[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwKZ_6zK2LHum8z9qkMQ64QRDoJ-_3T2PMuO1CgsyKBo":3,"$fLR8ryFVx4lY6HwRzwrKMDwCTrLaqkl7uLYx0JPN6VjQ":231,"$fSd4VtxvQnz1YQ5p3wD-RubQZJX0YbdDlCT7ssk4iMro":236},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":145,"fingerprints":216},"security-assassin","Security Assassin","1.1.4","Evgen Yurchenko","https:\u002F\u002Fprofiles.wordpress.org\u002Fyurchenkoev\u002F","\u003Cp>It protects against third-party access the file system on your site\u003Cbr \u002F>\nHide your site from users who did not login\u003Cbr \u002F>\nHide your site from some users registered\u003C\u002Fp>\n","It protects against third-party access the file system on your site Hide your site from users who did not login Hide your site from some users regist &hellip;",10,1725,0,"2016-12-08T13:10:00.000Z","4.7.32","2.8","",[19,20,21,22,23],"access","hide","mail","protection","spam","http:\u002F\u002Fyur4enko.com\u002Fcategory\u002Fmoi-proekty\u002Fsecurity-assassin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-assassin.1.1.4.zip",85,null,"2026-03-15T15:16:48.613Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"yurchenkoev",1,30,84,"2026-05-19T17:27:59.528Z",[38,64,89,108,127],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":33,"unpatched_count":13,"last_vuln_date":62,"fetched_at":63},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,281526,88,19,"2025-12-18T08:01:00.000Z","6.9.4","6.7","8.3",[55,56,21,57,58],"antispam","email-encryption","privacy","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip",99,"2025-12-04 20:35:36","2026-04-16T10:56:18.058Z",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":84,"download_link":85,"security_score":86,"vuln_count":87,"unpatched_count":33,"last_vuln_date":88,"fetched_at":63},"wp-mailto-links","WP Mailto Links – Protect Email Addresses","3.1.4","Online Optimisation","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineoptimisation\u002F","\u003Cp>Protect and encode email addresses safely from spambots, spamming and other robots. Easy to use out-of-the-box without any configuration.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full page protection for emails\u003C\u002Fli>\n\u003Cli>Instant results (No confiruation needed)\u003C\u002Fli>\n\u003Cli>Protects mailto links, plain emails, email input fields, RSS feeds and much more\u003C\u002Fli>\n\u003Cli>Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)\u003C\u002Fli>\n\u003Cli>Exclude posts and pages from protection\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to mailto-links\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to png images\u003C\u002Fli>\n\u003Cli>Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more\u003C\u002Fli>\n\u003Cli>Deactivate CSS directions manually for backwards compatibility\u003C\u002Fli>\n\u003Cli>Shortcode support: \u003Ccode>[wpml_mailto]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Template tag support: \u003Ccode>wpml_mailto()\u003C\u002Fcode> and \u003Ccode>wpml_filter()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin combines the best email protection methods (CSS, PHP and JavaScript techniques).\u003C\u002Fp>\n\u003Ch4>Free Website Check\u003C\u002Fh4>\n\u003Cp>We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by \u003Ca href=\"https:\u002F\u002Fironikus.com\u002Femail-checker\u002F\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. After activating the plugin, all options are already set for protecting your emails and mailto links.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. All settings are default set to protect your email addresses automatically with the best method available.\u003Cbr \u002F>\nIf you want to manually create protected mailto links, just use the shortcode (\u003Ccode>[wpml_mailto]\u003C\u002Fcode>) within your posts or use the template tags (\u003Ccode>wpml_mailto()\u003C\u002Fcode> or \u003Ccode>wpml_filter()\u003C\u002Fcode>) in your theme files.\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpml_mailto email=”…”]…[\u002Fwpml_mailto]`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your posts:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Cp>It’s also possible to add attributes to the mailto link, like a target:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com” target=”_blank”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpmt_protect]…[\u002Fwpmt_protect]`\u003C\u002Fh4>\n\u003Cp>Protect content using our plugin that is not encodedby default (E.g. some ajax loaded values):\u003Cbr \u002F>\n    [wpmt_protect]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Cp>It’s also possible to customize the encoding type using “protect_using”. Possible values: char_encode, strong_method, without_javascript, with_javascript:\u003Cbr \u002F>\n    [wpmt_protect protect_using=”…”]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Ch4>Template tag `wpml_mailto( $email [, $display] [, $attrs] )`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your template like:\n    \u003C\u002Fp>\n\u003Ch4>Template tag `wpml_filter( $content )`\u003C\u002Fh4>\n\u003Cp>Filter given content to protect mailto links, shortcodes and plain emails (according to the settings in admin):\n    \u003C\u002Fp>\n","Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.",8000,187082,92,33,"2023-09-22T16:55:00.000Z","6.2.9","4.7","5.3.2",[55,81,82,20,83],"email","email-address","mailto","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mailto-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mailto-links.3.1.4.zip",62,2,"2025-09-22 00:00:00",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":99,"num_ratings":33,"last_updated":100,"tested_up_to":51,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":17,"download_link":107,"security_score":99,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":63},"email-no-bot","Email No Bot – Prevent bots from detecting emails","0.0.3","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>With Email No Bot humans will see the emails that you write using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FShortcode\" rel=\"nofollow ugc\">shortcode\u003C\u002Fa> [hide_email email=”example@mail.com”], but robots will not.\u003C\u002Fp>\n\u003Cp>The user will not be able to copy the email in the clipboard. If you think this is a problem, this plugin is not for you.\u003C\u002Fp>\n\u003Cp>Looking at the screen you can see the email, but if you inspect elements, instead of the email you will see something strange, and not predictable. That’s what a bot will also see.\u003C\u002Fp>\n\u003Cp>The output is something very random for the bot, and even if the code of this plugin is open source, no bot will be able to decrypt the email.\u003C\u002Fp>\n\u003Cp>There are amazing plugins for contact forms, but sometimes what you really need is just an email that people can use to contact you.\u003Cbr \u002F>\nContact forms are so popular because a bot will not be able to get your email, but if you have a way to prevent bots from getting your email, you can simply add it to your page without the need of a contact form. Your page will be lighter and simple.\u003C\u002Fp>\n\u003Cp>Email No Bot has no settings page, it doesn’t write anything in the database, and it doesn’t load any asset on frontend, it just provides a shortcode, that’s it.\u003C\u002Fp>\n\u003Ch3>How to encrypt an email with Email No Bot\u003C\u002Fh3>\n\u003Cp>To encrypt an email use the shortcode \u003Cstrong>[hide_email email=”example@mail.com”]\u003C\u002Fstrong>.\u003Cbr \u002F>\nOf course, replace example@mail.com with the email that you want to display.\u003Cbr \u002F>\nYou can see an example and see how it works on the blog post \u003Ca href=\"https:\u002F\u002Fjosemortellaro.com\u002Fprevent-bots-from-getting-emails-from-your-website\u002F\" rel=\"nofollow ugc\">Prevent bots from getting emais from your website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Main features of Email No Bot\u003C\u002Fh3>\n\u003Cp>It obfuscate emails with 52 lines of code! The entire zip is less than 3 kB. No complicated settings, no database queries, no assets, nothing else than a shortcode. You will have no spam at zero cost in terms of performance. The weight of this plugin similar to the weight of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly\u002F\" rel=\"ugc\">Hello Dolly\u003C\u002Fa>.\u003Cbr \u002F>\nYou can see here the \u003Ca href=\"https:\u002F\u002Fplugintests.com\u002Fplugins\u002Fwporg\u002Femail-no-bot\u002Flatest\" rel=\"nofollow ugc\">consumption of Email No Bot\u003C\u002Fa>. As you will see it’s not measurable.\u003C\u002Fp>\n\u003Ch3>Limitations of Email No Bot\u003C\u002Fh3>\n\u003Cp>The user will not be able to copy the email in the clipboard. But this is also what makes this plugin so powerful against spam bots.\u003C\u002Fp>\n\u003Ch3>Similar plugin to hide links\u003C\u002Fh3>\n\u003Cp>If you need something similar to hide links, you can try \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-link\u002F\" rel=\"ugc\">Hide Link\u003C\u002Fa>\u003C\u002Fp>\n","Humans will see the email address on your page, but robots will not.",200,6562,100,"2025-12-05T09:20:00.000Z","4.6","7.4",[56,104,105,106,58],"email-obfuscation","no-bot","spam-email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-no-bot.0.0.3.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":99,"downloaded":116,"rating":99,"num_ratings":33,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":102,"tags":120,"homepage":125,"download_link":126,"security_score":99,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":63},"advanced-email-filter-for-elementor-forms","Advanced Email Filter for Elementor Forms","1.2.0","Mahidul Islam Mukto","https:\u002F\u002Fprofiles.wordpress.org\u002Fmuktoapb\u002F","\u003Cp>Advanced Email Filter for Elementor Forms adds enterprise-grade email validation to your Elementor pro forms. Protect against spam submissions while maintaining flexibility for legitimate users.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Global Blocklist\u002FWhitelist management\u003C\u002Fli>\n\u003Cli>Per-form email filtering rules\u003C\u002Fli>\n\u003Cli>Wildcard support for domains and patterns\u003C\u002Fli>\n\u003Cli>Business email only filter (new feature)\u003C\u002Fli>\n\u003Cli>Disposable \u002F temporary email blocking (new feature)\u003C\u002Fli>\n\u003Cli>Compatible with Elementor Pro forms only\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.wpprodevs.com\u002Fadvanced-email-filter-for-elementor-forms\u002F\" rel=\"nofollow ugc\">Learn more about all features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.wpprodevs.com\u002Fdocs\u002Femail-filter-for-elementor\u002F\" rel=\"nofollow ugc\">Read Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FfMFmGRLFpNQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>There is two place where you can control email filter.\u003C\u002Fp>\n\u003Ch4>Global Settings\u003C\u002Fh4>\n\u003Cp>Navigate to \u003Ccode>Email Filter -> Settings\u003C\u002Fcode> to configure:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocklist\u003C\u002Fstrong>: @spamdomain.com, *.ru, fake-user@\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Whitelist\u003C\u002Fstrong>: @yourcompany.com, admin@, *.trusted.org\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Form-Specific Settings\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Edit Elementor Form widget\u003C\u002Fli>\n\u003Cli>Open \u003Cem>Email Filtering\u003C\u002Fem> section\u003C\u002Fli>\n\u003Cli>Add patterns:\n\u003Cul>\n\u003Cli>Blocklist (form-specific)\u003Cbr \u002F>\n@temp-domain.com, *.xyz\u003C\u002Fli>\n\u003Cli>Whitelist (form-specific)\u003Cbr \u002F>\n@client-domain.com, manager@\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Hooks & Filters\u003C\u002Fh3>\n\u003Cp>Customize validation behavior using these hooks:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F Modify validation error message\nadd_filter('aefe_validation_error', function($message, $email) {\n    return sprintf(__('Error: %s is blocked', 'text-domain'), $email);\n}, 10, 2);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Enhance Elementor Pro Forms with advanced email filtering capabilities including global blocklists\u002Fwhitelist and per-form controls.",1178,"2025-07-05T16:37:00.000Z","6.8.5","5.6",[121,122,123,58,124],"disposable-email","elementor-form","email-blacklist","whitelist-email","https:\u002F\u002Fwww.mukto.info\u002Fproject\u002Fadvanced-email-filter-for-elementor-forms\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-email-filter-for-elementor-forms.1.2.0.zip",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":13,"num_ratings":13,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":17,"tags":140,"homepage":143,"download_link":144,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":63},"wl-email-encrypter","wL Email Encrypter","1.0.5","Art4","https:\u002F\u002Fprofiles.wordpress.org\u002Fwlabs\u002F","\u003Cp>wL Email Encrypter scans pages, articles, comments or RSS feeds for email addresses and encrypts them using JavaScript or replacing the \u003Ccode>@\u003C\u002Fcode> signs with your own text like \u003Ccode>[at]\u003C\u002Fcode>. This allows bots and other email-collectors do not recognize and save the emails.\u003C\u002Fp>\n\u003Cp>A visitor who has not activated JavaScript, gets displayed a userdefined message about it.\u003C\u002Fp>\n\u003Cp>If an user is logged in, the emails won’t be encrypted.\u003C\u002Fp>\n\u003Cp>The protect method can be set separately for posts, comments and rss feeds. For example, RSS Feeds should not include JavaScript, so there should prefer the \u003Ccode>@\u003C\u002Fcode> sign to be replaced.\u003C\u002Fp>\n\u003Cp>wL Email Encrypter also recognizes with \u003Ccode>mailto:\u003C\u002Fcode> email addresses linked with subject information and others, and protect this information also.\u003C\u002Fp>\n\u003Cp>There is a meta box for page-specific settings in the administration, in which a specific protection can be selected or disabled.\u003C\u002Fp>\n\u003Cp>Take a look at the screenshots to find out more.\u003C\u002Fp>\n","This plugin encrypted e-mail addresses to protect and hide them from bots and harvesters.",90,11353,"2011-03-28T23:45:00.000Z","4.6.30","2.9",[81,141,20,142,23],"encrypt","protect","http:\u002F\u002Fwww.wlabs.de\u002Fplugins\u002Fwl-email-encrypter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwl-email-encrypter.1.0.5.zip",{"attackSurface":146,"codeSignals":185,"taintFlows":201,"riskAssessment":202,"analyzedAt":215},{"hooks":147,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":13,"unprotectedCount":13},[148,154,157,161,165,169,174,177],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","init","initlang","security-assassin.php",494,{"type":149,"name":150,"callback":155,"file":152,"line":156},"hide_guest",496,{"type":149,"name":158,"callback":159,"file":152,"line":160},"admin_menu","add_menu",498,{"type":149,"name":162,"callback":163,"file":152,"line":164},"admin_notices","notification",500,{"type":149,"name":166,"callback":167,"file":152,"line":168},"wp_enqueue_scripts","newear",502,{"type":170,"name":171,"callback":172,"priority":11,"file":152,"line":173},"filter","plugin_action_links","edit_actions_links",504,{"type":149,"name":162,"callback":175,"file":152,"line":176},"notification_no_valid_system",507,{"type":149,"name":178,"callback":179,"file":152,"line":180},"plugins_loaded","letsstart",524,[],[],[],[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":192,"fileOperations":199,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":13,"raw":33,"locations":188},[189],{"file":152,"line":190,"context":191},323,"$wpdb->get_results() with variable interpolation",{"escaped":13,"rawEcho":87,"locations":193},[194,197],{"file":152,"line":195,"context":196},423,"raw output",{"file":152,"line":198,"context":196},448,6,[],[],{"summary":203,"deductions":204},"The \"security-assassin\" v1.1.4 plugin exhibits a mixed security posture. On the surface, it presents a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. The lack of external HTTP requests and no recorded vulnerability history are also positive indicators, suggesting a generally stable and unexploited codebase. However, the static analysis reveals significant underlying weaknesses.\n\nA primary concern is the complete absence of nonce checks and capability checks. This means that any functionality exposed by the plugin, even if not directly apparent from the listed entry points, could potentially be executed by unauthenticated or unauthorized users. The single SQL query identified is not using prepared statements, posing a risk of SQL injection. Furthermore, the lack of output escaping on all identified outputs is a critical vulnerability, making cross-site scripting (XSS) attacks highly probable.\n\nWhile the plugin has no known CVEs, this is likely due to the fundamental security flaws present in its code rather than inherent resilience. The complete lack of taint analysis flows analyzed is also concerning, as it suggests the static analysis tool may not have been able to effectively probe the plugin's code for deeper vulnerabilities. In conclusion, despite a seemingly small attack surface and no public vulnerability history, \"security-assassin\" v1.1.4 has critical security flaws related to authorization, input validation (SQL injection), and output sanitization (XSS) that require immediate attention.",[205,208,210,213],{"reason":206,"points":207},"Raw SQL without prepared statements",8,{"reason":209,"points":199},"0% output escaping",{"reason":211,"points":212},"0 Nonce checks",7,{"reason":214,"points":212},"0 Capability checks","2026-03-17T01:38:36.220Z",{"wat":217,"direct":222},{"assetPaths":218,"generatorPatterns":219,"scriptPaths":220,"versionParams":221},[],[],[],[],{"cssClasses":223,"htmlComments":224,"htmlAttributes":227,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":230},[],[225,226],"\u003C!--Security Assassin START -->","\u003C!--Security Assassin END -->",[],[],[],[],{"error":232,"url":233,"statusCode":234,"statusMessage":235,"message":235},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsecurity-assassin\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":237},[]]