[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0Oim-vC-6PDrOj-J9Dgm65MrlLdxCsvT0eYKV9DkZ8g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":54,"analysis":160,"fingerprints":238},"pixelines-email-protector","Pixeline's Email Protector","1.4.0","pixeline","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixeline\u002F","\u003Cp>This plugin provides an unobtrusive yet efficient protection against email harvesters \u002F spambots. Here is a \u003Ca href=\"https:\u002F\u002Fpixeline.be\u002Fblog\u002Femail-protector-demo-4258.html\" rel=\"nofollow ugc\">demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Post\u002Fpage authors may write email addresses in their article in the usual format (“john@doe.com”) without exposing them to spam email harvesters. The plugin takes care of the obfuscation, implementing a graceful degradation technique focusing on usability so as to protect your email addresses from harvesters while keeping them usable to your human visitors.\u003C\u002Fp>\n\u003Cp>The plugin replaces any email address found in posts, pages, comments and excerpts, and replace them by a bit of html markup that should deceive most email harvesters: \u003Ccode>\u003Cspan class=\"email\">john(replace the parenthesis by @)doe.com\u003C\u002Fspan>\u003C\u002Fcode>.\u003Cbr \u002F>\nIf javascript is available, it will display a clickable link and display the original email to the human user. Maximum usability, maximum protection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpixelines-email-protector\u002F\" rel=\"ugc\">rate the plugin\u003C\u002Fa> if you like it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Write your email addresses inside your posts and pages as usual. When the plugin is activated, it will replace them by a human-readable html string that explains how to deduce the email address, and if javascript is available (99.9% of the time), the original email address will be displayed as a clickable mailto: link. For example:\u003Cbr \u002F>\n    Hello john@doe.com. How are you today?\u003Cbr \u002F>\nwill become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Cp>Additionally, you can specify what the mailto: link should look like by sticking a parenthesis inside of which you put the visible link text, like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Hello john@doe.com(John Doe). How are you today?\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>will become\u003Cbr \u002F>\n    John( replace these parenthesis by @ )doe.com.\u003C\u002Fp>\n\u003Ch4>inside a theme\u003C\u002Fh4>\n\u003Cp>If you need to protect emails inside your Theme’s files (like the footer.php for example), you can use the function safe_email() like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode> echo safe_email('you@domain.com'); \u003Ch3>Contribute\u003C\u002Fh3>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Github repo: https:\u002F\u002Fgithub.com\u002Fpixeline\u002Fpixeline-email-protector\u003C\u002Fp>\n","Write email addresses without worrying about spambots and email harvesters.",900,21465,86,8,"2025-09-06T20:47:00.000Z","6.8.5","2.7","",[20,21,22,23,24],"address","email","harvest","obfuscate","spam","https:\u002F\u002Fpixeline.be","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpixelines-email-protector.1.4.0.zip",99,1,0,"2025-09-09 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-58982","pixelines-email-protector-authenticated-admin-stored-cross-site-scripting","Pixeline's Email Protector \u003C= 1.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting","The Pixeline's Email Protector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.3.8","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-15 18:11:00",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbe3a1bff-c20a-43c6-9f7f-3190d5b9c563?source=api-prod",7,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},3,1040,95,97,"2026-04-04T07:04:02.331Z",[55,77,102,126,144],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"email-javascript-cloaker","Email JavaScript Cloak","1.03","cgarvey","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgarvey\u002F","\u003Cp>This plugin lets you use a shortcode to automatically generate ‘cloaked’ email addresses in your content.\u003C\u002Fp>\n\u003Cp>\u003Cem>What is cloaking?\u003C\u002Fem>\u003Cbr \u002F>\nTake an email address like barack@whitehouse.gov. If that was to appear on one of your posts\u002Fpages, it could easily be ‘scraped’ or ‘harvested’ automatically to add that email address to a spam list of some sort. Cloaking is all about making that harder to do.\u003C\u002Fp>\n\u003Cp>\u003Cem>How does this plugin do its cloaking?\u003C\u002Fem>\u003Cbr \u002F>\nFor any email address you include in your content, using the custom shortcode of [email barack@whitehouse.gov], that email address will appear as “barack -at- whitehouse -dot- gov” in your content initially. JavaScript running in the browser will then convert that email address to a regular, clickable, email link. Whilst it may seem pointless to convert a regular email address to a strange format only to convert it back again, the idea is that most automated ‘scrapers’, or ‘harvesters’, do not run JavaScript and hence won’t be able to pick up on the non-standard email address. The vast majority of users visiting your site will have JavaScript, and will see regular email addresses (not the strange format).\u003C\u002Fp>\n\u003Cp>\u003Cem>What about users who have no JavaScript, or have it disabled?\u003C\u002Fem>\u003Cbr \u002F>\nThey will see the strange format (“barack -at- whitehouse -dot- gov”). You can include a footnote using a custom short code [emailnojs] which will explain the strange format, if you wish to cater for that tiny minority of visitors.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin uses the GPLv3 license.\u003C\u002Fp>\n","A simple plugin to use JavaScript to cloak email addresses in your WordPress content (posts & pages).",500,6347,100,4,"2018-12-08T00:24:00.000Z","5.0.25","3.5.0",[71,72,73,22,24],"cloaking","email-address","email-cloak","http:\u002F\u002Fcgarvey.ie\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-javascript-cloaker.rel_1-03.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":97,"download_link":98,"security_score":99,"vuln_count":100,"unpatched_count":28,"last_vuln_date":101,"fetched_at":31},"wp-mailto-links","WP Mailto Links – Protect Email Addresses","3.1.4","Online Optimisation","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineoptimisation\u002F","\u003Cp>Protect and encode email addresses safely from spambots, spamming and other robots. Easy to use out-of-the-box without any configuration.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full page protection for emails\u003C\u002Fli>\n\u003Cli>Instant results (No confiruation needed)\u003C\u002Fli>\n\u003Cli>Protects mailto links, plain emails, email input fields, RSS feeds and much more\u003C\u002Fli>\n\u003Cli>Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)\u003C\u002Fli>\n\u003Cli>Exclude posts and pages from protection\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to mailto-links\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to png images\u003C\u002Fli>\n\u003Cli>Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more\u003C\u002Fli>\n\u003Cli>Deactivate CSS directions manually for backwards compatibility\u003C\u002Fli>\n\u003Cli>Shortcode support: \u003Ccode>[wpml_mailto]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Template tag support: \u003Ccode>wpml_mailto()\u003C\u002Fcode> and \u003Ccode>wpml_filter()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin combines the best email protection methods (CSS, PHP and JavaScript techniques).\u003C\u002Fp>\n\u003Ch4>Free Website Check\u003C\u002Fh4>\n\u003Cp>We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by \u003Ca href=\"https:\u002F\u002Fironikus.com\u002Femail-checker\u002F\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. After activating the plugin, all options are already set for protecting your emails and mailto links.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. All settings are default set to protect your email addresses automatically with the best method available.\u003Cbr \u002F>\nIf you want to manually create protected mailto links, just use the shortcode (\u003Ccode>[wpml_mailto]\u003C\u002Fcode>) within your posts or use the template tags (\u003Ccode>wpml_mailto()\u003C\u002Fcode> or \u003Ccode>wpml_filter()\u003C\u002Fcode>) in your theme files.\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpml_mailto email=”…”]…[\u002Fwpml_mailto]`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your posts:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Cp>It’s also possible to add attributes to the mailto link, like a target:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com” target=”_blank”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpmt_protect]…[\u002Fwpmt_protect]`\u003C\u002Fh4>\n\u003Cp>Protect content using our plugin that is not encodedby default (E.g. some ajax loaded values):\u003Cbr \u002F>\n    [wpmt_protect]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Cp>It’s also possible to customize the encoding type using “protect_using”. Possible values: char_encode, strong_method, without_javascript, with_javascript:\u003Cbr \u002F>\n    [wpmt_protect protect_using=”…”]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Ch4>Template tag `wpml_mailto( $email [, $display] [, $attrs] )`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your template like:\n    \u003C\u002Fp>\n\u003Ch4>Template tag `wpml_filter( $content )`\u003C\u002Fh4>\n\u003Cp>Filter given content to protect mailto links, shortcodes and plain emails (according to the settings in admin):\n    \u003C\u002Fp>\n","Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.",9000,186787,92,33,"2023-09-22T16:55:00.000Z","6.2.9","4.7","5.3.2",[94,21,72,95,96],"antispam","hide","mailto","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mailto-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mailto-links.3.1.4.zip",62,2,"2025-09-22 00:00:00",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":124,"download_link":125,"security_score":65,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"customer-email-verification-for-woocommerce","Customer Email Verification for WooCommerce","2.6.9","Zorem","https:\u002F\u002Fprofiles.wordpress.org\u002Fzorem\u002F","\u003Cp>Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🔑 OTP-Based Email Verification:\u003C\u002Fstrong> Customers must verify their email with an OTP before completing registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📩 Email Verification Popup:\u003C\u002Fstrong> The verification popup appears instantly after entering an email address and clicking the verify button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>❌ No Account Creation Without Verification:\u003C\u002Fstrong> Users cannot create an account unless they verify their email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Verification Popup:\u003C\u002Fstrong> Modify the popup’s design and messages to match your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✉️ Customizable Verification Email:\u003C\u002Fstrong> Customize the OTP email template, subject, and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Resend OTP Option:\u003C\u002Fstrong> Customers can resend the OTP if they didn’t receive the initial email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Admin Verification Control:\u003C\u002Fstrong> View and manage email verification statuses from the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔓 Role-Based Verification Skipping:\u003C\u002Fstrong> Skip email verification for selected user roles. Redirect users to any page after successful email verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Customer Email Verification for WooCommerce is built to integrate smoothly with plugins that follow WooCommerce’s standard registration and checkout templates. It also works with various social media login plugins, providing flexibility and convenience for users.\u003C\u002Fp>\n\u003Cp>The following plugins have been tested and confirmed to be fully compatible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout WC\u003C\u002Fli>\n\u003Cli>WooCommerce Social Login\u003C\u002Fli>\n\u003Cli>Nextend Social Login and Register\u003C\u002Fli>\n\u003Cli>WooCommerce Memberships\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Funnel Builder by CartFlows\u003C\u002Fli>\n\u003Cli>Affiliate For WooCommerce\u003C\u002Fli>\n\u003Cli>Smart Manager\u003C\u002Fli>\n\u003Cli>Cashier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a complete list of compatible plugins and more details, please visit our \u003Ca href=\"https:\u002F\u002Fdocs.zorem.com\u002Fdocs\u002Fcustomer-email-verification-pro\u002Fcompatibility\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We also offer a Pro version!\u003C\u002Fh3>\n\u003Ch3>Customer Email Verification PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>📦 OTP Verification for Checkout:\u003C\u002Fstrong> Enforce email verification for guest users before completing a purchase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛍️ Enable Checkout Verification:\u003C\u002Fstrong> Choose to verify emails on the cart page or only for free orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔢 OTP Length Customization:\u003C\u002Fstrong> Select between 4-digit or 6-digit OTP codes for verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⏳ OTP Expiration Control:\u003C\u002Fstrong> Set expiration time for OTPs (e.g., 72 hours) to enhance security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Verification Email Resend Limit:\u003C\u002Fstrong> Restrict the number of OTP resend attempts to prevent abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Login Authentication Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Notify users when they log in from a new device or browser.\u003C\u002Fli>\n\u003Cli>Require OTP verification for logins from an unrecognized device, location, or after a set period.\u003C\u002Fli>\n\u003Cli>Define specific conditions for unrecognized logins, such as logging in from a new device or a location not used before.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Advanced Customization:\u003C\u002Fstrong> More control over email templates and verification popups.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fcustomer-email-verification\u002F\" rel=\"nofollow ugc\">Get CEV PRO >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other Plugins by zorem\u003C\u002Fh3>\n\u003Cp>Optimize your WooCommerce store with our plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fwoocommerce-advanced-shipment-tracking\u002F\" rel=\"nofollow ugc\">Advanced Shipment Tracking Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-local-pickup-pro\u002F\" rel=\"nofollow ugc\">Zorem Local Pickup Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsms-for-woocommerce\u002F\" rel=\"nofollow ugc\">SMS for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fcountry-based-restriction-for-woocommerce\u002F\" rel=\"nofollow ugc\">Country Based Restriction for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsales-by-country-for-woocommerce\u002F\" rel=\"nofollow ugc\">Sales By Country for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-returns\u002F\" rel=\"nofollow ugc\">Zorem Returns\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Femail-reports-for-woocommerce\u002F\" rel=\"nofollow ugc\">Email Reports for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fview-as-customer-for-woocommerce\u002F\" rel=\"nofollow ugc\">View as Customer for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore more at \u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002F\" rel=\"nofollow ugc\">zorem.com\u003C\u002Fa>\u003C\u002Fp>\n","Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.",2000,62784,88,19,"2026-02-17T05:37:00.000Z","6.9.4","5.3","7.2",[119,120,121,122,123],"customer-verification","email-address-verification","registration-verification","woocommerce","woocommerce-signup-spam","https:\u002F\u002Fwww.zorem.com\u002Fproducts\u002Fcustomer-email-verification-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-email-verification-for-woocommerce.2.6.9.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":110,"downloaded":134,"rating":65,"num_ratings":66,"last_updated":135,"tested_up_to":115,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":18,"download_link":142,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":143,"fetched_at":31},"email-address-obfuscation","Email Address Obfuscation","1.2.0","Neotrendy","https:\u002F\u002Fprofiles.wordpress.org\u002Fneotrendy\u002F","\u003Cp>A lightweight plugin that protects email addresses from email-harvesting bots, by converting email addresses characters to HTML entities. Hide email from Spam Bots using a shortcode \u003Ccode>[obfuscate_email]\u003C\u002Fcode> and built-in WordPress function \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fantispambot\u002F\" title=\"antispambot\" rel=\"nofollow ugc\">antispambot()\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Obfuscate plain email address\u003C\u002Fli>\n\u003Cli>Obfuscate href mailto link in HTML anchor element\u003C\u002Fli>\n\u003Cli>Support for custom CSS class\u003C\u002Fli>\n\u003Cli>Support for email subject\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Obfuscate plain email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Create clickable email address\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Add CSS class to the HTML anchor element\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email=\"your@email.com\" link=true class=\"my-class another-class\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Obfuscate email address with email subject\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[obfuscate_email email='your@email.com?subject=My custom email subject']\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Shortcode parameter\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>email\u003C\u002Fcode> required – Email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>link\u003C\u002Fcode> optional – Set true if you want to create clickable email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>class\u003C\u002Fcode> optional – Add space separated list of classes.\u003C\u002Fli>\n\u003C\u002Ful>\n","Email Address Obfuscation prevents email harvesting by hiding email address appearing in your pages, while remaining visible to your site visitors.",10615,"2025-11-28T10:30:00.000Z","2.5","5.6",[139,21,23,140,141],"anti-spam","obfuscation","protect","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-obfuscation.1.2.0.zip","2024-12-03 23:42:14",{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":29,"num_ratings":29,"last_updated":18,"tested_up_to":154,"requires_at_least":129,"requires_php":18,"tags":155,"homepage":157,"download_link":158,"security_score":65,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":159},"makesafe","Make Safe","1.0","mattdeclaire","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattdeclaire\u002F","\u003Cp>This plugin finds email addresses in the page (anywhere in the resulting HTML, not just the post content), and munges it into a random combination of encoded characters, and outputs a snippet of JavaScript to write the munged string to the page.\u003C\u002Fp>\n","Obfuscates email addresses.",10,1759,"3.3.2",[21,23,156],"spam-protection","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmakesafe","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmakesafe.zip","2026-03-15T10:48:56.248Z",{"attackSurface":161,"codeSignals":214,"taintFlows":224,"riskAssessment":225,"analyzedAt":237},{"hooks":162,"ajaxHandlers":210,"restRoutes":211,"shortcodes":212,"cronEvents":213,"entryPointCount":29,"unprotectedCount":29},[163,169,172,176,181,184,187,191,194,198,201,204,207],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","plugins_loaded","load_textdomain","pixeline-email-protector.php",49,{"type":164,"name":170,"callback":171,"file":167,"line":99},"admin_menu","admin_menu_link",{"type":164,"name":173,"callback":174,"file":167,"line":175},"admin_init","register_settings",63,{"type":177,"name":178,"callback":179,"file":167,"line":180},"filter","comment_text","email_protect",65,{"type":177,"name":182,"callback":179,"file":167,"line":183},"the_content",66,{"type":177,"name":185,"callback":179,"file":167,"line":186},"get_the_content",67,{"type":177,"name":188,"callback":189,"file":167,"line":190},"the_excerpt","email_protect_excerpt",68,{"type":177,"name":192,"callback":189,"file":167,"line":193},"get_the_excerpt",69,{"type":164,"name":195,"callback":196,"file":167,"line":197},"wp_enqueue_scripts","frontend_scripts",70,{"type":177,"name":199,"callback":179,"file":167,"line":200},"the_title",71,{"type":177,"name":202,"callback":179,"file":167,"line":203},"get_the_title",72,{"type":177,"name":205,"callback":179,"file":167,"line":206},"widget_text",73,{"type":177,"name":208,"callback":179,"file":167,"line":209},"widget_text_content",74,[],[],[],[],{"dangerousFunctions":215,"sqlUsage":216,"outputEscaping":221,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":223},[],{"prepared":29,"raw":28,"locations":217},[218],{"file":219,"line":113,"context":220},"uninstall.php","$wpdb->get_col() with variable interpolation",{"escaped":152,"rawEcho":29,"locations":222},[],[],[],{"summary":226,"deductions":227},"The pixelines-email-protector plugin, v1.4.0, exhibits a generally strong security posture based on the static analysis. The complete absence of direct attack surface entry points like AJAX handlers, REST API routes, and shortcodes, combined with the fact that all observed outputs are properly escaped, are significant strengths. The lack of file operations, external HTTP requests, and the absence of critical or high-severity taint flows further contribute to this positive assessment.  However, there are notable concerns. The plugin utilizes a single SQL query that does not employ prepared statements, presenting a potential risk for SQL injection if input is not meticulously handled elsewhere.  The complete lack of nonce and capability checks across any potential entry points, though currently moot due to the zero attack surface, represents a significant gap in security best practices.  Furthermore, the plugin has a history of a medium-severity Cross-Site Scripting (XSS) vulnerability, even though it is currently patched. This indicates a past weakness in input sanitization or output escaping for certain scenarios, and while no current XSS vulnerabilities are flagged, the history warrants vigilance. The plugin's strengths lie in its minimal attack surface and robust output escaping, but the unescaped SQL query and the historical XSS vulnerability are areas that require attention.",[228,230,233,235],{"reason":229,"points":47},"SQL queries without prepared statements",{"reason":231,"points":232},"No nonce checks",5,{"reason":234,"points":232},"No capability checks",{"reason":236,"points":232},"Past medium severity XSS vulnerability","2026-03-16T19:15:29.521Z",{"wat":239,"direct":246},{"assetPaths":240,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[241],"\u002Fwp-content\u002Fplugins\u002Fpixelines-email-protector\u002Fpixeline-email-protector.js",[],[241],[245],"pixelines-email-protector\u002Fpixeline-email-protector.js?ver=",{"cssClasses":247,"htmlComments":249,"htmlAttributes":250,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":254},[248],"pep-email",[],[251],"title",[],[],[]]