[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTm4yJVRK1Tx2X-rEM0cGTo4T7qO-uyYCoXMogRU-NZ4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":129,"fingerprints":281},"restusre-restrict-users-registration","Restrict Users Registration by EmailVerifierPro.app","1.0.1","Tuhin Bhuiyan","https:\u002F\u002Fprofiles.wordpress.org\u002Ftuhinbhuiyan\u002F","\u003Cp>\u003Cstrong>Restrict Users Registration by EmailVerifierPro.app\u003C\u002Fstrong> is a powerful plugin to help you control who can register on your WordPress site. Block disposable, blacklisted, or suspicious emails and domains, prevent duplicate IP signups, and connect to Third Party API for real-time email validation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Blacklist: Block specific email addresses from registering.\u003C\u002Fli>\n\u003Cli>Domain Blacklist: Block entire email domains (e.g., @tempmail.com).\u003C\u002Fli>\n\u003Cli>API Integration: Connect to your own EmailVerifierPro.app \u002F VerifyEmail.app instance for advanced email validation.\u003C\u002Fli>\n\u003Cli>Prevent Duplicate IP Signups: Block multiple registrations from the same IP.\u003C\u002Fli>\n\u003Cli>Invalid Email Retry Limit: Automatically blacklist emails after repeated invalid attempts.\u003C\u002Fli>\n\u003Cli>Debug Logging: Enable for troubleshooting (not recommended in production).\u003C\u002Fli>\n\u003Cli>Delete All Data on Deactivation: Optionally remove all plugin data when deactivating.\u003C\u002Fli>\n\u003Cli>Admin Activity Log: View recent signup attempts and actions.\u003C\u002Fli>\n\u003Cli>AJAX-powered admin interface for fast, modern management.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or questions, contact:\u003Cbr \u002F>\n– info@emailverifierpro.app\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Tuhin Bhuiyan (https:\u002F\u002Ftuhin.dev)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software, released under the GPLv2 or later.\u003C\u002Fp>\n","Easily control who can register. Block bad emails\u002Fdomains, prevent duplicate IPs, and real-time email validation during signup.",0,322,100,1,"2026-02-24T04:15:00.000Z","6.8.5","5.0","",[20,21,22,23,24],"domain-blacklist","email-blacklist","email-verification","registration","spam-prevention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestusre-restrict-users-registration.1.0.1.zip",null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"tuhinbhuiyan",30,94,"2026-04-04T11:08:46.007Z",[35,59,79,97,114],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":18,"download_link":55,"security_score":56,"vuln_count":57,"unpatched_count":11,"last_vuln_date":58,"fetched_at":27},"debounce-io-email-validator","DeBounce Email Validator","5.8.7","debounce","https:\u002F\u002Fprofiles.wordpress.org\u002Fdebounce\u002F","\u003Ch3>🚀 Transform Your Email Quality with AI-Powered Validation\u003C\u002Fh3>\n\u003Cp>Tired of fake emails, spam traps, and disposable addresses cluttering your database? DeBounce Email Validator is the ultimate solution for WordPress websites that demand real, deliverable email addresses.\u003C\u002Fp>\n\u003Ch3>Why Choose DeBounce?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>99.9% Accuracy Rate\u003C\u002Fstrong> – Industry-leading validation precision  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero IP Impact\u003C\u002Fstrong> – No emails sent, no blacklisting risk  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliant\u003C\u002Fstrong> – Complete privacy protection  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Validation\u003C\u002Fstrong> – Instant feedback for users  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced AI Detection\u003C\u002Fstrong> – Catches sophisticated spam attempts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>E-commerce stores (WooCommerce)  \u003C\u002Fli>\n\u003Cli>Lead generation forms  \u003C\u002Fli>\n\u003Cli>User registration systems  \u003C\u002Fli>\n\u003Cli>Contact forms  \u003C\u002Fli>\n\u003Cli>Newsletter signups  \u003C\u002Fli>\n\u003Cli>Any WordPress form  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Install, connect your API key, and watch your email quality soar while reducing spam and improving conversion rates.\u003C\u002Fp>\n\u003Ch3>Supported Forms and Plugins\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🛒 E-COMMERCE & BUSINESS FORMS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WooCommerce – Validate shipping and billing emails  \u003C\u002Fli>\n\u003Cli>Gravity Forms – Enterprise-grade form validation  \u003C\u002Fli>\n\u003Cli>Contact Form 7 – Most popular contact form plugin  \u003C\u002Fli>\n\u003Cli>WPForms – Drag & drop form builder  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🏗️ ADVANCED FORM BUILDERS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ninja Forms – Professional form creation  \u003C\u002Fli>\n\u003Cli>Formidable Forms – Complex form solutions  \u003C\u002Fli>\n\u003Cli>Forminator – Modern form builder  \u003C\u002Fli>\n\u003Cli>Fluent Forms – Advanced form management  \u003C\u002Fli>\n\u003Cli>Elementor Forms – Page builder integration  \u003C\u002Fli>\n\u003Cli>WSForms – Premium form builder  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚙️ WORDPRESS CORE FEATURES\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Comments – Validate commenter emails  \u003C\u002Fli>\n\u003Cli>User Registration – Ensure valid signup emails  \u003C\u002Fli>\n\u003Cli>Jetpack Forms – Automattic’s form solution  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🔧 CUSTOM INTEGRATION\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Any Custom Form – Works with \u003Ccode>is_email()\u003C\u002Fcode> function  \u003C\u002Fli>\n\u003Cli>Third-party Plugins – Automatic compatibility  \u003C\u002Fli>\n\u003Cli>API Integration – Direct API access available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🔍 CORE VALIDATION CHECKS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>DNS & MX Record Validation – Verify domain authenticity  \u003C\u002Fli>\n\u003Cli>Syntax Verification – IETF\u002FRFC standard compliance  \u003C\u002Fli>\n\u003Cli>Mailbox Existence – Confirm email actually exists  \u003C\u002Fli>\n\u003Cli>SMTP Connection Testing – Real server verification  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🛡️ SECURITY & SPAM PROTECTION\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disposable Email Detection – Block temporary email services  \u003C\u002Fli>\n\u003Cli>Spam Trap Identification – Prevent honeypot emails  \u003C\u002Fli>\n\u003Cli>Typosquatting Prevention – Catch misspelled domains  \u003C\u002Fli>\n\u003Cli>Role-based Email Filtering – Block info@, admin@, etc.  \u003C\u002Fli>\n\u003Cli>Custom Blocklist – Your own domain\u002Femail restrictions  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚡ PERFORMANCE & RELIABILITY\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time Validation – Instant user feedback  \u003C\u002Fli>\n\u003Cli>Temporary Unavailability Detection – Handle server issues  \u003C\u002Fli>\n\u003Cli>Catch-All Domain Testing – Identify low-quality domains  \u003C\u002Fli>\n\u003Cli>Greylisting Detection – Advanced spam protection  \u003C\u002Fli>\n\u003Cli>99.9% Accuracy Rate – Industry-leading precision  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🔒 PRIVACY & COMPLIANCE\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GDPR Compliant – No email storage  \u003C\u002Fli>\n\u003Cli>Zero IP Impact – No emails sent from your servers  \u003C\u002Fli>\n\u003Cli>Secure API Communication – Encrypted data transfer  \u003C\u002Fli>\n\u003Cli>Privacy-First Design – Your data stays private  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>📊 ANALYTICS & MONITORING\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Validation Logs – Track all validation attempts  \u003C\u002Fli>\n\u003Cli>Performance Metrics – Monitor validation success rates  \u003C\u002Fli>\n\u003Cli>Custom Error Messages – Branded user feedback  \u003C\u002Fli>\n\u003Cli>Multi-language Support – Global accessibility  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Start with 100 Free Validations\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fdebounce.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get your API key now\u003C\u002Fa>\u003C\u002Fp>\n","Real-time email validation for WordPress forms. Block invalid, disposable, and risky emails to keep your database clean and improve deliverability.",300,22560,78,16,"2026-01-21T23:40:00.000Z","6.9.4","3.0.1","7.0",[52,53,54,22,24],"disposable-email","email-checker","email-validation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebounce-io-email-validator.zip",92,4,"2025-04-09 00:00:00",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":43,"downloaded":67,"rating":13,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"email-and-domain-blocker","Email and Domain Blocker for WooCommerce","1.1","Kaleem Abbasi","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaleemabbasi\u002F","\u003Cp>Tired of fake signups and spam accounts in your WooCommerce store?\u003Cbr \u002F>\n\u003Cstrong>Email and Domain Blocker for WooCommerce\u003C\u002Fstrong> lets you block unwanted emails or domains from registering — keeping your store clean and your customers real.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Block specific email addresses (e.g. \u003Ccode>baduser@gmail.com\u003C\u002Fcode>)\u003Cbr \u002F>\n* Block entire domains (e.g. \u003Ccode>@spam.com\u003C\u002Fcode>)\u003Cbr \u002F>\n* Wildcard support (e.g. \u003Ccode>*@gmail.com\u003C\u002Fcode>, \u003Ccode>*@*.ru\u003C\u002Fcode>)\u003Cbr \u002F>\n* Test Email Checker (instantly check if an email is allowed or blocked)\u003Cbr \u002F>\n* Optional logging of blocked attempts\u003Cbr \u002F>\n* Logs tab to view, clear, and download blocked attempts as CSV\u003Cbr \u002F>\n* Simple admin UI with usage examples\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Use cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Stop spam signups with disposable or free mail services\u003Cbr \u002F>\n* Block competitors or fraud-prone domains\u003Cbr \u002F>\n* Restrict registrations to company emails only\u003C\u002Fp>\n","Block emails or domains from WooCommerce signups. Supports wildcards, logging, CSV export, and test email checker.",2068,3,"2025-09-03T21:51:00.000Z","6.6.5","5.8","7.2",[74,75,23,24,76],"domain-blocker","email-blocker","woocommerce","https:\u002F\u002Fkaleemabbasi.com\u002Femail-and-domain-blocker-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-and-domain-blocker.1.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":13,"downloaded":87,"rating":13,"num_ratings":88,"last_updated":89,"tested_up_to":70,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"email-verification-elementor-forms","Email Verification for Elementor Forms","1.2.2","rloes","https:\u002F\u002Fprofiles.wordpress.org\u002Frloes\u002F","\u003Cp>Add an email verification field to your Elementor forms. Users receive a code to the email entered on first submit and can only submit the form if they enter the code. This ensures submissions from verified emails, reducing spam.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>evef\u002Fgenerator\u002Fcode\u003C\u002Fcode> – Customize the generated verification code.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Femail_to\u003C\u002Fcode> – Customize the recipient email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Femail_from\u003C\u002Fcode> – Customize the email “from” address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Femail_from_name\u003C\u002Fcode> – Customize the name of the email sender.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Femail_to_bcc\u003C\u002Fcode> – Customize the BCC recipient email address.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Fsubject\u003C\u002Fcode> – Customize the email subject.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Fbody\u003C\u002Fcode> – Customize the email message content.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Femail\u002Fheaders\u003C\u002Fcode> – Customize the email headers.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Fvaldation\u002Finvalid_code_message\u003C\u002Fcode> – Customize the error message shown if the code is invalid.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Fclassic\u002Fnormal_text\u003C\u002Fcode> – Customize the text for resending the email.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Fclassic\u002Fsuccess_text\u003C\u002Fcode> – Customize the success message text.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Fclassic\u002Ferror_text\u003C\u002Fcode> – Customize the error message text.\u003C\u002Fli>\n\u003Cli>\u003Ccode>evef\u002Fclassic\u002Floader_html\u003C\u002Fcode> – Customize the loader HTML.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>For detailed usage instructions and more customization options, please refer to the documentation included with the plugin.\u003C\u002Fp>\n","Add email verification to Elementor forms: users confirm via code, ensuring valid submissions and reducing spam.",2980,2,"2024-09-26T10:31:00.000Z","6.0","8.0",[93,22,94,24],"elementor","forms","https:\u002F\u002Fgithub.com\u002Frloes\u002Femail-verification-elementor-forms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-verification-elementor-forms.1.2.2.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":13,"num_ratings":57,"last_updated":107,"tested_up_to":70,"requires_at_least":108,"requires_php":72,"tags":109,"homepage":112,"download_link":113,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"validator-pizza","MailCheck.ai","1.3.0","tompec","https:\u002F\u002Fprofiles.wordpress.org\u002Ftompec\u002F","\u003Cp>\u003Cstrong>MailCheck.ai is now UserCheck.com\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fusercheck\u002F\" rel=\"ugc\">new version\u003C\u002Fa> of this plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>MailCheck.ai is a powerful WordPress plugin that prevents disposable or throwaway email addresses from registering or commenting on your site. This helps to protect your site from spam and maintain the quality of your user base.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically checks email addresses against a constantly updated database of disposable email domains\u003C\u002Fli>\n\u003Cli>Works out of the box with no configuration required\u003C\u002Fli>\n\u003Cli>No API key needed\u003C\u002Fli>\n\u003Cli>Caches results for improved performance\u003C\u002Fli>\n\u003Cli>Seamlessly integrates with WordPress registration and comment forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin uses the API provided by \u003Ca href=\"https:\u002F\u002Fwww.mailcheck.ai\" rel=\"nofollow ugc\">MailCheck.ai\u003C\u002Fa>, which is constantly updated to include the latest disposable email domains. This ensures your site stays protected against new disposable email providers.\u003C\u002Fp>\n\u003Cp>MailCheck.ai is free to use and starts working immediately after installation. No registration or configuration is required.\u003C\u002Fp>\n","Prevent disposable email addresses from registering or commenting on your site with MailCheck.ai.",60,4935,"2024-08-27T03:13:00.000Z","5.2",[52,54,110,24,111],"security","user-registration","https:\u002F\u002Fwww.mailcheck.ai","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvalidator-pizza.1.3.0.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":11,"num_ratings":11,"last_updated":124,"tested_up_to":70,"requires_at_least":18,"requires_php":18,"tags":125,"homepage":127,"download_link":128,"security_score":56,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"bp-blacklist-signup-by-email-domain","BP Blacklist Signup by Email Domain","1.1.0","Venutius","https:\u002F\u002Fprofiles.wordpress.org\u002Fvenutius\u002F","\u003Cp>User registration spam is prevalent in BuddyPress.\u003C\u002Fp>\n\u003Cp>One way to dramatically decrease signup spam is to restrict the email address domains that users can sign up with.\u003C\u002Fp>\n\u003Cp>WordPress multisite has a native option called “Limited Email Registrations”.  But this option requires you to enter the full email domain.  For example, if you only wanted to allow .edu email addresses to register, this is not possible.\u003C\u002Fp>\n\u003Cp>This plugin restricts registrations to the email domains that you are not specified in the blacklist and works in WordPress single-site and multi-site.\u003C\u002Fp>\n\u003Cp>Plugin is a fork of r-a-y’s BP Restrict Signup by Email Domain.\u003C\u002Fp>\n\u003Cp>Tested on BuddyPress 2.5, but should work all the way down to BuddyPress 1.6.\u003C\u002Fp>\n","Only allow users with email addresses not on the domain blacklist to register in BuddyPress.",10,2527,"2024-07-20T20:53:00.000Z",[126,21,23],"buddypress","https:\u002F\u002Fbuddyuser.com\u002Fplugin-bp-blcklist-signup-by-email-domain\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-blacklist-signup-by-email-domain.1.1.0.zip",{"attackSurface":130,"codeSignals":214,"taintFlows":237,"riskAssessment":273,"analyzedAt":280},{"hooks":131,"ajaxHandlers":163,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":212,"unprotectedCount":213},[132,138,142,148,151,155,158],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_menu","add_menu","admin\\class-admin.php",22,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_enqueue_scripts","enqueue_assets",23,{"type":143,"name":144,"callback":145,"priority":122,"file":146,"line":147},"filter","registration_errors","validate_email_on_register","includes\\class-hooks.php",17,{"type":143,"name":149,"callback":149,"priority":122,"file":146,"line":150},"woocommerce_registration_errors",20,{"type":133,"name":152,"callback":153,"priority":122,"file":146,"line":154},"woocommerce_created_customer","log_ip_after_woo_register",21,{"type":133,"name":156,"callback":157,"priority":122,"file":146,"line":141},"user_register","log_ip_after_user_register",{"type":133,"name":159,"callback":160,"file":161,"line":162},"plugins_loaded","closure","restusre-restrict-users-registration.php",47,[164,170,174,178,182,186,189,193,197,201,205],{"action":165,"nopriv":166,"callback":167,"hasNonce":168,"hasCapCheck":168,"file":136,"line":169},"restusre_save_settings",false,"ajax_save_settings",true,24,{"action":171,"nopriv":166,"callback":172,"hasNonce":168,"hasCapCheck":168,"file":136,"line":173},"restusre_blacklist_action","ajax_blacklist_action",25,{"action":175,"nopriv":166,"callback":176,"hasNonce":166,"hasCapCheck":166,"file":136,"line":177},"restusre_domain_blacklist","ajax_domain_blacklist",26,{"action":179,"nopriv":166,"callback":180,"hasNonce":166,"hasCapCheck":166,"file":136,"line":181},"restusre_email_blacklist_list","ajax_email_blacklist_list",28,{"action":183,"nopriv":166,"callback":184,"hasNonce":166,"hasCapCheck":166,"file":136,"line":185},"restusre_email_blacklist_add","ajax_email_blacklist_add",29,{"action":187,"nopriv":166,"callback":188,"hasNonce":166,"hasCapCheck":166,"file":136,"line":31},"restusre_email_blacklist_remove","ajax_email_blacklist_remove",{"action":190,"nopriv":166,"callback":191,"hasNonce":166,"hasCapCheck":166,"file":136,"line":192},"restusre_domain_blacklist_list","ajax_domain_blacklist_list",32,{"action":194,"nopriv":166,"callback":195,"hasNonce":166,"hasCapCheck":166,"file":136,"line":196},"restusre_domain_blacklist_add","ajax_domain_blacklist_add",33,{"action":198,"nopriv":166,"callback":199,"hasNonce":166,"hasCapCheck":166,"file":136,"line":200},"restusre_domain_blacklist_remove","ajax_domain_blacklist_remove",34,{"action":202,"nopriv":166,"callback":203,"hasNonce":168,"hasCapCheck":168,"file":136,"line":204},"restusre_signup_activity_list","ajax_signup_activity_list",35,{"action":206,"nopriv":166,"callback":207,"hasNonce":168,"hasCapCheck":168,"file":136,"line":208},"restusre_signup_activity_remove","ajax_signup_activity_remove",36,[],[],[],11,7,{"dangerousFunctions":215,"sqlUsage":216,"outputEscaping":227,"fileOperations":11,"externalRequests":14,"nonceChecks":213,"capabilityChecks":213,"bundledLibraries":236},[],{"prepared":217,"raw":68,"locations":218},6,[219,222,225],{"file":136,"line":220,"context":221},468,"$wpdb->get_results() with variable interpolation",{"file":223,"line":56,"context":224},"includes\\class-db.php","$wpdb->query() with variable interpolation",{"file":223,"line":226,"context":224},93,{"escaped":204,"rawEcho":68,"locations":228},[229,232,234],{"file":136,"line":230,"context":231},141,"raw output",{"file":136,"line":233,"context":231},151,{"file":136,"line":235,"context":231},161,[],[238,262],{"entryPoint":239,"graph":240,"unsanitizedCount":11,"severity":261},"handle_blacklist_ajax (admin\\class-admin.php:309)",{"nodes":241,"edges":258},[242,247,252,255],{"id":243,"type":244,"label":245,"file":136,"line":246},"n0","source","$_POST[$field] (x2)",342,{"id":248,"type":249,"label":250,"file":136,"line":246,"wp_function":251},"n1","sink","call_user_func() [RCE]","call_user_func",{"id":253,"type":244,"label":254,"file":136,"line":246},"n2","$_POST (x2)",{"id":256,"type":249,"label":250,"file":136,"line":257,"wp_function":251},"n3",353,[259,260],{"from":243,"to":248,"sanitized":168},{"from":253,"to":256,"sanitized":168},"low",{"entryPoint":263,"graph":264,"unsanitizedCount":11,"severity":261},"\u003Cclass-admin> (admin\\class-admin.php:0)",{"nodes":265,"edges":270},[266,267,268,269],{"id":243,"type":244,"label":245,"file":136,"line":246},{"id":248,"type":249,"label":250,"file":136,"line":246,"wp_function":251},{"id":253,"type":244,"label":254,"file":136,"line":246},{"id":256,"type":249,"label":250,"file":136,"line":257,"wp_function":251},[271,272],{"from":243,"to":248,"sanitized":168},{"from":253,"to":256,"sanitized":168},{"summary":274,"deductions":275},"The plugin 'restusre-restrict-users-registration' v1.0.1 exhibits a mixed security posture.  On the positive side, the plugin demonstrates good practices by having a high percentage of properly escaped outputs and a majority of SQL queries using prepared statements.  Furthermore, the absence of known CVEs and a clean taint analysis with no critical or high severity flows are significant strengths.  However, the plugin presents a considerable risk due to its large attack surface composed of 11 AJAX handlers, 7 of which lack authentication checks. This means a substantial number of entry points are vulnerable to unauthenticated users, which could lead to unintended actions or information disclosure if specific vulnerabilities are present within these handlers.\n\nThe vulnerability history of this plugin is completely clean, with no recorded CVEs. This suggests either a history of strong security development or a lack of past scrutiny. While encouraging, it doesn't negate the risks identified in the static analysis, particularly the unprotected AJAX endpoints. The plugin's strengths lie in its careful handling of output and database interactions, but its weakness is the insufficient protection of its AJAX interface. A balanced conclusion is that while the plugin avoids common pitfalls like SQL injection via unprepared statements or vulnerable taint flows, the unauthenticated AJAX endpoints represent a significant and potentially exploitable weakness that needs immediate attention.",[276,278],{"reason":277,"points":213},"Unprotected AJAX handlers",{"reason":279,"points":68},"External HTTP requests","2026-03-17T06:53:03.033Z",{"wat":282,"direct":293},{"assetPaths":283,"generatorPatterns":286,"scriptPaths":287,"versionParams":289},[284,285],"\u002Fwp-content\u002Fplugins\u002Frestusre-restrict-users-registration\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Frestusre-restrict-users-registration\u002Fadmin\u002Fcss\u002Fbootstrap.min.css",[],[288],"\u002Fwp-content\u002Fplugins\u002Frestusre-restrict-users-registration\u002Fadmin\u002Fjs\u002Fadmin.js",[290,291,292],"restusre-restrict-users-registration\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","restusre-restrict-users-registration\u002Fadmin\u002Fcss\u002Fbootstrap.min.css?ver=","restusre-restrict-users-registration\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":294,"htmlComments":296,"htmlAttributes":297,"restEndpoints":300,"jsGlobals":301,"shortcodeOutput":303},[295],"evp-settings-page",[],[298,299],"window.RESTUSRE_DOMAIN_DEBUG","RESTUSRE_AJAX",[],[302,299],"RESTUSRE_DOMAIN_DEBUG",[]]