,"wp_function":164},"n1","sink","echo() [XSS]","echo",[166],{"from":156,"to":161,"sanitized":72},"medium",{"entryPoint":169,"graph":170,"unsanitizedCount":28,"severity":177},"\u003Cbase> (core\\base.php:0)",{"nodes":171,"edges":174},[172,173],{"id":156,"type":157,"label":158,"file":45,"line":159},{"id":161,"type":162,"label":163,"file":45,"line":105,"wp_function":164},[175],{"from":156,"to":161,"sanitized":176},true,"low",{"entryPoint":179,"graph":180,"unsanitizedCount":33,"severity":198},"search (models\\WNC_Search_Model.php:25)",{"nodes":181,"edges":195},[182,183,187,190],{"id":156,"type":157,"label":158,"file":107,"line":122},{"id":161,"type":162,"label":184,"file":107,"line":185,"wp_function":186},"get_results() [SQLi]",101,"get_results",{"id":188,"type":157,"label":158,"file":107,"line":189},"n2",33,{"id":191,"type":162,"label":192,"file":107,"line":193,"wp_function":194},"n3","query() [SQLi]",163,"query",[196,197],{"from":156,"to":161,"sanitized":176},{"from":188,"to":191,"sanitized":72},"high",{"entryPoint":200,"graph":201,"unsanitizedCount":33,"severity":198},"\u003CWNC_Search_Model> (models\\WNC_Search_Model.php:0)",{"nodes":202,"edges":207},[203,204,205,206],{"id":156,"type":157,"label":158,"file":107,"line":122},{"id":161,"type":162,"label":184,"file":107,"line":185,"wp_function":186},{"id":188,"type":157,"label":158,"file":107,"line":189},{"id":191,"type":162,"label":192,"file":107,"line":193,"wp_function":194},[208,209],{"from":156,"to":161,"sanitized":176},{"from":188,"to":191,"sanitized":72},{"summary":211,"deductions":212},"The plugin \"mailpoet-wysija-mandrill-spam-and-bounce-cleaner\" v1.0 exhibits a concerning security posture due to a significant number of unprotected entry points.  While it demonstrates good practices in database interaction with 100% prepared statements, the lack of authentication checks on all three AJAX handlers represents a critical weakness, potentially allowing unauthorized access to sensitive functionalities. The presence of a dangerous `unserialize` function, coupled with taint analysis revealing two high-severity flows with unsanitized paths, further elevates the risk profile. The low percentage of properly escaped output also indicates a risk of cross-site scripting (XSS) vulnerabilities.\n\nDespite the identified code-level risks, the plugin's vulnerability history is remarkably clean, with zero recorded CVEs. This absence of past vulnerabilities is a positive indicator, suggesting either robust development practices in the past or a lack of historical targeting. However, the current code analysis reveals potential for new vulnerabilities to emerge. The plugin's strengths lie in its secure database queries and a clean vulnerability history. Its weaknesses are concentrated in its attack surface, specifically the unprotected AJAX handlers, the use of `unserialize`, and insufficient output escaping, creating immediate security concerns that should be addressed.",[213,216,219,221,224],{"reason":214,"points":215},"3 unprotected AJAX handlers",15,{"reason":217,"points":218},"High severity taint flows with unsanitized paths (2)",12,{"reason":220,"points":11},"Dangerous function: unserialize",{"reason":222,"points":223},"Low percentage of properly escaped output (9%)",8,{"reason":225,"points":14},"Bundled library: DataTables","2026-03-16T23:43:36.112Z",{"wat":228,"direct":240},{"assetPaths":229,"generatorPatterns":237,"scriptPaths":238,"versionParams":239},[230,231,232,233,234,235,236],"\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fjs\u002Fjquery.ui.widget.js","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fjs\u002Fjquery.ui.datepicker.js","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fjs\u002Fjquery.dataTables.js","\u002Fwp-content\u002Fplugins\u002Fmailpoet-wysija-mandrill-spam-and-bounce-cleaner\u002Fjs\u002Fwnc_ajaj.js",[],[233,234,235,236],[],{"cssClasses":241,"htmlComments":242,"htmlAttributes":243,"restEndpoints":244,"jsGlobals":245,"shortcodeOutput":247},[],[],[],[],[246],"ajax_object",[]]