[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fF8A9NGnd1-9tro3ddg797gVjF7PLM50Wkhr_reGJpS8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":36,"analysis":129,"fingerprints":199},"mailsure","Mailsure","1.0","corytrevor","https:\u002F\u002Fprofiles.wordpress.org\u002Fcorytrevor\u002F","\u003Ch3>Test email sending, SPF, DKIM & DMARC\u003C\u002Fh3>\n\u003Cp>Mailsure provides a simple one-click email authentication test to check if WordPress is able to send properly authenticated emails.\u003C\u002Fp>\n\u003Cp>Also included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a test email to any address\u003C\u002Fli>\n\u003Cli>Mail server IP blacklist check via \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002F\" rel=\"nofollow ugc\">MXToolbox\u003C\u002Fa>. View their privacy policy \u003Ca href=\"https:\u002F\u002Fmxtoolbox.com\u002Fprivacypolicy.aspx\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plugin settings are in Tools -> Mailsure\u003C\u002Fp>\n","Test email sending, SPF, DKIM & DMARC",50,786,100,1,"2024-07-12T10:18:00.000Z","6.5.8","6.0","7.1",[20,21,22,23,24],"dkim","dmarc","email","email-authentication","test-email","https:\u002F\u002Fmailsure.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmailsure.1.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},30,88,"2026-04-04T06:58:11.692Z",[37,57,74,96,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"deliverability","Deliverability – pass DKIM, SPF, DMARC & more","1.8.0","Top Deliverability","https:\u002F\u002Fprofiles.wordpress.org\u002Ftopdeliverability\u002F","\u003Cp>Our Deliverability Plugin for WordPress allows you to easily authenticate emails generated from your website with a DKIM signature.\u003C\u002Fp>\n\u003Cp>But our Deliverability Plugin does much more than that! In fact, it’s packed with incredible email security and email deliverability features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SPF authentication check, monitor and troubleshoot\u003C\u002Fli>\n\u003Cli>DKIM authentication implementation, check, monitor and troubleshoot\u003C\u002Fli>\n\u003Cli>DMARC authentication check, monitor and troubleshoot\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s always a good practice to authenticate your domain, but if your domain has a DMARC record and your website runs on WordPress you almost certainly need this plugin.\u003C\u002Fp>\n\u003Cp>The Deliverability plugin will take your Email Deliverability to a whole new level.\u003C\u002Fp>\n\u003Cp>This plugin is designed and written by experts and is easy to use and understand.\u003C\u002Fp>\n\u003Cp>It reduces security risk by checking for shortcomings in your email setup, and by implementing and enforcing the latest recommended Email security practices and techniques.\u003C\u002Fp>\n\u003Cp>Fully compatible with Contact-Form 7, WPForms, BuddyPress, WP Mail SMTP and more.\u003C\u002Fp>\n","Check and improve your Email Deliverability. Pass DMARC by DKIM-signing your emails without an external SMTP. Comply with Google & Yahoo requirements!",800,11120,84,15,"2025-09-15T12:59:00.000Z","6.6.5","5.9","7.4",[38,20,21,22,54],"spf","https:\u002F\u002Ftopdeliverability.com\u002Fplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdeliverability.1.8.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":28,"downloaded":65,"rating":28,"num_ratings":28,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":52,"tags":69,"homepage":66,"download_link":72,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":73},"dmarcreport-domain-auth-checker","DMARCREPORT Domain Auth Checker","1.7.2","DuoCircle LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fduocircle\u002F","\u003Cp>DMARCREPORT Domain Auth Checker lets you embed interactive email authentication record checkers on any WordPress page or post using a simple shortcode. All DNS lookups run locally through PHP’s native \u003Ccode>dns_get_record()\u003C\u002Fcode> function. The MTA-STS checker also fetches the domain’s MTA-STS policy file over HTTPS (see External Services below).\u003C\u002Fp>\n\u003Ch4>SPF Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Analyze SPF records for any domain\u003C\u002Fli>\n\u003Cli>Monitor DNS lookup count (RFC 7208 limit of 10)\u003C\u002Fli>\n\u003Cli>View SPF record structure in an interactive tree\u003C\u002Fli>\n\u003Cli>Per-mechanism lookup count breakdown\u003C\u002Fli>\n\u003Cli>Health status indicator (Good \u002F At Limit \u002F Critical)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DMARC Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Analyze DMARC policies and configuration\u003C\u002Fli>\n\u003Cli>Interactive DMARC record builder\u003C\u002Fli>\n\u003Cli>Tag parsing with descriptions\u003C\u002Fli>\n\u003Cli>DKIM and SPF alignment checks\u003C\u002Fli>\n\u003Cli>Reporting configuration (rua\u002Fruf) verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>TLS-RPT Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check SMTP TLS Reporting configuration\u003C\u002Fli>\n\u003Cli>Validate mailto: and https: reporting endpoints\u003C\u002Fli>\n\u003Cli>Health scoring for TLS-RPT setup\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BIMI Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify Brand Indicators for Message Identification setup\u003C\u002Fli>\n\u003Cli>Visual logo preview\u003C\u002Fli>\n\u003Cli>VMC (Verified Mark Certificate) detection\u003C\u002Fli>\n\u003Cli>Custom selector support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MTA-STS Checker\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify MTA-STS DNS TXT record\u003C\u002Fli>\n\u003Cli>Fetch and parse the MTA-STS policy file\u003C\u002Fli>\n\u003Cli>Mode detection (enforce\u002Ftesting\u002Fnone)\u003C\u002Fli>\n\u003Cli>MX host listing from policy\u003C\u002Fli>\n\u003Cli>Max age analysis\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Common Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Copy to clipboard for domains and record values\u003C\u002Fli>\n\u003Cli>Fully responsive design (desktop and mobile)\u003C\u002Fli>\n\u003Cli>URL deep linking — share results via \u003Ccode>?domain=example.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Visual health indicators for all checkers\u003C\u002Fli>\n\u003Cli>Powered by dmarcreport.com watermark\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use the \u003Ccode>[dmarcreport_domain_auth_checker]\u003C\u002Fcode> shortcode with the \u003Ccode>type\u003C\u002Fcode> attribute:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>SPF\u003C\u002Fstrong> (default): \u003Ccode>[dmarcreport_domain_auth_checker]\u003C\u002Fcode> or \u003Ccode>[dmarcreport_domain_auth_checker type=\"spf\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DMARC\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"dmarc\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>TLS-RPT\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"tlsrpt\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>BIMI\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"bimi\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>MTA-STS\u003C\u002Fstrong>: \u003Ccode>[dmarcreport_domain_auth_checker type=\"mta-sts\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All checkers support the \u003Ccode>?domain=example.com\u003C\u002Fcode> URL parameter for deep linking and auto-analysis.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin performs DNS lookups and, for the MTA-STS checker, an HTTPS request to the domain being analyzed. No data is sent to any third-party API or service operated by the plugin author.\u003C\u002Fp>\n\u003Ch4>DNS lookups\u003C\u002Fh4>\n\u003Cp>When a user submits a domain for analysis, the plugin uses PHP’s built-in \u003Ccode>dns_get_record()\u003C\u002Fcode> function to query DNS records directly from your WordPress server. The domain name entered by the user is sent as a standard DNS query. This happens each time a user clicks the analyze button for any checker (SPF, DMARC, TLS-RPT, BIMI, or MTA-STS).\u003C\u002Fp>\n\u003Cp>DNS lookups are handled by your server’s configured DNS resolver and are not routed through any external API.\u003C\u002Fp>\n\u003Ch4>MTA-STS policy file fetch\u003C\u002Fh4>\n\u003Cp>The MTA-STS checker fetches the domain’s MTA-STS policy file by making an HTTPS GET request to:\u003Cbr \u002F>\n    https:\u002F\u002Fmta-sts.{domain}\u002F.well-known\u002Fmta-sts.txt\u003C\u002Fp>\n\u003Cp>This request is sent to the web server of the domain being analyzed (not to a third-party service). It is made each time a user analyzes a domain using the MTA-STS checker. Only the HTTP request itself is sent — no additional user data, cookies, or tracking information is included.\u003C\u002Fp>\n\u003Cp>Since this request goes directly to the analyzed domain’s own web server, there is no third-party service provider with separate terms of use or privacy policy. The connection uses HTTPS with SSL verification enabled.\u003C\u002Fp>\n\u003Ch4>Outbound links\u003C\u002Fh4>\n\u003Cp>The plugin includes links to \u003Ca href=\"https:\u002F\u002Fdmarcreport.com\" rel=\"nofollow ugc\">dmarcreport.com\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fautospf.com\" rel=\"nofollow ugc\">autospf.com\u003C\u002Fa> (services by the plugin author, DuoCircle). These appear as “Powered by” watermarks and pricing call-to-action buttons within the checker interface. They are standard hyperlinks that open in a new browser tab when clicked by the user — no data is sent to these sites automatically by the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdmarcreport.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">dmarcreport.com Terms and Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdmarcreport.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">dmarcreport.com Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fautospf.com\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">autospf.com Terms and Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fautospf.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">autospf.com Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Check SPF, DMARC, BIMI, MTA-STS and TLS-RPT records for any domain. Embed email authentication checkers with a shortcode.",111,"","6.9.4","5.0",[70,21,23,71,54],"bimi","mta-sts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdmarcreport-domain-auth-checker.1.7.2.zip","2026-03-15T10:48:56.248Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":48,"last_updated":85,"tested_up_to":50,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":66,"download_link":92,"security_score":93,"vuln_count":94,"unpatched_count":14,"last_vuln_date":95,"fetched_at":30},"wp-test-email","WP Test Email","1.1.7","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Do you want to test whether the WordPress installation is sending mail or not? WP Test Email helps you to do that.\u003Cbr \u002F>\nIt allows you to send a simple test email to an email address of your choice and logs all outgoing emails.\u003C\u002Fp>\n\u003Cp>Note: The email logs are retained for a maximum of 30 days. Older logs are automatically removed to keep the log table manageable.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F99LFut4PPVU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features to this plugin.\u003C\u002Fp>\n","WP Test Email is allows you to test if your WordPress installation is sending mail or not.",20000,248440,94,"2024-07-31T06:18:00.000Z","4.3","5.2.4",[89,90,91,24],"check-mail","emal-log","mail-tester","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-test-email.1.1.7.zip",63,3,"2026-01-15 00:00:00",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":13,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":66,"download_link":116,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"automatic-email-testing-for-wp","Automatic Email Testing for WP","1.4.9","WebBuddy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebsprout\u002F","\u003Cp>Automatic Email Testing for WP is an efficient solution to help you automatically check whether your website’s email sending is working as expected every single day.\u003C\u002Fp>\n\u003Cp>Email sending is one of the most fundamental functionalities of your website. When your website is unable to send out emails, contact form enquiries fail to reach you, order emails fail to reach your customers, and the list just goes on.\u003C\u002Fp>\n\u003Cp>By using Automatic Email Testing for WP plugin on your website, you will have a smart system that helps you to test your website email server automatically every day, so you can have the assurance that your website’s email sending functionality is working well, day in and out!\u003C\u002Fp>\n\u003Cp>The setup process is incredibly quick and simple. All you need is to enter your email address (one-time) and you’re good to go!\u003C\u002Fp>\n\u003Cp>The plugin will send the first test email to you immediately once your email address has been saved. Subsequently, it will automatically run tests on your website email server and you should receive a simple email testing report every 24 hours (approx.) if your website email server is working normally.\u003C\u002Fp>\n\u003Cp>In the event that you do not receive the daily email testing report on any given day, it means that your website email server is down and you may refer to the plugin settings page for a quick guide on how to troubleshoot the issue.\u003C\u002Fp>\n\u003Ch4>FREE VERSION FEATURES INCLUDE:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automated daily checks on your website email server\u003C\u002Fli>\n\u003Cli>Simple email testing report sent to you daily (if email server is working normally only)\u003C\u002Fli>\n\u003Cli>Email test record log (for past 3 days)\u003C\u002Fli>\n\u003Cli>Ultra-lightweight plugin (will not slow down your website)\u003C\u002Fli>\n\u003Cli>Step by step troubleshooting guide available for reference if you do not receive the email testing report\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you have any feedback or suggestions to add more features to this plugin, we welcome you to get in touch with us 🙂\u003C\u002Fp>\n\u003Cp>Note: This plugin will test whether the email is sent successfully but it does not guarantee the deliverability of emails.\u003C\u002Fp>\n\u003Ch4>PRO VERSION\u003C\u002Fh4>\n\u003Cp>If you want to be automatically notified even when your email server fails, check out our \u003Ca href=\"https:\u002F\u002Fpayhip.com\u002Fb\u002FL4KeS\" rel=\"nofollow ugc\">PRO version here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>PRO VERSION FEATURES INCLUDE:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automated daily checks on your website email server\u003C\u002Fli>\n\u003Cli>Simple email testing report sent to you daily (you will be notified even when your email server fails!)\u003C\u002Fli>\n\u003Cli>Email test record log (for past 10 days)\u003C\u002Fli>\n\u003Cli>Ultra-lightweight plugin (will not slow down your website)\u003C\u002Fli>\n\u003C\u002Ful>\n","[UPDATED!] Automatic Email Testing for WP plugin allows you to set up a system inside wordpress to test your email server every day.",300,5879,5,"2025-04-19T02:22:00.000Z","6.8.5","5.3",[111,112,113,114,115],"automatic-check-email","email-tester","test-email-automatically","test-wordpress-email","wp-mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-email-testing-for-wp.1.4.9.zip",{"slug":118,"name":119,"version":120,"author":78,"author_profile":79,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":13,"num_ratings":14,"last_updated":124,"tested_up_to":50,"requires_at_least":68,"requires_php":52,"tags":125,"homepage":66,"download_link":128,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-smtp-mailer","WP SMTP Mailer","1.6","\u003Cp>WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending, and view email logs.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMTP Configuration\u003C\u002Fstrong>: Configure your SMTP server settings including host, username, password, port, and encryption system.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Email\u003C\u002Fstrong>: Send test emails to verify your SMTP configuration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Logs\u003C\u002Fstrong>: View and manage logs of outgoing emails with search, sorting, and pagination.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Log Management\u003C\u002Fstrong>: Automatically clears logs older than 30 days.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Design\u003C\u002Fstrong>: User-friendly interface with a responsive design for managing settings and viewing logs.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP SMTP Mailer is a simple and flexible plugin to configure SMTP settings in WordPress. It allows you to set up SMTP credentials, test email sending,  &hellip;",3058,"2024-07-31T07:40:00.000Z",[22,126,127,24],"email-logs","smtp-mailer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smtp-mailer.1.6.zip",{"attackSurface":130,"codeSignals":178,"taintFlows":191,"riskAssessment":192,"analyzedAt":198},{"hooks":131,"ajaxHandlers":161,"restRoutes":166,"shortcodes":175,"cronEvents":176,"entryPointCount":177,"unprotectedCount":14},[132,138,142,146,150,154,158],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_init","mailsure_activate_redirect","mailsure.php",47,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_menu","mailsure_add_to_tools_menu",80,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_print_scripts","mailsure_check_result_script",112,{"type":133,"name":147,"callback":148,"file":136,"line":149},"admin_enqueue_scripts","mailsure_enqueue_admin_styles_and_scripts",117,{"type":133,"name":151,"callback":152,"file":136,"line":153},"wp_mail_failed","mailsure_get_wp_mail_error_as_global",183,{"type":133,"name":155,"callback":156,"file":136,"line":157},"rest_api_init","mailsure_register_on_demand_test_notification_endpoint",395,{"type":133,"name":151,"callback":152,"priority":159,"file":136,"line":160},10,504,[162],{"action":163,"nopriv":164,"callback":163,"hasNonce":164,"hasCapCheck":164,"file":136,"line":165},"mailsure_refresh_when_result_received",false,446,[167],{"namespace":168,"route":169,"methods":170,"callback":172,"permissionCallback":173,"file":136,"line":174},"mailsure\u002Fv2","\u002Fon-demand-result\u002F",[171],"POST","mailsure_receive_on_demand_result","mailsure_check_test_id_auth",399,[],[],2,{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":28,"externalRequests":28,"nonceChecks":94,"capabilityChecks":28,"bundledLibraries":190},[],{"prepared":28,"raw":28,"locations":181},[],{"escaped":183,"rawEcho":177,"locations":184},41,[185,188],{"file":136,"line":186,"context":187},459,"raw output",{"file":136,"line":189,"context":187},467,[],[],{"summary":193,"deductions":194},"The 'mailsure' v1.0 plugin exhibits a generally positive security posture with several good practices in place, such as the complete absence of dangerous functions, file operations, and external HTTP requests. The use of prepared statements for all SQL queries and a high percentage of properly escaped output are strong indicators of secure coding. However, a significant concern arises from its attack surface. With a total of two entry points, one of which is an AJAX handler that lacks authentication checks, there is a clear vulnerability present. This unprotected entry point could be exploited by unauthenticated users to interact with the plugin in unintended ways, potentially leading to various security issues depending on the AJAX handler's functionality. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive sign suggesting a history of secure development. Nevertheless, the presence of an unprotected AJAX handler is a critical oversight that outweighs the lack of past vulnerabilities and requires immediate attention.",[195],{"reason":196,"points":197},"AJAX handler without authentication",8,"2026-03-16T22:01:05.829Z",{"wat":200,"direct":207},{"assetPaths":201,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[202],"\u002Fwp-content\u002Fplugins\u002Fmailsure\u002Fassets\u002Fadmin-style.css",[],[],[206],"mailsure-admin-style?ver=",{"cssClasses":208,"htmlComments":213,"htmlAttributes":214,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":221},[209,210,211,212],"nav-tab","nav-tab-active","wrap","wp-core-ui",[],[215,216],"data-nonce-action","data-nonce-field",[],[219,220],"mailsure_mail_error_message","ajaxurl",[]]