[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-jb74mxMbKnl19oktFEyApcdYlxJ4pLXjK-0f2g2YOM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":52,"analysis":142,"fingerprints":185},"openpgp-form-encryption","OpenPGP Form Encryption for WordPress","1.5.1","arnesonium","https:\u002F\u002Fprofiles.wordpress.org\u002Farnesonium\u002F","\u003Cp>This plugin uses \u003Ca href=\"http:\u002F\u002Fopenpgpjs.org\u002F\" rel=\"nofollow ugc\">OpenPGP.js\u003C\u002Fa> to provide public key encryption for a\u003Cbr \u002F>\ntextarea. It is most useful for any kind of text area that will be\u003Cbr \u002F>\nsubmitted via email or over an unsecured network connection.\u003C\u002Fp>\n\u003Cp>The GitHub repository for this plugin is located at https:\u002F\u002Fgithub.com\u002Fpymander\u002Fwordpress-openpgp\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>This plugin provides a simple shortcode which you can add to your\u003Cbr \u002F>\nforms. To use the shortcode, you must first upload your ASCII-armored\u003Cbr \u002F>\npublic key to your blog’s media section. Note that the public key must\u003Cbr \u002F>\nreside on the same server as your blog.\u003C\u002Fp>\n\u003Cp>The \u003Ccode>cryptbutton\u003C\u002Fcode> shortcode takes the following arguments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>keyid\u003C\u002Fstrong>\u003Cbr \u002F>\nThe media ID of your ASCII-armored public key. Either this or \u003Ccode>keyurl\u003C\u002Fcode>\u003Cbr \u002F>\nare required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>keyurl\u003C\u002Fstrong>\u003Cbr \u002F>\nThe URL for your ASCII-armored public key. Either this argument or\u003Cbr \u002F>\n    keyid are required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>textarea\u003C\u002Fstrong>\u003Cbr \u002F>\nOptional. The HTML ID for the textarea element to be encrypted. When\u003Cbr \u002F>\nthis is omitted, the plugin will try to find the correct textarea\u003Cbr \u002F>\nautomatically.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>class\u003C\u002Fstrong>\u003Cbr \u002F>\nOptional. Specify additional CSS classes for the button element.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>text\u003C\u002Fstrong>\u003Cbr \u002F>\nOptional. Specify the button text. This defaults to “Encrypt”. You can\u003Cbr \u002F>\nalso use the shortcode as an open\u002Fclose tag, and the contents will be\u003Cbr \u002F>\nused as the button text.\u003C\u002Fp>\n\u003Ch4>Example\u003C\u002Fh4>\n\u003Cp>This example uses the \u003Ca href=\"http:\u002F\u002Fjetpack.me\u002F\" rel=\"nofollow ugc\">Jetpack for WordPress\u003C\u002Fa> contact form. You can\u003Cbr \u002F>\nsee an example of the output on my \u003Ca href=\"http:\u002F\u002Farnesonium.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Contact page\u003C\u002Fa>. The WordPress code\u003Cbr \u002F>\nlooks something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[contact-form subject='ARNESONIUM CONTACT']\n[contact-field label='Name' type='name' required='1'\u002F]\n[contact-field label='Email' type='email' required='1'\u002F]\n[contact-field label='Phone' type='text'\u002F]\n[contact-field label='Comment' type='textarea' required='1'\u002F]\n[cryptbutton keyid=42]Encrypt[\u002Fcryptbutton]\n[\u002Fcontact-form]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Line 6 displays the cryptbutton usage. Note that I changed some\u003Cbr \u002F>\nelements of this example to make things clearer. You will need to play\u003Cbr \u002F>\nwith layout and CSS to get things looking nice.\u003C\u002Fp>\n\u003Ch4>Contact Form 7\u003C\u002Fh4>\n\u003Cp>This plugin also adds a \u003Ccode>cryptbutton\u003C\u002Fcode> shortcode to\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fcontactform7.com\u002F\" rel=\"nofollow ugc\">Contact Form 7\u003C\u002Fa>. Shortcodes use a slightly\u003Cbr \u002F>\ndifferent syntax with CF7. All of the options are still available, but\u003Cbr \u002F>\nthe example above would be used in a form like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cp>\n[cryptbutton keyid:42 \"Encrypt\"]\n[submit \"Send\"]\n\u003C\u002Fp>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","OpenPGP public key encryption for any textarea with a shortcode button.",30,5664,100,1,"2024-04-17T16:40:00.000Z","4.9.29","4.0","",[20,21,22,23,24],"encryption","forms","gnupg","openpgp","pgp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopenpgp-form-encryption.v1.5.1.zip",91,0,"2024-06-22 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2024-3919","openpgp-form-encryption-for-wordpress-authenticated-contributor-stored-cross-site-scripting","OpenPGP Form Encryption for WordPress \u003C= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The OpenPGP Form Encryption for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.5.0","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-06-27 14:24:09",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2b1f068f-6473-4875-a990-dd4bf337e7b7?source=api-prod",6,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":48,"avg_security_score":49,"avg_patch_time_days":45,"trust_score":50,"computed_at":51},2,40,88,92,"2026-04-04T15:57:20.556Z",[53,74,95,106,124],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"pgp-key-generator","PGP Key Generator","1.13","wp2pgpmail","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp2pgpmail\u002F","\u003Cp>With PGP Key Generator, your visitors can generate their own private and public PGP keys. It is also possible to use the plugin to encrypt and unencrypt a PGP message.\u003C\u002Fp>\n\u003Cp>Check \u003Ca href=\"https:\u002F\u002Fwp2pgpmail.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwp2pgpmail.com\u003C\u002Fa> for more info.\u003C\u002Fp>\n\u003Cp>Is it secure ?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All code is implememented in readable Javascript.\u003C\u002Fli>\n\u003Cli>You can verify the source code.\u003C\u002Fli>\n\u003Cli>No binaries are loaded from a server or used embedded.\u003C\u002Fli>\n\u003Cli>No hidden transfer of plain text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is based on the tool developed by \u003Ca href=\"http:\u002F\u002Fianpurton.com\u002F\" rel=\"nofollow ugc\">Ian Purton\u003C\u002Fa>.\u003C\u002Fp>\n","A plugin to generate private and public PGP keys. No need to install any software to encrypt and decrypt PGP messages.",50,8635,80,4,"2026-02-23T11:23:00.000Z","6.9.4","2.9.2","5.6",[70,20,22,71,24],"contact-form","key-generator","https:\u002F\u002Fwp2pgpmail.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpgp-key-generator.1.13.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":50,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":92,"download_link":93,"security_score":94,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"wp-pgp-encrypted-emails","WP PGP Encrypted Emails","0.8.0","Meitar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeitar\u002F","\u003Cp>WP PGP Encrypted Emails can automatically sign and encrypt any email that WordPress sends to your site’s admin email address or your users’s email addresses. You give it a copy of the recipient’s OpenPGP public key and\u002For their S\u002FMIME certificate, and it does the rest. You can even automatically generate an OpenPGP signing keypair for your site to use.\u003C\u002Fp>\n\u003Cp>Encrypting outgoing emails protects your user’s privacy by ensuring that emails intended for them can be read only by them, and them alone. Moreover, signing those emails helps your users verify that email they receive purporting to be from your site was \u003Cem>actually\u003C\u002Fem> sent by your server, and not some imposter. If you’re a plugin or theme developer, you can encrypt and\u002For sign \u003Cem>arbitrary data\u003C\u002Fem> using this plugin’s OpenPGP and S\u002FMIME APIs, which are both built with familiar, standard WordPress filter hooks. This enables you to develop highly secure communication and publishing tools fully integrated with your WordPress install. See the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002F#readme\" rel=\"nofollow ugc\">\u003Ccode>README.markdown\u003C\u002Fcode>\u003C\u002Fa> file for details on cryptographic implementation and API usage.\u003C\u002Fp>\n\u003Cp>\u003Cem>Donations for this and my other free software plugins make up a chunk of my income. If you continue to enjoy this plugin, please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. 🙂 Thank you for your support!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Plugin features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Processes \u003Cem>all\u003C\u002Fem> email your site generates, automatically and transparently.\u003C\u002Fli>\n\u003Cli>Configure outbound signing: sign email sent to \u003Cem>all\u003C\u002Fem> recipients, or just savvy ones.\u003C\u002Fli>\n\u003Cli>Per-user encryption keys and certificates; user manages their own OpenPGP keys and S\u002FMIME certificates.\u003C\u002Fli>\n\u003Cli>Compatible with thousands (yes, thousands) of third-party contact form plugins.\u003C\u002Fli>\n\u003Cli>Full interoperability with all standards-compliant OpenPGP and S\u002FMIME implementations.\u003C\u002Fli>\n\u003Cli>Options to enforce further privacy best practices (e.g., removing \u003Ccode>Subject\u003C\u002Fcode> lines).\u003C\u002Fli>\n\u003Cli>Fully multisite compatible, out of the box. No additional configuration for large networks!\u003C\u002Fli>\n\u003Cli>No binaries to install or configure; everything you need is in the plugin itself.\u003C\u002Fli>\n\u003Cli>Bells and whistles included! For instance, visitors can encrypt comments on posts so only the author can read them.\u003C\u002Fli>\n\u003Cli>Built-in, customizable integration with popular third-party plugins, such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Always \u003Cstrong>FREE\u003C\u002Fstrong>. Replaces paid email encryption “upgrades,” and gets rid of yearly subscription fees. (\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">Donations\u003C\u002Fa> appreciated!)\u003C\u002Fli>\n\u003Cli>And \u003Cem>more\u003C\u002Fem>, of course. 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin works transparently for \u003Cem>all email\u003C\u002Fem> your site generates, and will also sign and encrypt outgoing email generated by other plugins (such as contact form plugins) or the built-in WordPress notification emails. All you have to do is add one or more OpenPGP keys or an S\u002FMIME certificate to the Email Encryption screen (WordPress Admin Dashboard → Settings → Email Encryption). Each user can opt to also remove envelope information such as email subject lines, which encryption schemes cannot protect. With this plugin, there’s no longer any need to pay for the “pro” version of your favorite contact form plugin to get the benefit of email privacy.\u003C\u002Fp>\n\u003Cp>Each of your site’s users can supply their own, personal OpenPGP public key and\u002For X.509 S\u002FMIME certificate for their own email address to have WordPress automatically encrypt any email destined for them. (They merely need to update their user profile.) They can choose which encryption method to use. Once set up, all future emails WordPress sends to that user will be encrypted using the standards-based OpenPGP or S\u002FMIME technologies.\u003C\u002Fp>\n\u003Cp>The OpenPGP-encrypted emails can be decrypted by any OpenPGP-compatible mail client, such as \u003Ca href=\"https:\u002F\u002Fgpgtools.org\u002F\" rel=\"nofollow ugc\">MacGPG\u003C\u002Fa> (macOS), \u003Ca href=\"https:\u002F\u002Fwww.gpg4win.org\u002F\" rel=\"nofollow ugc\">GPG4Win\u003C\u002Fa> (Windows), \u003Ca href=\"https:\u002F\u002Fwww.enigmail.net\u002F\" rel=\"nofollow ugc\">Enigmail\u003C\u002Fa> (cross-platform), \u003Ca href=\"https:\u002F\u002Fopenkeychain.org\u002F\" rel=\"nofollow ugc\">OpenKeychain\u003C\u002Fa> (Android), or \u003Ca href=\"https:\u002F\u002Fipgmail.com\u002F\" rel=\"nofollow ugc\">iPGMail\u003C\u002Fa> (iPhone\u002FiOS). For more information on reading encrypted emails, generating keys, and other uses for OpenPGP-compatible encryption, consult any (or all!) of the following guides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fssd.eff.org\u002Fen\u002Fmodule\u002Fintroduction-public-key-cryptography-and-pgp\" rel=\"nofollow ugc\">The Electronic Frontier Foundation’s Surveillance Self-Defense guide to PGP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhelp.riseup.net\u002Fen\u002Fgpg-best-practices\" rel=\"nofollow ugc\">RiseUp.net’s OpenPGP best practices guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.openpgp.org\u002F\" rel=\"nofollow ugc\">OpenPGP.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The S\u002FMIME-encrypted emails can be decrypted by any S\u002FMIME-compatible mail client. These include \u003Ca href=\"http:\u002F\u002Fsiber-sonic.com\u002Fmac\u002FMailSMIME\u002F\" rel=\"nofollow ugc\">Apple’s Mail on macOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-au\u002FHT202345\" rel=\"nofollow ugc\">iOS for iPhone and iPad\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fsupport.office.com\u002Fen-us\u002Farticle\u002FEncrypt-messages-by-using-S-MIME-in-Outlook-Web-App-2E57E4BD-4CC2-4531-9A39-426E7C873E26\" rel=\"nofollow ugc\">Microsoft Outlook\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.claws-mail.org\u002Ffaq\u002Findex.php\u002FS\u002FMIME_howto\" rel=\"nofollow ugc\">Claws Mail for GNU\u002FLinux\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>For developers, WP PGP Encrypted Emails provides \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#openpgp-api\" rel=\"nofollow ugc\">an easy to use API to both OpenPGP\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#smime-api\" rel=\"nofollow ugc\">S\u002FMIME\u003C\u002Fa> encryption, decryption, and integrity validation operations through the familiar \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\" rel=\"nofollow ugc\">WordPress plugin API\u003C\u002Fa> so you can use this plugin’s simple filter hooks to build custom OpenPGP- or S\u002FMIME-based encryption functionality into your own plugins and themes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security is a process, not a product. Using WP PGP Encrypted Emails does not guarantee that your site’s outgoing messages are invulnerable to every attacker, in every possible scenario, at all times. No single security measure, in isolation, can do that.\u003C\u002Fp>\n\u003Cp>Do not rely solely on this plugin for the security or privacy of your webserver. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-pgp-encrypted-emails\u002Ffaq\u002F\" rel=\"ugc\">Frequently Asked Questions\u003C\u002Fa> for more security advice and for more information about the rationale for this plugin.\u003Cbr \u002F>\nIf you like this plugin, \u003Cstrong>please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> for your use of the plugin\u003C\u002Fstrong> or, better yet, contributing directly to \u003Ca href=\"http:\u002F\u002FCyberbusking.org\u002F\" rel=\"nofollow ugc\">my Cyberbusking fund\u003C\u002Fa>. Your support is appreciated!\u003C\u002Fp>\n\u003Ch4>Themeing\u003C\u002Fh4>\n\u003Cp>Theme authors can use the following code snippets to integrate a WordPress theme with this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To link to a site’s OpenPGP signing public key: \u003Ccode>\u003C?php print admin_url( 'admin-ajax.php?action=download_pgp_signing_public_key' ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin hooks\u003C\u002Fh4>\n\u003Cp>This plugin offers additional functionality intended for other plugin developers or theme authors to make use of. This functionality is documented here.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Ch4>`wp_user_encryption_method`\u003C\u002Fh4>\n\u003Cp>Gets the user’s preferred encryption method (either \u003Ccode>pgp\u003C\u002Fcode> or \u003Ccode>smime\u003C\u002Fcode>), if they have provided both an OpenPGP public key and an S\u002FMIME certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved OpenPGP public key from their WordPress profile data, immediately usable in other \u003Ccode>openpgp_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`openpgp_enarmor`\u003C\u002Fh4>\n\u003Cp>Gets an ASCII-armored representation of an OpenPGP data structure (like a key, or an encrypted message).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to be armored.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$marker\u003C\u002Fcode> – The marker of the block (the text that follows \u003Ccode>-----BEGIN\u003C\u002Fcode>). Defaults to \u003Ccode>MESSAGE\u003C\u002Fcode>, but you should set this to a more appropriate value. If you are armoring a PGP public key, for instance, set this to \u003Ccode>PGP PUBLIC KEY BLOCK\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – An array of strings to apply as headers to the ASCII-armored block, usually used to insert comments or identify the OpenPGP client used. Defaults to \u003Ccode>array()\u003C\u002Fcode> (no headers).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: ASCII-armor a binary public key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$ascii_key = apply_filters('openpgp_enarmor', $public_key, 'PGP PUBLIC KEY BLOCK');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_key`\u003C\u002Fh4>\n\u003Cp>Gets a binary OpenPGP public key for use in later PGP operations from an ASCII-armored representation of that key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$key\u003C\u002Fcode> – The ASCII-armored PGP public key block.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Get a key saved as an ASCII string in the WordPress database option \u003Ccode>my_plugin_pgp_public_key\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$key = apply_filters('openpgp_key', get_option('my_plugin_pgp_public_key'));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.gnupg.org\u002Fgph\u002Fen\u002Fmanual\u002Fx135.html#AEN152\" rel=\"nofollow ugc\">Clearsigns\u003C\u002Fa> a message using a given private key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The message data to sign.\u003C\u002Fli>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use, obtained by passing the ASCII-armored private key through the \u003Ccode>openpgp_key\u003C\u002Fcode> filter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Sign a short string.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$message = 'This is a message to sign.';\n$signing_key = apply_filters('openpgp_key', $ascii_key);\n$signed_message = apply_filters('openpgp_sign', $message, $signing_key);\n\u002F\u002F $signed_message is now a clearsigned message\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts data to one or more PGP public keys or passphrases.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – Data to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$keys\u003C\u002Fcode> – Passphrases or keys to use to encrypt the data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Encrypt the content of a blog post.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F First, get the PGP public key(s) of the recipient(s)\n$ascii_key = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n[...snipped for length...]\n-----END PGP PUBLIC KEY BLOCK-----';\n$encryption_key = apply_filters('openpgp_key', $ascii_key);\n$encrypted_post = apply_filters('openpgp_encrypt', $post->post_content, $encryption_key);\n\u002F\u002F Now you can safely send or display $encrypted_post anywhere you like and only\n\u002F\u002F those who control the corresponding private key(s) can decrypt it.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>Signs a message (arbitrary data) with the given private key.\u003C\u002Fp>\n\u003Cp>Note that if your plugin uses the built-in WordPress core \u003Ccode>wp_mail()\u003C\u002Fcode> function and this plugin is active, your plugin’s outgoing emails are already automatically signed so you do not need to do anything. This filter is intended for use by plugin developers who want to create custom, trusted communiques between WordPress and some other system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$privatekey\u003C\u002Fcode> – The private key used for signing the message. The default is to use the private key automatically generated during plugin activation. The automatically generated keypair is intended to be a low-trust, single-purpose keypair for your website itself, so you probably do not need or want to use this argument yourself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Send a signed, encrypted JSON payload to a remote, insecure server.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$comment_data = get_comment(2); \u002F\u002F get a WP_Comment object with comment ID 2\n\u002F\u002F Create JSON payload\n$json = array('success' => true, 'action' => 'new_comment', 'data' => $comment_data);\n$url = 'http:\u002F\u002Finsecure.example.com\u002F';\n$response = wp_safe_remote_post($url, array(\n));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign_and_encrypt`\u003C\u002Fh4>\n\u003Cp>A convenience filter that applies \u003Ccode>openpgp_sign\u003C\u002Fcode> and then \u003Ccode>openpgp_encrypt\u003C\u002Fcode> to the result.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign and encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$recipient_keys_and_passphrases\u003C\u002Fcode> – Public key(s) of the recipient(s), or passphrases to encrypt to.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved S\u002FMIME public certificate from their WordPress profile data, immediately usable in other \u003Ccode>smime_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate`\u003C\u002Fh4>\n\u003Cp>Gets a PHP resource handle to an X.509 Certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>mixed\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode> – The certificate, either as a string to a file, or raw PEM-encoded certificate data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate_pem_encode`\u003C\u002Fh4>\n\u003Cp>Encodes (“exports”) a given X.509 certificate as PEM format.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>resource\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts a message as an S\u002FMIME email given a public certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$message\u003C\u002Fcode> – The message contents to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string|string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – The message headers for the encrypted part.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resource|array\u003C\u002Fcode> \u003Ccode>$certificates\u003C\u002Fcode> – The recipient’s certificate, or an array of recipient certificates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This filter returns an array with two keys, \u003Ccode>headers\u003C\u002Fcode> and \u003Ccode>message\u003C\u002Fcode>, wherein the message is encrypted.\u003C\u002Fp>\n\u003Cp>Example: send an encrypted email via \u003Ccode>wp_mail()\u003C\u002Fcode>. (You do not need to do this if the recipient is registered as your site’s user, because this plugin does that automatically. Only do this if you need to send S\u002FMIME encrypted email to an address not stored in WordPress’s own database.)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$cert = apply_filters( 'smime_certificate', get_option( 'my_plugin_smime_certificate' ) );\n$body = 'This is a test email message body.';\n$head = array(\n    'From' => get_option( 'admin_email' ),\n);\n$smime_data = apply_filters( 'smime_encrypt', $body, $head, $cert );\nif ( $smime_data ) {\n    wp_mail(\n        'recipient@example.com',\n        'Test message.',\n        $smime_data['message'], \u002F\u002F message is sent encrypted\n        $smime_data['headers']\n    );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Signs and encrypts emails using PGP\u002FGPG keys or X.509 certificates. Provides OpenPGP and S\u002FMIME functions via WordPress plugin API.",400,25921,16,"2021-05-25T19:04:00.000Z","5.7.15","4.4",[89,20,24,90,91],"email","privacy","security","https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-pgp-encrypted-emails.0.8.0.zip",85,{"slug":57,"name":57,"version":96,"author":57,"author_profile":58,"description":97,"short_description":98,"active_installs":63,"downloaded":99,"rating":49,"num_ratings":100,"last_updated":101,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":102,"homepage":104,"download_link":105,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"1.28","\u003Cp>With wp2pgpmail, your visitors can send you a PGP encrypted message very easily. A contact form will offer encryption for sending you confidental messages.\u003C\u002Fp>\n\u003Cp>Don’t have any PGP key? \u003Ca href=\"https:\u002F\u002Fwp2pgpmail.com\u002Fpgp-key-generator\u002F\" rel=\"nofollow ugc\">Try our online PGP key generator\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get more features with \u003Ca href=\"https:\u002F\u002Fwp2pgpmail.com\" rel=\"nofollow ugc\">Gravity Forms PGP Encryption plugin\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you are using \u003Ca href=\"http:\u002F\u002Fbit.ly\u002FGravityFormsWordPress\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, you can use the Pro version: \u003Ca href=\"https:\u002F\u002Fwp2pgpmail.com\" rel=\"nofollow ugc\">Gravity Forms PGP Encryption plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FBAi66orTOUs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>It’s working with \u003Ca href=\"http:\u002F\u002Fbit.ly\u002FGravityFormsWordPress\" rel=\"nofollow ugc\">Gravity Forms\u003C\u002Fa>, the best full featured contact form plugin for WordPress.\u003C\u002Fp>\n\u003Cp>With the paid version, you will get:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Additional Fields\u003C\u002Fli>\n\u003Cli>Unlimited Forms\u003C\u002Fli>\n\u003Cli>Nested Drag n’ Drop\u003C\u002Fli>\n\u003Cli>Advanced Email Configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check it at \u003Ca href=\"https:\u002F\u002Fwp2pgpmail.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwp2pgpmail.com\u003C\u002Fa>. We are still working on the Free version.\u003C\u002Fp>\n\u003Cp>How does it work ?\u003C\u002Fp>\n\u003Cp>wp2pgpmail includes an OpenPGP Message Encryption System in Javascript, based on \u003Ca href=\"http:\u002F\u002Fwww.haneWIN.de\" rel=\"nofollow ugc\">Herbert Hanewinkel’s work\u003C\u002Fa>. Visitors enter a message in a form, encrypt it (with the PGP public key you entered in wp2pgpmail option settings), then an e-mail is sent to you (blog admin e-mail address). The message is encrypted locally on the visitor’s computer, so no data is transfered in clear !\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FnnY2xirKXkQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Is it secure ?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All code is implememented in readable Javascript.\u003C\u002Fli>\n\u003Cli>You can verify the source code.\u003C\u002Fli>\n\u003Cli>No binaries are loaded from a server or used embedded.\u003C\u002Fli>\n\u003Cli>No hidden transfer of plain text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Supported languages :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Estonian\u003C\u002Fli>\n\u003Cli>Greek\u003C\u002Fli>\n\u003Cli>Indonesian\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple PGP Mail Form Plugin. Enter your PGP public key, then visitors will be able to send you PGP encrypted messages by mail from a form.",12163,5,"2026-02-23T11:04:00.000Z",[70,103,20,24,90],"encrypt","http:\u002F\u002Fwp2pgpmail.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp2pgpmail.1.28.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":61,"downloaded":114,"rating":13,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":18,"tags":119,"homepage":18,"download_link":123,"security_score":94,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"secure-encrypted-form","Secure Encrypted Form","1.0.1","Daniel P.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanidub\u002F","\u003Cp>This plugin allows you to insert a \u003Cem>“secure form”\u003C\u002Fem> into your website through a simple shortocde. It is usefull when you need to \u003Cstrong>receive sensitive data of any kind, establishing a \u003Cem>“safe channel”\u003C\u002Fem>\u003C\u002Fstrong>.\u003Cbr \u002F>\nThe data is sent encrypted with your PGP public key.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Just fill in some plugin options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The destination email (your email)\u003C\u002Fli>\n\u003Cli>Your PGP public key in ASCII armored version\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Hint: to see your private key you can enter your computer console and run two commands, one to list and one to export (must have GnuPG):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>gpg --list-keys\ngpg --armor --export username@email\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Remember your public key needs to be exported in ASCII armored version, this means that will be surrounded with:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nyour-long-key-string-will-be-here\n\n-----END PGP PUBLIC KEY BLOCK-----\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Once the shortcode is placed into a page or post, it will render a form with the following fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Message\u003C\u002Fli>\n\u003Cli>Subject\u003C\u002Fli>\n\u003Cli>Name\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works\u003C\u002Fh4>\n\u003Cp>The \u003Cem>message\u003C\u002Fem> field will be encrypted with your \u003Cstrong>PGP public key\u003C\u002Fstrong> and sent as an attachment in \u003Cstrong>ASCII\u003C\u002Fstrong> format to the destination email you have configured.\u003C\u002Fp>\n\u003Cp>When creating the plugin logic I have made sure that the \u003Cem>message\u003C\u002Fem> field \u003Cstrong>is never sent to the web server\u003C\u002Fstrong>, the data is previously encrypted (on the fly) using \u003Cem>OpenPGP.js\u003C\u002Fem> library in the user who is browsing the website.\u003C\u002Fp>\n\u003Cp>You will only be able to decrypt the content of the attached file if you have the PGP private key belonging to the public key with which the message was encrypted.\u003C\u002Fp>\n\u003Cp>\u003Cem>Remember that the purpose of the plugin is only to display a form on your website and encrypt the information that is sent through the “message” field. This plugin does not take care of decrypting the attached file, this task is left to each user in the way they want.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Some usage examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Receive secret messages\u003C\u002Fli>\n\u003Cli>Receiving passwords from clients or friends\u003C\u002Fli>\n\u003Cli>Reception of sensitive information\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cp>In order to use this plugin you need to have or create a \u003Cstrong>PGP key pair\u003C\u002Fstrong>. If you don’t have your key pair generated you can browse the internet on how to generate it.\u003Cbr \u002F>\nThere are many ways to generate the key, each have a different impact on security.\u003C\u002Fp>\n\u003Ch4>TIP on generating PGP key pair\u003C\u002Fh4>\n\u003Cp>One of the best ways of generating your PGP key pair is using a computer witout Internet connection and using \u003Ca href=\"https:\u002F\u002Ftails.boum.org\" rel=\"nofollow ugc\">Tails OS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended software\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgnupg.org\" rel=\"nofollow ugc\">GNU Privacy Guard (Linux, OS X, Windows)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgpgtools.org\" rel=\"nofollow ugc\">GPG Suite (OS X)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.gpg4win.org\u002F\" rel=\"nofollow ugc\">Gpg4win (Windows)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>When you cannot find the answer to your question on the FAQ section, check the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsecure-encrypted-form\u002F\" rel=\"ugc\">support forum\u003C\u002Fa> on WordPress.org. If you cannot locate any topics that solve to your particular issue, post a new topic for it.\u003Cbr \u002F>\nRemember this support is offered for free and can take some hours\u002Fdays to answer and solve your issues.\u003C\u002Fp>\n\u003Ch4>Secure Contact Form needs your support\u003C\u002Fh4>\n\u003Cp>It is hard to continue development and support for this free plugin without contributions from users like you. \u003Cstrong>If you enjoy using Secure Contact Form and find it useful, please consider \u003Ca href=\"https:\u002F\u002Fcharrua.es\u002Fdonaciones\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>\u003C\u002Fstrong>. Your donation will help encourage and support the plugin’s continued development and better user support.\u003C\u002Fp>\n\u003Ch4>Privacy notices\u003C\u002Fh4>\n\u003Cp>With the default configuration, this plugin, in itself, does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Track users by stealth\u003C\u002Fli>\n\u003Cli>Write any user personal data to the database\u003C\u002Fli>\n\u003Cli>Send any data to external servers\u003C\u002Fli>\n\u003Cli>Use cookies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Actually the plugin ships in English and is translated to Spanish.\u003Cbr \u002F>\nYou can contribute and \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecure-encrypted-form\u002F\" rel=\"nofollow ugc\">translate this plugin to your own language\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin adds a secure form in your website that uses OpenPGP encryption to secure sensitive communications.",3093,3,"2024-02-23T13:38:00.000Z","6.4.8","5.3",[120,70,121,122,23],"contact","encrypted-form","form","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-encrypted-form.1.0.1.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":11,"downloaded":132,"rating":133,"num_ratings":115,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":18,"tags":137,"homepage":140,"download_link":141,"security_score":94,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"wp-jcryption","WP jCryption Security","0.5.1","andreyk","https:\u002F\u002Fprofiles.wordpress.org\u002Fandreyk\u002F","\u003Cp>The plugin increases security of a site in case it has no SSL certificate,\u003Cbr \u002F>\nuseful for owners of small sites who want to secure their passwords and\u003Cbr \u002F>\nother posted data but don’t want to buy SSL certificate for each domain\u003Cbr \u002F>\nand subdomain: it protects from sniffering the most important data such as\u003Cbr \u002F>\npasswords when they are being sent from forms of your site to the server.\u003C\u002Fp>\n\u003Cp>When the form served by the plugin is submitted all input data are being\u003Cbr \u002F>\njoined into a string, then this string is being encrypted with AES algorythm\u003Cbr \u002F>\nby disposable key and only encrypred string will be sent.\u003C\u002Fp>\n\u003Cp>A browser encrypts the disposable key in javascript by the RSA public key\u003Cbr \u002F>\nand sends it to the server; then the server decrypts it with the RSA private\u003Cbr \u002F>\nkey and then use it to decrypt the posted data with AES.\u003C\u002Fp>\n\u003Cp>Translations included: Ukrainian, Russian, German and Brazilian Portuguese.\u003C\u002Fp>\n\u003Cp>I just adapted usage in WordPress the jCryption jQuery plugin, v. 3.1.0.\u003Cbr \u002F>\nPlease check www.jcryption.org to learn how jCryption works.\u003C\u002Fp>\n","Prevents forms data against sniffing network traffic through encryption provided by jCryption javascript library.",2769,94,"2015-05-16T10:34:00.000Z","4.8.28","3.8.1",[20,21,138,139,91],"login","password","http:\u002F\u002Fandrey.eto-ya.com\u002Fwordpress\u002Fmy-plugins\u002Fwp-jcryption","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-jcryption.zip",{"attackSurface":143,"codeSignals":163,"taintFlows":173,"riskAssessment":174,"analyzedAt":184},{"hooks":144,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":162,"entryPointCount":14,"unprotectedCount":27},[145,151],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","wp_head","openpgp_cryptbutton_header","wordpress-openpgp.php",124,{"type":146,"name":152,"callback":153,"file":149,"line":154},"wpcf7_init","closure",128,[],[],[158],{"tag":159,"callback":160,"file":149,"line":161},"cryptbutton","openpgp_cryptbutton_shortcode",125,[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":172},[],{"prepared":27,"raw":27,"locations":166},[],{"escaped":64,"rawEcho":14,"locations":168},[169],{"file":149,"line":170,"context":171},62,"raw output",[],[],{"summary":175,"deductions":176},"The openpgp-form-encryption plugin version 1.5.1 presents a generally good security posture with no identified critical or high severity vulnerabilities in the static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests are all positive indicators. The plugin also demonstrates good practices by utilizing prepared statements for all its SQL queries and having a high percentage of properly escaped output. However, there are still areas for concern.\n\nThe static analysis reveals a potential risk due to the presence of one shortcode, which acts as an entry point to the plugin. While the analysis states there are no unprotected entry points, the lack of explicit mention of capability checks or nonce checks for this shortcode is a weakness. The vulnerability history shows one past medium severity CVE related to Cross-Site Scripting, which, while patched, indicates a historical tendency for input sanitization issues. The recent nature of this CVE (June 2024) suggests that developers should remain vigilant.\n\nIn conclusion, the plugin has strong foundational security practices in place. The primary concern is the potential for subtle vulnerabilities within the shortcode's implementation that might not have been caught by the static analysis, especially given the past XSS vulnerability. While the current version appears secure based on the provided data, ongoing vigilance and thorough testing of shortcode functionalities are recommended.",[177,180,182],{"reason":178,"points":179},"Past medium CVE (XSS)",7,{"reason":181,"points":100},"Shortcode as potential entry point without explicit checks",{"reason":183,"points":64},"1 of 5 outputs not properly escaped","2026-03-16T22:30:06.652Z",{"wat":186,"direct":198},{"assetPaths":187,"generatorPatterns":191,"scriptPaths":192,"versionParams":196},[188,189,190],"\u002Fwp-content\u002Fplugins\u002Fopenpgp-form-encryption\u002Fjs\u002Finit.js","\u002Fwp-content\u002Fplugins\u002Fopenpgp-form-encryption\u002Fjs\u002Fopenpgp.worker.2.6.1.min.js","\u002Fwp-content\u002Fplugins\u002Fopenpgp-form-encryption\u002Fjs\u002Fopenpgp.2.6.1.min.js",[],[193,194,195],"js\u002Fopenpgp.2.6.1.min.js","js\u002Finit.js","js\u002Fopenpgp.worker.2.6.1.min.js",[197],"openpgp.2.6.1.min.js",{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":204,"jsGlobals":205,"shortcodeOutput":207},[159],[],[202,203],"data-textarea-id","data-pubkey-uri",[],[206],"openpgpWorkerUri",[208,209,210],"\u003Cbutton type=\"button\" id=\"cryptbutton\" class=\"cryptbutton","data-pubkey-uri=\"","data-textarea-id=\""]