[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foZuZ8RwU0do6lP749n1OfaGhWZ18kFscIcokgUtZLF8":3,"$fgcOEODQWKQ_ZXtQlw9-r0KWfMnTwD6O97BBC8l8C8yE":418,"$fbbtt9fIlAG-LU6x5pFCE3Y65BCqfk0hv16Izz3-NiEw":423},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":38,"analysis":145,"fingerprints":391},"notifier-and-ip-blocker","Notifier and IP Blocker","1.0","Mike Luskavets","https:\u002F\u002Fprofiles.wordpress.org\u002Fmlwebdevelopment\u002F","\u003Cp>Notifier and IP Blocker is a simple plugin that can secure your web-site from spam bots and notify users. The many users, who write a comment want to know, whether the administrator had got it or not. Send a message where it is written that the comment had been received and the answer would be sent as soon as possible also if it is spam user can go to link and blocked IP.\u003C\u002Fp>\n\u003Ch4>Features list\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Notify a user about when he sent comment.\u003C\u002Fli>\n\u003Cli>Automatically block IP, if the users is informed that it is spam.\u003C\u002Fli>\n\u003Cli>Set span amount message.\u003C\u002Fli>\n\u003Cli>Manually block and unblock access by IP.\u003C\u002Fli>\n\u003Cli>Manually configure user letter template by editor.\u003C\u002Fli>\n\u003Cli>User can unlock your IP.\u003C\u002Fli>\n\u003Cli>Manually block IP user can’t unlock.\u003C\u002Fli>\n\u003Cli>Manually customized Block Page content by editor.\u003C\u002Fli>\n\u003C\u002Ful>\n","Notify a user about when he sent comment or form via Contact Form 7 and automatically blocked spammer IP by notifier users.",10,1560,0,"2015-12-08T22:04:00.000Z","4.4.34","3.0","",[19,20,21,22,23],"alerts","banned","blocked-ip","comment","customize","http:\u002F\u002Fml.lviv.ua\u002Fprojects\u002Fplugins\u002Fnotifier-and-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnotifier-and-ip-blocker.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"mlwebdevelopment",2,20,30,84,"2026-05-19T21:00:33.919Z",[39,54,78,103,125],{"slug":40,"name":41,"version":6,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":48,"homepage":51,"download_link":52,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":53},"wp-user-notifier","WP User Notifier","\u003Cp>Many users, who write a comment want to know, whether the administrator had got it or not. WP User Notifier send a message where it is written that the comment had been received and the answer would be sent as soon as possible.\u003C\u002Fp>\n","Notify a user about when he sent comment or form via Contact Form 7",1304,100,1,"2015-12-02T10:15:00.000Z",[19,22,23,49,50],"email","from","http:\u002F\u002Fml.lviv.ua\u002Fprojects\u002Fplugins\u002Fwp-user-notifier","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-notifier.zip","2026-04-06T09:54:40.288Z",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":45,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":75,"download_link":76,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-comment-policy-checkbox","WP Comment Policy Checkbox","0.4.1","fcojgodoy","https:\u002F\u002Fprofiles.wordpress.org\u002Ffcojgodoy\u002F","\u003Cp>Add a checkbox to the comment forms so that the user can give consent to the web’s privacy policy. And save this consent in the database.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add a required privacy policy checkbox to the default WordPress comment forms, with a link to you privacy policy page.\u003C\u002Fli>\n\u003Cli>Allow display a customized text before the checkbox.\u003C\u002Fli>\n\u003Cli>Allow an external link as a page of the privacy policy.\u003C\u002Fli>\n\u003Cli>Allow open privacy policy link in the same tab or in a new one.\u003C\u002Fli>\n\u003Cli>Allow HTML link types attribute in the policy page link, for SEO reasons (nofollow, external…).\u003C\u002Fli>\n\u003Cli>The consent is stored in the database, in \u003Ccode>wp_commentmeta\u003C\u002Fcode> table with the metakey \u003Ccode>wpcpc_private_policy_accepted\u003C\u002Fcode>, and the commentator’s email as value.\u003C\u002Fli>\n\u003Cli>The consent is exported by WordPress’s Export Personal Data function.\u003C\u002Fli>\n\u003Cli>The consent is erased by WordPress’s Erase Personal Data function.\u003C\u002Fli>\n\u003Cli>Compatible with UnderStrap and themes that set is own fields on comment form.\u003C\u002Fli>\n\u003Cli>Compatible with Webmention (thank to @danielp6).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use\u003C\u002Fh4>\n\u003Cp>You can configure the plugin in the Discussion Settings on your WordPress administration.\u003C\u002Fp>\n\u003Ch4>Theme compatibility\u003C\u002Fh4>\n\u003Cp>The plugin only works if the theme uses the native WordPress function for comment forms.\u003Cbr \u002F>\nAlso, the plugin creates a concrete HTML structure to print the checkbox. Not in all theme will be displayed correctly. In that case, you could use the ‘Additional CSS’ box in the Customize of your theme.\u003C\u002Fp>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled on \u003Ca href=\"https:\u002F\u002Fgitlab.com\u002Ffcojgodoy\u002Fwp-comment-policy-checkbox\" rel=\"nofollow ugc\">GitLab\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Translation of the plugin into different languages is on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-comment-policy-checkbox\" rel=\"nofollow ugc\">the translation page\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Donation\u003C\u002Fh4>\n\u003Cp>If you enjoy using this plugin and find it useful, please consider making a donation in \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=C7M43R6RDXRBG\" rel=\"nofollow ugc\">PayPal\u003C\u002Fa>.\u003Cbr \u002F>\nThank you!\u003C\u002Fp>\n","Add a checkbox and custom text to the comment forms so that the user can be informed and give consent to the web's privacy policy.",6000,53318,14,"2024-07-06T10:11:00.000Z","6.5.8","3.0.2","5.4",[70,71,72,73,74],"checkbox","comments","customized-text","gdpr","privacy-policy","https:\u002F\u002Fgithub.com\u002Ffcojgodoy\u002Fwp-comment-policy-checkbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-comment-policy-checkbox.zip",92,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":45,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":99,"download_link":100,"security_score":101,"vuln_count":46,"unpatched_count":46,"last_vuln_date":102,"fetched_at":28},"comment-form-wp","Comment Form WP – Customize Default Comment Form","2.0.1","Habibur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fhrhabibpro\u002F","\u003Cp>\u003Cstrong>Comment Form WP\u003C\u002Fstrong> is a WordPress Popular Plugin for customize and modify your WordPress Website Comment Form. If you want to text change of your comment form related text by this Plugin. You can add and remove name field, email field, website field and textarea field by this plugin. If you want to add comment form placeholder, you can add placeholder by this plugin and Add\u002FRemove comment form label also by this popular Comment Form WP Plugin.\u003C\u002Fp>\n\u003Ch3>Docs and Support\u003C\u002Fh3>\n\u003Cp>You can find \u003Ca href=\"https:\u002F\u002Fhabibcoder.com\u002Fcomment-form\" rel=\"nofollow ugc\">Docs\u003C\u002Fa> here and more detailed information about Comment Form WP WordPress Plugin. When you cannot find the answer to your question on the FAQ or in any of the documentation, check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcomment-form-wp\" rel=\"ugc\">support forum\u003C\u002Fa> on WordPress.org.\u003C\u002Fp>\n\u003Ch3>Comment Form WP Need Support\u003C\u002Fh3>\n\u003Cp>It is hard to continue development and support for this free plugin without contributions from users like you. If you enjoy using Comment Form WP and find it useful, please consider \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fhabibcoder\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. Your donation will help encourage and support the plugin’s continued development and better user support.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Customize\u002FModify Comment Form\u003C\u002Fli>\n\u003Cli>Add Comment Form label\u003C\u002Fli>\n\u003Cli>Remove comment form label\u003C\u002Fli>\n\u003Cli>Label Required option add\u002Fremove\u003C\u002Fli>\n\u003Cli>Comment form fields placeholder add\u003C\u002Fli>\n\u003Cli>Remove placeholder option\u003C\u002Fli>\n\u003Cli>Placeholder Required mark add\u002Fremove\u003C\u002Fli>\n\u003Cli>Comment form all text changes\u003C\u002Fli>\n\u003Cli>Post Comment button position change\u003C\u002Fli>\n\u003Cli>Comment form fields add\u002Fremove option\u003C\u002Fli>\n\u003Cli>Don’t load extra codes\u003C\u002Fli>\n\u003Cli>Hand Coding Plugin\u003C\u002Fli>\n\u003Cli>No use of any Framework\u002FLibrary\u003C\u002Fli>\n\u003Cli>Light Weight Plugin\u003C\u002Fli>\n\u003Cli>Author Contact info, If you face any problems.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage The Plugin\u003C\u002Fh3>\n\u003Cp>You can use this plugin with some steps, like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Search and Install the Comment Form WP. You will be redirected to the plugin admin page after installing it.\u003C\u002Fli>\n\u003Cli>You can change everything from here customize and modify all things of comment form.\u003C\u002Fli>\n\u003Cli>Then you go to your website and when you will see your changed and lovely comment form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Benefit\u003C\u002Fh3>\n\u003Cp>An awesome and lovely comment form your will find in your website.\u003C\u002Fp>\n","Comment Form WP is a Default comment form customize\u002Fmodify WordPress Plugin. You can add\u002Fchange\u002Fremove your website comment form fields, texts.",600,4852,3,"2026-01-11T18:38:00.000Z","6.9.4","6.0","7.0",[94,95,96,97,98],"advanced-comment-form","comment-field-change","comment-form","customize-comment-form","wordpress-comment-form","https:\u002F\u002Fplugin.habibcoder.com\u002Fcomment-form-wp\u002Fhello-world\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-form-wp.2.0.1.zip",78,"2025-09-05 00:00:00",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":17,"tags":116,"homepage":121,"download_link":122,"security_score":123,"vuln_count":33,"unpatched_count":33,"last_vuln_date":124,"fetched_at":28},"customcomment","Custom Comment","2.1.6","imaprogrammer","https:\u002F\u002Fprofiles.wordpress.org\u002Fimaprogrammer\u002F","\u003Cp>This plugin lets you define more fields for comment to let your visitors include their facebook, twitter and … in their comments\u003C\u002Fp>\n\u003Ch3>Development Blog\u003C\u002Fh3>\n\u003Cp>Please visit the plugin page at (http:\u002F\u002Fimaprogrammer.wordpress.com\u002F2011\u002F01\u002F11\u002Fcustom-comment), and feel free to leave feedback, bug reports and comments.\u003C\u002Fp>\n","This plugin lets you define more fields for comment to let your visitors include their facebook, twitter and ... in their comments",40,8081,"2011-10-15T08:19:00.000Z","3.2.1","2.7",[22,117,118,119,120],"comment-customization","comment-field","custom-comment","customize-comment","http:\u002F\u002Fimaprogrammer.wordpress.com\u002F2011\u002F01\u002F11\u002Fcustom-comment\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomcomment.2.1.6.zip",42,"2025-08-20 00:00:00",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":13,"downloaded":133,"rating":13,"num_ratings":13,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":92,"tags":137,"homepage":143,"download_link":144,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":53},"adsignalpro","AdSignalPro","8.1","arberotum","https:\u002F\u002Fprofiles.wordpress.org\u002Farberotum\u002F","\u003Cp>AdSignalPro: Guard your WordPress site with AdSignalPro! Defend against AdWords click attacks, thwart login breaches, and receive instant WhatsApp alerts. Stay vigilant against threats and effortlessly monitor visitor comments. Elevate your site’s security and responsiveness!\u003C\u002Fp>\n\u003Ch3>Third-Party Service Usage\u003C\u002Fh3>\n\u003Cp>This plugin utilizes a third-party service provided by AdSignalPro under specific circumstances. The service is employed for [analytics, notifications].\u003C\u002Fp>\n\u003Cp>For more information about the service, you can visit the \u003Ca href=\"https:\u002F\u002Fwapiwp.com\u002FAdSignalPro.html\" rel=\"nofollow ugc\">AdSignalPro Service\u003C\u002Fa> link.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tags: \u003C\u002Fstrong>AdWords request notification, WhatsApp lead alerts, comment notification to WhatsApp, login attempt alerts, WordPress login notification, phone notifications, AdSignalPro\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fwapiwp.com\u002FPrivacyPolicy.html\u003C\u002Fp>\n\u003Ch3>Third-Party Service Usage\u003C\u002Fh3>\n\u003Cp>Please review the [Terms of Service]\u003Cbr \u002F>\nhttps:\u002F\u002Fwapiwp.com\u002FAdSignalProterms.html\u003Cbr \u002F>\nSweetAlert2 GitHub\u003Cbr \u002F>\nhttps:\u002F\u002Fgithub.com\u002Fsweetalert2\u002Fsweetalert2\u003C\u002Fp>\n","Google AdWords Click Fraud, Attack Notifications: Real-time data, sharp analysis.",643,"2024-10-03T21:10:00.000Z","6.6.5","5.6.0",[138,139,140,141,142],"adwords-request-notification","comment-notification-to-whatsapp","login-attempt-alerts","whatsapp-lead-alerts","wordpress-login-notification","http:\u002F\u002Fwapiwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadsignalpro.zip",{"attackSurface":146,"codeSignals":171,"taintFlows":308,"riskAssessment":377,"analyzedAt":390},{"hooks":147,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":13,"unprotectedCount":13},[148,154,158,163],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","plugins_loaded","loadPluginTextDomain","core\\naipb-controller.php",107,{"type":149,"name":155,"callback":156,"file":152,"line":157},"admin_menu","addMenu",122,{"type":149,"name":159,"callback":160,"priority":161,"file":152,"line":162},"comment_post","sendLetterAfterCommentSent",11,125,{"type":149,"name":164,"callback":165,"priority":11,"file":152,"line":166},"wpcf7_before_send_mail","sendLetterAfterCF7Sent",128,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":193,"fileOperations":46,"externalRequests":46,"nonceChecks":33,"capabilityChecks":13,"bundledLibraries":307},[],{"prepared":174,"raw":174,"locations":175},6,[176,180,182,185,188,190],{"file":177,"line":178,"context":179},"core\\naipb-model.php",126,"$wpdb->get_results() with variable interpolation",{"file":177,"line":181,"context":179},140,{"file":177,"line":183,"context":184},154,"$wpdb->get_row() with variable interpolation",{"file":177,"line":186,"context":187},198,"$wpdb->get_var() with variable interpolation",{"file":177,"line":189,"context":184},213,{"file":177,"line":191,"context":192},242,"$wpdb->query() with variable interpolation",{"escaped":194,"rawEcho":195,"locations":196},9,65,[197,201,202,204,205,207,209,210,212,213,214,216,218,219,221,223,225,227,228,229,231,232,234,236,237,238,240,241,243,245,246,247,249,251,252,253,255,257,259,260,262,264,265,266,268,270,271,272,274,276,278,280,281,283,285,287,289,291,293,295,297,300,302,304,305],{"file":198,"line":199,"context":200},"views\\tpl-admin-settings.php",7,"raw output",{"file":198,"line":35,"context":200},{"file":198,"line":203,"context":200},31,{"file":198,"line":203,"context":200},{"file":198,"line":206,"context":200},34,{"file":198,"line":208,"context":200},35,{"file":198,"line":208,"context":200},{"file":198,"line":211,"context":200},39,{"file":198,"line":111,"context":200},{"file":198,"line":111,"context":200},{"file":198,"line":215,"context":200},58,{"file":198,"line":217,"context":200},60,{"file":198,"line":217,"context":200},{"file":198,"line":220,"context":200},64,{"file":198,"line":222,"context":200},71,{"file":198,"line":224,"context":200},88,{"file":198,"line":226,"context":200},89,{"file":198,"line":226,"context":200},{"file":198,"line":77,"context":200},{"file":198,"line":230,"context":200},93,{"file":198,"line":230,"context":200},{"file":198,"line":233,"context":200},96,{"file":198,"line":235,"context":200},97,{"file":198,"line":235,"context":200},{"file":198,"line":45,"context":200},{"file":198,"line":239,"context":200},101,{"file":198,"line":239,"context":200},{"file":198,"line":242,"context":200},104,{"file":198,"line":244,"context":200},105,{"file":198,"line":244,"context":200},{"file":198,"line":244,"context":200},{"file":198,"line":248,"context":200},119,{"file":198,"line":250,"context":200},123,{"file":198,"line":162,"context":200},{"file":198,"line":162,"context":200},{"file":198,"line":254,"context":200},129,{"file":198,"line":256,"context":200},138,{"file":198,"line":258,"context":200},141,{"file":198,"line":258,"context":200},{"file":198,"line":261,"context":200},144,{"file":198,"line":263,"context":200},145,{"file":198,"line":263,"context":200},{"file":198,"line":263,"context":200},{"file":198,"line":267,"context":200},149,{"file":198,"line":269,"context":200},150,{"file":198,"line":269,"context":200},{"file":198,"line":269,"context":200},{"file":198,"line":273,"context":200},166,{"file":198,"line":275,"context":200},167,{"file":198,"line":277,"context":200},172,{"file":198,"line":279,"context":200},173,{"file":198,"line":279,"context":200},{"file":198,"line":282,"context":200},197,{"file":198,"line":284,"context":200},214,{"file":198,"line":286,"context":200},221,{"file":198,"line":288,"context":200},224,{"file":198,"line":290,"context":200},243,{"file":198,"line":292,"context":200},249,{"file":198,"line":294,"context":200},250,{"file":198,"line":296,"context":200},277,{"file":298,"line":299,"context":200},"views\\tpl-page-blocked.php",13,{"file":298,"line":301,"context":200},19,{"file":298,"line":303,"context":200},29,{"file":298,"line":203,"context":200},{"file":298,"line":306,"context":200},37,[],[309,334,344,359],{"entryPoint":310,"graph":311,"unsanitizedCount":46,"severity":333},"unBlockedIp (core\\naipb-controller.php:558)",{"nodes":312,"edges":329},[313,318,322],{"id":314,"type":315,"label":316,"file":152,"line":317},"n0","source","$_POST",570,{"id":319,"type":320,"label":321,"file":152,"line":317},"n1","transform","→ getRequest()",{"id":323,"type":324,"label":325,"file":326,"line":327,"wp_function":328},"n2","sink","file_get_contents() [SSRF\u002FLFI]","inc\\class-naipb-helper.php",109,"file_get_contents",[330,332],{"from":314,"to":319,"sanitized":331},false,{"from":319,"to":323,"sanitized":331},"medium",{"entryPoint":335,"graph":336,"unsanitizedCount":46,"severity":333},"\u003Cclass-naipb-helper> (inc\\class-naipb-helper.php:0)",{"nodes":337,"edges":342},[338,341],{"id":314,"type":315,"label":339,"file":326,"line":340},"$_SERVER",83,{"id":319,"type":324,"label":325,"file":326,"line":327,"wp_function":328},[343],{"from":314,"to":319,"sanitized":331},{"entryPoint":345,"graph":346,"unsanitizedCount":46,"severity":358},"menuSettings (core\\naipb-controller.php:205)",{"nodes":347,"edges":355},[348,350,352],{"id":314,"type":315,"label":316,"file":152,"line":349},269,{"id":319,"type":320,"label":351,"file":152,"line":349},"→ getSearchBlockedIpLists()",{"id":323,"type":324,"label":353,"file":177,"line":181,"wp_function":354},"get_results() [SQLi]","get_results",[356,357],{"from":314,"to":319,"sanitized":331},{"from":319,"to":323,"sanitized":331},"high",{"entryPoint":360,"graph":361,"unsanitizedCount":33,"severity":358},"\u003Cnaipb-controller> (core\\naipb-controller.php:0)",{"nodes":362,"edges":372},[363,364,365,366,368,370],{"id":314,"type":315,"label":316,"file":152,"line":349},{"id":319,"type":320,"label":351,"file":152,"line":349},{"id":323,"type":324,"label":353,"file":177,"line":181,"wp_function":354},{"id":367,"type":315,"label":316,"file":152,"line":317},"n3",{"id":369,"type":320,"label":321,"file":152,"line":317},"n4",{"id":371,"type":324,"label":325,"file":326,"line":327,"wp_function":328},"n5",[373,374,375,376],{"from":314,"to":319,"sanitized":331},{"from":319,"to":323,"sanitized":331},{"from":367,"to":369,"sanitized":331},{"from":369,"to":371,"sanitized":331},{"summary":378,"deductions":379},"The \"notifier-and-ip-blocker\" v1.0 plugin presents a mixed security posture.  While the plugin has a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected, and boasts a lack of known vulnerabilities or CVEs, several concerning code signals indicate potential weaknesses.  Specifically, the 50% of SQL queries not using prepared statements is a significant concern, as is the extremely low 12% rate of properly escaped output.  This suggests a high likelihood of SQL injection and cross-site scripting (XSS) vulnerabilities, respectively.\n\nThe taint analysis revealing two high-severity flows with unsanitized paths further exacerbates these concerns. These flows, combined with the insufficient output escaping and raw SQL queries, point to critical areas where attacker-controlled data could be processed or rendered without proper validation or sanitization, potentially leading to serious security breaches. The absence of capability checks is also a notable omission, which, when combined with other weaknesses, could allow unauthorized actions.",[380,383,385,388],{"reason":381,"points":382},"SQL queries not using prepared statements",15,{"reason":384,"points":382},"Low rate of properly escaped output",{"reason":386,"points":387},"High severity taint flows with unsanitized paths",12,{"reason":389,"points":11},"No capability checks found","2026-03-17T01:03:45.387Z",{"wat":392,"direct":401},{"assetPaths":393,"generatorPatterns":396,"scriptPaths":397,"versionParams":398},[394,395],"\u002Fwp-content\u002Fplugins\u002Fnotifier-and-ip-blocker\u002Fassets\u002Fcss\u002Fadmin-naipb-styles.css","\u002Fwp-content\u002Fplugins\u002Fnotifier-and-ip-blocker\u002Fassets\u002Fjs\u002Fadmin-naipb-scripts.js",[],[395],[399,400],"notifier-and-ip-blocker\u002Fassets\u002Fcss\u002Fadmin-naipb-styles.css?ver=","notifier-and-ip-blocker\u002Fassets\u002Fjs\u002Fadmin-naipb-scripts.js?ver=",{"cssClasses":402,"htmlComments":405,"htmlAttributes":406,"restEndpoints":408,"jsGlobals":409,"shortcodeOutput":411},[403,404],"naipb-settings-wrap","naipb-settings-section",[4],[407],"data-naipb-slug",[],[410],"naipb_admin_params",[412,413,414,415,416,417],"[name]","[email]","[url]","[sitename]","[siteurl]","[blockedipurl]",{"error":419,"url":420,"statusCode":421,"statusMessage":422,"message":422},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnotifier-and-ip-blocker\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":424},[]]