[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBPWG3NSAlZIhLztgaI0zf6RuGzRbq1TXewSsJ-Wrj_8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":63,"crawl_stats":38,"alternatives":71,"analysis":72,"fingerprints":149},"publish-post-email-notification","Publish Post Email Notification","1.0.2.4","Nks","https:\u002F\u002Fprofiles.wordpress.org\u002Fnik00726\u002F","\u003Cp>Publish post notification is plugin which will send an automatic email to its author when the post is published and approved by WP admin.\u003Cbr \u002F>\nadmin has to go to setting and set email template that’s it all other things are managed by this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Find WP publish post email notification Pro Plugin at \u003Ca href=\"https:\u002F\u002Fwww.i13websolution.com\u002Fproduct\u002Fwordpress-publish-post-email-notification-pro-plugin\u002F\" rel=\"nofollow ugc\">Publish Post Email Notification Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>=Features=\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>set email template.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Notify author via email when post is published.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>=Pro Version Features=\u003C\u002Fp>\n\u003Cp>1.Support for send email to author when custom post type published\u003C\u002Fp>\n\u003Cp>2.No Advertisements.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.i13websolution.com\u002Fcontacts\" rel=\"nofollow ugc\">Get Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But you can make some donations if you realy find it useful.\u003C\u002Fp>\n","Publish post notification is plugin which will send an automatic email to its author when the post is published and approved by WP admin.",600,18799,100,3,"2025-12-08T05:45:00.000Z","6.9.4","3.0","",[20,21,22,23,24],"notify-author-when-post-published","send-email-publish-post-wp","send-email-when-post-is-publish","wp-publish-post","wp-publish-post-email","https:\u002F\u002Fwww.i13websolution.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublish-post-email-notification.1.0.2.4.zip",99,2,0,"2025-03-27 00:00:00","2026-03-15T15:16:48.613Z",[33,48],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-30816","publish-post-email-notification-cross-site-request-forgery","publish post email notification \u003C= 1.0.2.3 - Cross-Site Request Forgery","The wordpress publish post email notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update plugin settings granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.0.2.3","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-02 15:09:00",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F26ed5016-48f7-44cf-af59-0c95a90bd473?source=api-prod",7,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2023-41731","wordpress-publish-post-email-notification-authenticated-administrator-stored-cross-site-scripting","wordpress publish post email notification \u003C= 1.0.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The wordpress publish post email notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.0.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.0.2.2","1.0.2.3",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-09-05 00:00:00","2024-01-22 19:56:02",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F705d11b1-0924-46ae-a6e6-8fab16a4df00?source=api-prod",140,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":65,"total_installs":66,"avg_security_score":67,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"nik00726",19,22900,97,350,77,"2026-04-04T12:15:56.916Z",[],{"attackSurface":73,"codeSignals":103,"taintFlows":137,"riskAssessment":138,"analyzedAt":148},{"hooks":74,"ajaxHandlers":99,"restRoutes":100,"shortcodes":101,"cronEvents":102,"entryPointCount":29,"unprotectedCount":29},[75,81,87,91,95],{"type":76,"name":77,"callback":78,"file":79,"line":80},"action","admin_menu","load_submenu","publish-post-notification.php",12,{"type":82,"name":83,"callback":84,"priority":85,"file":79,"line":86},"filter","user_has_cap","ppn_publish_post_notification_admin_cap_list",10,16,{"type":76,"name":88,"callback":89,"file":79,"line":90},"plugins_loaded","ppn_publish_post_notification_lang",17,{"type":76,"name":92,"callback":93,"priority":85,"file":79,"line":94},"transition_post_status","send_email_notification",18,{"type":82,"name":96,"callback":97,"priority":85,"file":79,"line":98},"map_meta_cap","map_ppn_publish_post_notification_meta_caps",23,[],[],[],[],{"dangerousFunctions":104,"sqlUsage":105,"outputEscaping":107,"fileOperations":29,"externalRequests":29,"nonceChecks":135,"capabilityChecks":29,"bundledLibraries":136},[],{"prepared":29,"raw":29,"locations":106},[],{"escaped":108,"rawEcho":80,"locations":109},15,[110,113,115,117,119,121,123,125,127,129,131,133],{"file":79,"line":111,"context":112},280,"raw output",{"file":79,"line":114,"context":112},307,{"file":79,"line":116,"context":112},312,{"file":79,"line":118,"context":112},314,{"file":79,"line":120,"context":112},323,{"file":79,"line":122,"context":112},330,{"file":79,"line":124,"context":112},333,{"file":79,"line":126,"context":112},339,{"file":79,"line":128,"context":112},342,{"file":79,"line":130,"context":112},349,{"file":79,"line":132,"context":112},362,{"file":79,"line":134,"context":112},363,1,[],[],{"summary":139,"deductions":140},"The plugin \"publish-post-email-notification\" v1.0.2.4 exhibits a mixed security posture. On the positive side, the static analysis indicates a small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. The code also demonstrates good practices regarding SQL queries, exclusively using prepared statements, and includes a nonce check. However, there are significant concerns regarding output escaping, with only 56% of outputs being properly escaped, leaving a substantial portion vulnerable to Cross-Site Scripting (XSS).\n\nThe vulnerability history reveals a concerning pattern. The plugin has two known medium-severity CVEs, one of which was recently discovered (2025-03-27). While currently unpatched vulnerabilities are zero, the existence of past CSRF and XSS vulnerabilities indicates a recurring weakness in input sanitization and output escaping, which aligns with the static analysis findings of imperfect output escaping.\n\nIn conclusion, while the plugin has strengths in its limited attack surface and secure SQL handling, the significant percentage of unescaped output and a history of XSS and CSRF vulnerabilities present a notable risk. Users should be aware of the potential for XSS attacks. The absence of capability checks on any identified entry points (though none are explicitly listed as unprotected) is also a potential area for further investigation if any entry points are discovered in deeper analysis.",[141,143,146],{"reason":142,"points":85},"Insufficient output escaping (44% unescaped)",{"reason":144,"points":145},"Lack of capability checks on entry points",8,{"reason":147,"points":85},"History of medium severity CVEs (2 total)","2026-03-16T19:30:23.886Z",{"wat":150,"direct":159},{"assetPaths":151,"generatorPatterns":153,"scriptPaths":154,"versionParams":156},[152],"\u002Fwp-content\u002Fplugins\u002Fpublish-post-email-notification\u002Fcss\u002Fstyles.css",[],[155],"\u002Fwp-content\u002Fplugins\u002Fpublish-post-email-notification\u002Fjs\u002FjqueryValidate.js",[157,158],"publish-post-email-notification\u002Fcss\u002Fstyles.css?ver=","publish-post-email-notification\u002Fjs\u002FjqueryValidate.js?ver=",{"cssClasses":160,"htmlComments":161,"htmlAttributes":162,"restEndpoints":163,"jsGlobals":164,"shortcodeOutput":165},[],[],[],[],[],[]]