[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWjyarIddw88DsPiO1bB2koOMH2RgLVV7barDiglJiJs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":16,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":14,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":160,"fingerprints":280},"replymail","replyMail","1.2.0","bingu","https:\u002F\u002Fprofiles.wordpress.org\u002Fbingu\u002F","\u003Cp>\u003Cstrong>[ATTENTION]\u003C\u002Fstrong> WordPress version MUST up to 2.7\u003C\u002Fp>\n\u003Cp>Enhance the threaded comments system of WordPress 2.7.\u003Cbr \u002F>\nWhen someone reply to your comment, send a email to you.\u003C\u002Fp>\n","Enhance the threaded comments system of WordPress 2.7. When someone reply to your comment, send a email to you.",50,6304,100,1,"2010-05-10T12:51:00.000Z","","2.7",[19,20,21,22,23],"comments","email","mail","reply","threaded-comments","http:\u002F\u002Fwanwp.com\u002Fplugins\u002Freplymail\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freplymail.zip",63,"2025-10-14 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2025-31029","replymail-cross-site-request-forgery","replyMail \u003C= 1.2.0 - Cross-Site Request Forgery","The replyMail plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.0","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-10-22 20:42:05",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2dd9df66-92de-4f25-8fdd-cb3bc0e6d529?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":45,"total_installs":46,"avg_security_score":47,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},2,150,74,30,76,"2026-04-04T14:08:04.030Z",[52,74,93,118,140],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":16,"tags":67,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":35,"fetched_at":28},"comment-email-reply","Comment Email Reply","1.0.4","kilozwo","https:\u002F\u002Fprofiles.wordpress.org\u002Fkilozwo\u002F","\u003Cp>Simply notifies comment-author via email if someone replies to his comment. Zero Configuration.\u003C\u002Fp>\n","Simply notifies comment-author via email if someone replies to his comment. Zero Configuration.",600,10901,90,15,"2015-04-06T11:37:00.000Z","4.1.42","3.0.1",[68,19,20,69,22],"author","notification","http:\u002F\u002Fkilozwo.de\u002Fwordpress-comment-email-reply-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-email-reply.1.0.4.zip",85,0,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":73,"num_ratings":73,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":16,"tags":87,"homepage":16,"download_link":92,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":35,"fetched_at":28},"ucomment","uComment","1.0.2","feedchannel","https:\u002F\u002Fprofiles.wordpress.org\u002Ffeedchannel\u002F","\u003Cp>This plugin adds extra features to your wordpress comment system. Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Choose to clone comment form instead of moving it when the reply link on a comment is clicked.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add new comments without refreshing the entire page using AJAX.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Validate the comment form with javascript before submitting.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a option for the comment auhtor to be notified whenever a reply to his comment is posted.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Add extra features to your wordpress comments like ajax posting, email notification on reply and field validation.",10,2485,"2012-04-27T08:56:00.000Z","3.3.2","3.0",[88,89,90,91],"ajax-comments","comment-validation","email-notify-on-reply","reply-to-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fucomment.1.0.2.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":73,"last_vuln_date":117,"fetched_at":28},"disqus-comment-system","Disqus Comment System","3.1.4","Disqus","https:\u002F\u002Fprofiles.wordpress.org\u002Fdisqus\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdisqus.com\u002F\" rel=\"nofollow ugc\">Disqus\u003C\u002Fa> is the web’s most popular commenting system trusted by millions of publishers to increase reader engagement, grow audience and traffic, and monetize content. Disqus helps publishers of all sizes engage directly with their audiences to build loyalty, retain readers, and foster thriving communities.\u003C\u002Fp>\n\u003Cp>The Disqus for WordPress plugin lets site owners and developers easily add Disqus to their sites, replacing the default WordPress comment system. Disqus installs in minutes and automatically imports your existing comments.\u003C\u002Fp>\n\u003Cp>In addition to our free-to-use, ad-supported Basic plan, we also offer ad-optional subscription plans that come with more advanced features and access to priority support. Please see our \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">pricing page\u003C\u002Fa> for more details.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NEW: \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fpolls\" rel=\"nofollow ugc\">Disqus Polls\u003C\u002Fa>\u003C\u002Fstrong> – Engage your audiences with interactive polls, and seamlessly install them on your site.\u003C\u002Fp>\n\u003Ch4>Why Disqus?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple one-click installation that seamlessly integrates with WordPress without ever needing to edit a single line of code or losing any of your existing comments\u003C\u002Fli>\n\u003Cli>Keep users engaged on your site longer with a commenting experience readers love\u003C\u002Fli>\n\u003Cli>Bring users back to your site with web and email notifications and personalized digests\u003C\u002Fli>\n\u003Cli>Improve SEO ranking with user generated content\u003C\u002Fli>\n\u003Cli>Keep spam out with our best-in-class anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Single profile for commenting on over 4 million sites including social login support for Facebook, Twitter, and Google accounts\u003C\u002Fli>\n\u003Cli>Trusted by sites like ABC News, Entertainment Weekly, and Rotten Tomatoes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Disqus Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Syncs comments automatically to WordPress for backup and flexibility if you ever decide to switch to a different platform\u003C\u002Fli>\n\u003Cli>Loads asynchronously with advanced caching so that Disqus doesn’t affect your site’s performance\u003C\u002Fli>\n\u003Cli>Monetization options to grow revenue\u003C\u002Fli>\n\u003Cli>Export comments to WordPress-compatible XML to backup or migrate to another system\u003C\u002Fli>\n\u003Cli>Analytics dashboard for measuring overall engagement on your site\u003C\u002Fli>\n\u003Cli>Mobile responsive design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NEW: Disqus Polls\u003C\u002Fstrong> – Create and embed interactive polls directly on your site to boost engagement and gather insights from your audience.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Engagement Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Realtime comments system with fun discussion interactions: voting, photo and video upload, rich media embed (Youtube, Twitter, Vimeo, and more), spoiler tags, mentions\u003C\u002Fli>\n\u003Cli>Comment text formatting (e.g. bold, link, italics, quote) using HTML tags as well as code syntax highlighting\u003C\u002Fli>\n\u003Cli>Threaded comment display (nested 3 levels) with ability to collapse individual threads\u003C\u002Fli>\n\u003Cli>Sort discussion by oldest, newest, and best comments\u003C\u002Fli>\n\u003Cli>Flexible login options – Social login with Facebook, Twitter, and Google, SSO, and guest commenting support\u003C\u002Fli>\n\u003Cli>Instant activity notifications, email notifications, and digests pull readers back in\u003C\u002Fli>\n\u003Cli>User profiles that show you recent comment history and frequented communities\u003C\u002Fli>\n\u003Cli>Recommendations widget that shows where active discussions are happening elsewhere on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Moderation Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatic anti-spam filter powered by Akismet\u003C\u002Fli>\n\u003Cli>Automated pre-moderation controls to flag comments based on links, user reputation\u003C\u002Fli>\n\u003Cli>Moderate directly in the discussion, via email, or moderation panel\u003C\u002Fli>\n\u003Cli>Email notifications for newly posted comments, replies\u003C\u002Fli>\n\u003Cli>Moderation Panel that lets you search, filter, sort, and manage your comments\u003C\u002Fli>\n\u003Cli>Self-moderation tools like user blocking, comment flagging\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Search our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fportal\u002Farticles\u002F472005\" rel=\"nofollow ugc\">Knowledge Base\u003C\u002Fa> for solutions to common troubleshooting questions\u003C\u002Fli>\n\u003Cli>Check out our support community, \u003Ca href=\"https:\u002F\u002Fdisqus.com\u002Fhome\u002Fchannel\u002Fdiscussdisqus\u002F\" rel=\"nofollow ugc\">Discuss Disqus\u003C\u002Fa>, to see if your question has been answered\u003C\u002Fli>\n\u003Cli>Talk to our Support team at \u003Ca href=\"disqus.com\u002Fsupport\" rel=\"nofollow ugc\">disqus.com\u002Fsupport\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Visit our \u003Ca href=\"https:\u002F\u002Fhelp.disqus.com\u002Fcustomer\u002Fen\u002Fportal\u002Farticles\u002F1264625-getting-started\" rel=\"nofollow ugc\">Getting Started\u003C\u002Fa> page to learn the basics of Disqus\u003C\u002Fli>\n\u003C\u002Ful>\n","Disqus is the web's most popular comment system. Use Disqus to increase engagement, retain readers, and grow your audience.",40000,4455999,54,219,"2026-01-15T17:47:00.000Z","6.9.4","4.4","5.6",[19,110,20,111,112],"disqus","engagement","threaded","https:\u002F\u002Fdisqus.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-comment-system.3.1.4.zip",96,5,"2014-09-17 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":16,"tags":133,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":73,"last_vuln_date":139,"fetched_at":28},"subscribe-to-comments","Subscribe to Comments","2.3.1","Mark Jaquith","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkjaquith\u002F","\u003Cp>Subscribe to Comments is a robust plugin that enables commenters to sign up for e-mail notification of subsequent entries.  The plugin includes a full-featured subscription manager that your commenters can use to unsubscribe to certain posts, block all notifications, or even change their notification e-mail address!\u003C\u002Fp>\n","Subscribe to Comments allows commenters on an entry to subscribe to e-mail notifications for subsequent comments.",20000,571809,78,14,"2024-10-29T05:34:00.000Z","4.3.34","2.9",[19,20,134],"subscription","http:\u002F\u002Ftxfx.net\u002Fwordpress-plugins\u002Fsubscribe-to-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubscribe-to-comments.2.3.1.zip",89,3,"2024-10-29 14:20:48",{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":148,"downloaded":149,"rating":62,"num_ratings":150,"last_updated":151,"tested_up_to":152,"requires_at_least":153,"requires_php":108,"tags":154,"homepage":16,"download_link":156,"security_score":157,"vuln_count":158,"unpatched_count":73,"last_vuln_date":159,"fetched_at":28},"subscribe-to-comments-reloaded","Subscribe To Comments Reloaded","240119","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Cp>Subscribe to Comments Reloaded is a robust plugin that enables commenters to sign up for e-mail notification of subsequent entries. The plugin includes a full-featured subscription manager that your commenters can use to unsubscribe to certain posts or suspend all notifications. It solves most of the issues that affect Mark Jaquith’s version, using the latest WordPress features and functionality. Plus, allows administrators to enable a double opt-in mechanism, requiring users to confirm their subscription clicking on a link they will receive via email or even One Click Unsubscribe.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 4.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 5.6 or higher\u003C\u002Fli>\n\u003Cli>MySQL 5.x or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Main Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easily manage and search among your subscriptions\u003C\u002Fli>\n\u003Cli>Imports Mark Jaquith’s Subscribe To Comments (and its clones) data\u003C\u002Fli>\n\u003Cli>Messages are fully customizable, no poEdit required (and you can use HTML!) with a Rich Text Editor – WYSIWYG\u003C\u002Fli>\n\u003Cli>Disable subscriptions for specific posts\u003C\u002Fli>\n\u003Cli>One Click Unsubscribe\u003C\u002Fli>\n\u003Cli>Get and Download your System information for better support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Language Localization\u003C\u002Fh3>\n\u003Cp>If you would like to help out translating the plugin to your language you can do so through the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsubscribe-to-comments-reloaded\u002F\" rel=\"nofollow ugc\">official WordPress plugin translation system\u003C\u002Fa>\u003C\u002Fp>\n","Subscribe to Comments Reloaded allows commenters to sign up for e-mail notifications of subsequent replies. Don't miss any comment.",10000,966338,169,"2024-01-19T20:16:00.000Z","6.4.8","4.0",[19,20,155,119,141],"subscribe","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubscribe-to-comments-reloaded.240119.zip",80,4,"2024-04-05 00:00:00",{"attackSurface":161,"codeSignals":186,"taintFlows":233,"riskAssessment":270,"analyzedAt":279},{"hooks":162,"ajaxHandlers":182,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":73,"unprotectedCount":73},[163,169,174,178],{"type":164,"name":165,"callback":166,"file":167,"line":168},"action","admin_notices","rmWarning","replyMail.php",26,{"type":164,"name":170,"callback":171,"priority":172,"file":167,"line":173},"comment_post","rmReplyMail",500,56,{"type":164,"name":175,"callback":176,"file":167,"line":177},"admin_menu","rmAddSettingPage",64,{"type":164,"name":179,"callback":180,"file":167,"line":181},"admin_head","rmSettingCSS",66,[],[],[],[],{"dangerousFunctions":187,"sqlUsage":188,"outputEscaping":190,"fileOperations":73,"externalRequests":73,"nonceChecks":73,"capabilityChecks":14,"bundledLibraries":232},[],{"prepared":14,"raw":73,"locations":189},[],{"escaped":73,"rawEcho":191,"locations":192},18,[193,197,199,202,205,207,209,211,213,215,216,218,220,222,224,226,228,230],{"file":194,"line":195,"context":196},"getdata.php",11,"raw output",{"file":167,"line":198,"context":196},24,{"file":200,"line":201,"context":196},"replyMailFunctions.php",174,{"file":203,"line":204,"context":196},"settingPanel.php",68,{"file":203,"line":206,"context":196},71,{"file":203,"line":208,"context":196},94,{"file":203,"line":210,"context":196},133,{"file":203,"line":212,"context":196},182,{"file":203,"line":214,"context":196},213,{"file":203,"line":104,"context":196},{"file":203,"line":217,"context":196},223,{"file":203,"line":219,"context":196},235,{"file":203,"line":221,"context":196},240,{"file":203,"line":223,"context":196},248,{"file":203,"line":225,"context":196},268,{"file":203,"line":227,"context":196},286,{"file":203,"line":229,"context":196},292,{"file":203,"line":231,"context":196},299,[],[234,250,262],{"entryPoint":235,"graph":236,"unsanitizedCount":45,"severity":37},"rmSettingPage (settingPanel.php:167)",{"nodes":237,"edges":247},[238,242],{"id":239,"type":240,"label":241,"file":203,"line":214},"n0","source","$_SERVER['REQUEST_URI'] (x2)",{"id":243,"type":244,"label":245,"file":203,"line":214,"wp_function":246},"n1","sink","echo() [XSS]","echo",[248],{"from":239,"to":243,"sanitized":249},false,{"entryPoint":251,"graph":252,"unsanitizedCount":73,"severity":261},"\u003Cgetdata> (getdata.php:0)",{"nodes":253,"edges":258},[254,257],{"id":239,"type":240,"label":255,"file":194,"line":256},"$_POST",9,{"id":243,"type":244,"label":245,"file":194,"line":195,"wp_function":246},[259],{"from":239,"to":243,"sanitized":260},true,"low",{"entryPoint":263,"graph":264,"unsanitizedCount":45,"severity":261},"\u003CsettingPanel> (settingPanel.php:0)",{"nodes":265,"edges":268},[266,267],{"id":239,"type":240,"label":241,"file":203,"line":214},{"id":243,"type":244,"label":245,"file":203,"line":214,"wp_function":246},[269],{"from":239,"to":243,"sanitized":249},{"summary":271,"deductions":272},"The \"replymail\" plugin v1.2.0 presents a mixed security picture. On the positive side, it demonstrates good practices by having no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface. Furthermore, all identified SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which are excellent security measures. The plugin also includes one capability check, indicating some level of access control.\n\nHowever, significant concerns arise from the static analysis. The most alarming finding is that 100% of the 18 identified output operations are not properly escaped. This leaves the plugin highly vulnerable to Cross-Site Scripting (XSS) attacks, where malicious scripts could be injected and executed in users' browsers.\n\nThe vulnerability history also reveals a critical weakness: one unpatched medium severity CVE. The recurrence of Cross-Site Request Forgery (CSRF) as a common vulnerability type, coupled with the lack of nonce checks reported in the code signals, suggests a pattern of inadequate protection against unauthorized actions. The unpatched CVE, specifically a medium severity one, indicates a persistent security flaw that requires immediate attention. While the plugin has strengths in minimizing its attack surface and handling SQL securely, the unescaped output and the unpatched CVE create substantial risks.",[273,275,277],{"reason":274,"points":63},"Unpatched medium severity CVE",{"reason":276,"points":82},"0% output escaping",{"reason":278,"points":82},"0 nonce checks","2026-03-16T22:00:47.410Z",{"wat":281,"direct":290},{"assetPaths":282,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[283,284],"\u002Fwp-content\u002Fplugins\u002Freplymail\u002Freplymail.js","\u002Fwp-content\u002Fplugins\u002Freplymail\u002Freplymail.css",[],[283],[288,289],"replymail\u002Freplymail.css?ver=","replymail\u002Freplymail.js?ver=",{"cssClasses":291,"htmlComments":293,"htmlAttributes":296,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":300},[292],"replymail-setting-panel",[294,295],"\u003C!-- EOF replyMail.php -->","\u003C!-- .\u002Fwp-content\u002Fplugins\u002Freplymail\u002FreplyMail.php -->",[],[],[4,299],"replymail_vars",[]]