[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgbAr8vA2GXn4IlCWA1azr3PffOQ-qnovGbQOpHGL1pc":3,"$fQNhGNkNEaKV2W9orl6S23UHwTqWutJ5TJKe76rX7K-M":256,"$fXxP_UH_JcvFpAEaekW2mAdNjqq82TfK6F9QiSMyfG4w":260},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":51,"crawl_stats":39,"alternatives":59,"analysis":60,"fingerprints":230},"mass-email-to-users","Mass Email To users","1.1.5","Nks","https:\u002F\u002Fprofiles.wordpress.org\u002Fnik00726\u002F","\u003Cp>Mass Email To Users is the plugin for sending a mass email to WordPress users. Admin can send an email to WordPress users together. Simple and mass mailer plugin. Admin can have option pagination in the list all users. Admin can send HTML email to selected users.\u003C\u002Fp>\n\u003Cp>In the pro version, admin can have Full WYSIWYG editor available for typing email. Admin can simply select users and load email templates and send an email. In pro version, admin can send a newsletter to users and also can send emails via cronjobs.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find Mass Email Pro Plugin at \u003Ca href=\"https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-bulk-email-pro-plugin\u002F\" rel=\"nofollow ugc\">WordPress Mass Email Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advance Newsletter Plugin at \u003Ca href=\"https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-newsletter-subscription-pro-plugin\u002F\" rel=\"nofollow ugc\">Newsletter Email Subscription\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>=Features=\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>select users and email them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Seprate emails send.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>pagination for more users.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress capebilities feature\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>=Pro Version Features=\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Full wysiwyg editor available for typing email.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Email Templates Managements.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can send email with unsubscribe link.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>User can unsubscribe from email messages.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Support BuddyPress Fields inot email content as well as filter users\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can search user with email,username,user nice name and user display name.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin can use extra place holders like [first_name],[last_name],[nickname],[user_email],[user_nicename],[display_name].\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Now pro version has email queue just select users and add theme to queue.Admin can go through any page and select users and\u003Cbr \u002F>\nadd theme to email queue and send all queue email at once.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Now admin can view the list of users who has unsbuscribe from all emails.Admin can resubscribe those users who has ubscribe.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No advertising.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress capebilities feature.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.i13websolution.com\u002Fcontacts\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But you can make some donations if you realy find it useful.\u003C\u002Fp>\n","Mass Email To Users is the plugin for sending a mass email to WordPress users. Admin can send an email to WordPress users together.",900,40937,62,8,"2025-12-04T11:51:00.000Z","6.9.4","3.0","",[20,21,22,23,24],"mass-email","send-email-to-users","wordpress-email-marketing","wordpress-mailer","wordpress-mass-email","http:\u002F\u002Fwww.i13websolution.com\u002Fwordpress-bulk-email-pro-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.5.zip",100,1,0,"2023-04-28 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":39,"research_verified":50,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":50,"poc_model_used":39,"poc_verification_depth":39},"CVE-2022-47600","mass-email-to-users-unauthenticated-reflected-cross-site-scripting-via-entrant","Mass Email To users \u003C= 1.1.4 - Unauthenticated Reflected Cross-Site Scripting via 'entrant'","The Mass Email To users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'entrant' parameter in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers  to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.4","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0f218010-8429-4a8a-b7f6-e45945a2a1ba?source=api-prod",270,[],false,{"slug":52,"display_name":7,"profile_url":8,"plugin_count":53,"total_installs":54,"avg_security_score":55,"avg_patch_time_days":56,"trust_score":57,"computed_at":58},"nik00726",19,22900,97,350,77,"2026-05-20T03:12:53.490Z",[],{"attackSurface":61,"codeSignals":86,"taintFlows":185,"riskAssessment":222,"analyzedAt":229},{"hooks":62,"ajaxHandlers":82,"restRoutes":83,"shortcodes":84,"cronEvents":85,"entryPointCount":29,"unprotectedCount":29},[63,69,73,78],{"type":64,"name":65,"callback":66,"file":67,"line":68},"action","admin_menu","massemail_plugin_menu","wordpressmassemail.php",15,{"type":64,"name":70,"callback":71,"file":67,"line":72},"plugins_loaded","wmeu_lang_for_wp_mass_emails_to_users",16,{"type":74,"name":75,"callback":76,"priority":77,"file":67,"line":53},"filter","user_has_cap","wmeu_mass_email_admin_cap_list",10,{"type":74,"name":79,"callback":80,"priority":77,"file":67,"line":81},"map_meta_cap","map_wmeu_mass_email_meta_caps",30,[],[],[],[],{"dangerousFunctions":87,"sqlUsage":88,"outputEscaping":91,"fileOperations":29,"externalRequests":29,"nonceChecks":183,"capabilityChecks":29,"bundledLibraries":184},[],{"prepared":89,"raw":29,"locations":90},3,[],{"escaped":92,"rawEcho":93,"locations":94},26,45,[95,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138,140,142,143,144,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181],{"file":67,"line":96,"context":97},177,"raw output",{"file":67,"line":99,"context":97},182,{"file":67,"line":101,"context":97},266,{"file":67,"line":103,"context":97},294,{"file":67,"line":105,"context":97},333,{"file":67,"line":107,"context":97},341,{"file":67,"line":109,"context":97},342,{"file":67,"line":111,"context":97},343,{"file":67,"line":113,"context":97},347,{"file":67,"line":115,"context":97},354,{"file":67,"line":117,"context":97},357,{"file":67,"line":119,"context":97},363,{"file":67,"line":121,"context":97},366,{"file":67,"line":123,"context":97},372,{"file":67,"line":125,"context":97},374,{"file":67,"line":127,"context":97},379,{"file":67,"line":129,"context":97},388,{"file":67,"line":131,"context":97},396,{"file":67,"line":133,"context":97},420,{"file":67,"line":135,"context":97},540,{"file":67,"line":137,"context":97},541,{"file":67,"line":139,"context":97},543,{"file":67,"line":141,"context":97},562,{"file":67,"line":141,"context":97},{"file":67,"line":141,"context":97},{"file":67,"line":141,"context":97},{"file":67,"line":146,"context":97},565,{"file":67,"line":148,"context":97},572,{"file":67,"line":150,"context":97},585,{"file":67,"line":152,"context":97},586,{"file":67,"line":154,"context":97},593,{"file":67,"line":156,"context":97},594,{"file":67,"line":158,"context":97},609,{"file":67,"line":160,"context":97},611,{"file":67,"line":162,"context":97},626,{"file":67,"line":164,"context":97},633,{"file":67,"line":166,"context":97},641,{"file":67,"line":168,"context":97},652,{"file":67,"line":170,"context":97},663,{"file":67,"line":172,"context":97},672,{"file":67,"line":174,"context":97},674,{"file":67,"line":176,"context":97},681,{"file":67,"line":178,"context":97},684,{"file":67,"line":180,"context":97},756,{"file":67,"line":182,"context":97},762,2,[],[186,211],{"entryPoint":187,"graph":188,"unsanitizedCount":29,"severity":210},"massEmail_func (wordpressmassemail.php:154)",{"nodes":189,"edges":206},[190,195,200,204],{"id":191,"type":192,"label":193,"file":67,"line":194},"n0","source","$_POST (x4)",285,{"id":196,"type":197,"label":198,"file":67,"line":107,"wp_function":199},"n1","sink","echo() [XSS]","echo",{"id":201,"type":192,"label":202,"file":67,"line":203},"n2","$_GET (x3)",557,{"id":205,"type":197,"label":198,"file":67,"line":141,"wp_function":199},"n3",[207,209],{"from":191,"to":196,"sanitized":208},true,{"from":201,"to":205,"sanitized":208},"low",{"entryPoint":212,"graph":213,"unsanitizedCount":29,"severity":210},"\u003Cwordpressmassemail> (wordpressmassemail.php:0)",{"nodes":214,"edges":219},[215,216,217,218],{"id":191,"type":192,"label":193,"file":67,"line":194},{"id":196,"type":197,"label":198,"file":67,"line":107,"wp_function":199},{"id":201,"type":192,"label":202,"file":67,"line":203},{"id":205,"type":197,"label":198,"file":67,"line":141,"wp_function":199},[220,221],{"from":191,"to":196,"sanitized":208},{"from":201,"to":205,"sanitized":208},{"summary":223,"deductions":224},"The 'mass-email-to-users' plugin, version 1.1.5, exhibits a generally strong security posture with no identified critical or high-severity vulnerabilities in static analysis or taint flows. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, all SQL queries utilize prepared statements, which is a best practice for preventing SQL injection vulnerabilities. The presence of nonce checks on some operations is also a positive sign.\n\nHowever, there are areas for improvement. The output escaping is only properly implemented in 37% of cases, indicating a potential risk of Cross-Site Scripting (XSS) vulnerabilities. This is further supported by the plugin's vulnerability history, which includes a medium-severity XSS vulnerability reported in April 2023. While this vulnerability is currently unpatched, the fact that there are no *currently* unpatched CVEs suggests that past vulnerabilities may have been addressed, but the underlying coding practices regarding output sanitization need attention.\n\nIn conclusion, the plugin has a low immediate risk due to its limited attack surface and secure database practices. The primary concern lies with the inconsistent output escaping, which, coupled with past XSS issues, warrants careful monitoring and remediation. While the plugin demonstrates good practices in several areas, the prevalence of unescaped output suggests a potential weakness that could be exploited, particularly if new entry points or vulnerabilities are introduced in future versions.",[225,227],{"reason":226,"points":14},"Insufficient output escaping",{"reason":228,"points":77},"Past medium severity XSS vulnerability","2026-03-16T19:12:45.757Z",{"wat":231,"direct":241},{"assetPaths":232,"generatorPatterns":236,"scriptPaths":237,"versionParams":238},[233,234,235],"\u002Fwp-content\u002Fplugins\u002Fmass-email-to-users\u002Fjs\u002FjqueryValidate.js","\u002Fwp-content\u002Fplugins\u002Fmass-email-to-users\u002Fcss\u002Fstyles.css","\u002Fwp-content\u002Fplugins\u002Fmass-email-to-users\u002Fimages\u002Fpaypaldonate.jpg",[],[233],[239,240],"mass-email-to-users\u002Fcss\u002Fstyles.css?ver=","mass-email-to-users\u002Fjs\u002FjqueryValidate.js?ver=",{"cssClasses":242,"htmlComments":243,"htmlAttributes":244,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":255},[],[],[245,246,247,248,249,250,251],"data-href","data-layout","data-action","data-size","data-show-faces","data-share","id=\"help us for free plugin\"",[],[254],"facebook-jssdk",[],{"error":208,"url":257,"statusCode":258,"statusMessage":259,"message":259},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmass-email-to-users\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":261,"versions":262},6,[263,268,276,284,292,300],{"version":6,"download_url":26,"svn_tag_url":264,"released_at":39,"has_diff":50,"diff_files_changed":265,"diff_lines":39,"trac_diff_url":266,"vulnerabilities":267,"is_current":208},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmass-email-to-users%2Ftags%2F1.1.4&new_path=%2Fmass-email-to-users%2Ftags%2F1.1.5",[],{"version":269,"download_url":270,"svn_tag_url":271,"released_at":39,"has_diff":50,"diff_files_changed":272,"diff_lines":39,"trac_diff_url":273,"vulnerabilities":274,"is_current":50},"1.1.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmass-email-to-users%2Ftags%2F1.1.3&new_path=%2Fmass-email-to-users%2Ftags%2F1.1.4",[275],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":277,"download_url":278,"svn_tag_url":279,"released_at":39,"has_diff":50,"diff_files_changed":280,"diff_lines":39,"trac_diff_url":281,"vulnerabilities":282,"is_current":50},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmass-email-to-users%2Ftags%2F1.1.2&new_path=%2Fmass-email-to-users%2Ftags%2F1.1.3",[283],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":285,"download_url":286,"svn_tag_url":287,"released_at":39,"has_diff":50,"diff_files_changed":288,"diff_lines":39,"trac_diff_url":289,"vulnerabilities":290,"is_current":50},"1.1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmass-email-to-users%2Ftags%2F1.1.1&new_path=%2Fmass-email-to-users%2Ftags%2F1.1.2",[291],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":293,"download_url":294,"svn_tag_url":295,"released_at":39,"has_diff":50,"diff_files_changed":296,"diff_lines":39,"trac_diff_url":297,"vulnerabilities":298,"is_current":50},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmass-email-to-users%2Ftags%2F1.1&new_path=%2Fmass-email-to-users%2Ftags%2F1.1.1",[299],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":301,"download_url":302,"svn_tag_url":303,"released_at":39,"has_diff":50,"diff_files_changed":304,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":305,"is_current":50},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmass-email-to-users.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmass-email-to-users\u002Ftags\u002F1.1\u002F",[],[306],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]