[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2PyJW970MSFjAZyIB7It0zkVtGWgHKB1XqrebTiEHtE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":154,"fingerprints":300},"send-from","Send From","2.5","Benjamin Buddle","https:\u002F\u002Fprofiles.wordpress.org\u002Fmahoskye\u002F","\u003Cp>I have issues with my hosting service not allowing me to easily set the ‘From line’ for my server email. Whenever a new user signs up they see username@hostingservice.com even though they should see user@site.com. Before Send From you would be required to modify your installation of WordPress just about every time you do an update. No longer! With Send From, you simply go into your admin panel and set what the end user will see on their emails from line.\u003C\u002Fp>\n\u003Ch3>Support Questions\u003C\u002Fh3>\n\u003Cp>If there are any issues that crop up, I will be happy to take a look at solving them. However, due to many factors, I can’t offer active support for the plugin.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>CVE: CVE-2025-46469 – Cross-site scripting (Stored XSS) in plugin settings.\u003C\u002Fp>\n\u003Cp>Summary: A stored XSS issue was reported in older versions of this plugin where un-sanitized input saved in plugin options could later be rendered into the admin interface without proper escaping. The repository has been updated to sanitize incoming option values and escape output when rendering form fields. The plugin also validates the test-send email address.\u003C\u002Fp>\n\u003Cp>Mitigation applied in this repository:\u003Cbr \u002F>\n– Sanitize email values with WordPress’ sanitize_email() before saving.\u003Cbr \u002F>\n– Sanitize name fields with sanitize_text_field() before saving.\u003Cbr \u002F>\n– Escape values when printed into HTML attributes using esc_attr().\u003Cbr \u002F>\n– Validate test-send addresses with is_email() and refuse to save invalid addresses.\u003C\u002Fp>\n","Plugin for modifying the from line on all emails coming from WordPress.",600,14218,100,8,"2025-10-10T02:42:00.000Z","6.4.8","5.9","",[20,21,22,23,24],"email","mail-from","phpmailer","sender","smtp","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsend-from\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsend-from.2.5.zip",99,1,0,"2025-04-24 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-46469","send-from-authenticated-administrator-stored-cross-site-scripting","Send From \u003C= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Send From plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=2.2","2.3","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-14 19:16:40",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F52cd845d-9c63-4f96-8ce6-fdaa6f535447?source=api-prod",174,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":51,"computed_at":52},"mahoskye",78,"2026-04-04T02:11:16.533Z",[54,77,95,115,133],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":28,"unpatched_count":29,"last_vuln_date":76,"fetched_at":31},"site-mailer","Site Mailer – SMTP Replacement, Email API Deliverability & Email Log","1.4.3","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1hOxkEO-22I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Has your WordPress site stopped sending emails? Are emails from your WordPress site landing in spam or not getting delivered? Are customers complaining about missing messages?\u003C\u002Fp>\n\u003Cp>With \u003Cstrong>Site Mailer\u003C\u002Fstrong>, you can say goodbye to email issues. Our easy-to-use tool ensures all emails reach their destination while providing you with a detailed email log to track and resend messages if needed.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhance your email management effortlessly\u003C\u002Fstrong>. Site Mailer eliminates the need for complex SMTP plugins, providing a streamlined solution for reliable email deliverability. Troubleshoot and monitor with ease using our intuitive interface, so you never miss another email.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>High Deliverability\u003C\u002Fh4>\n\u003Cp>Ensure your emails consistently reach your audience’s inbox with optimized sending methods designed to maximize deliverability and minimize spam risk.\u003C\u002Fp>\n\u003Ch4>Use Your Custom Domain\u003C\u002Fh4>\n\u003Cp>Send emails with your custom domain — or get started quickly with our default email so no email will be lost once you start working with Site Mailer.\u003C\u002Fp>\n\u003Ch4>No Integration or SMTP Plugin Needed\u003C\u002Fh4>\n\u003Cp>Site Mailer works seamlessly without the need for additional API integration or SMTP plugins. This means less hassle and more efficient email management.\u003C\u002Fp>\n\u003Ch4>Easy Setup\u003C\u002Fh4>\n\u003Cp>Get started with Site Mailer in no time. Our intuitive setup process ensures you can configure and start using the plugin quickly and effortlessly.\u003C\u002Fp>\n\u003Ch4>30-Day Log Retention\u003C\u002Fh4>\n\u003Cp>The plugin includes 30 days of email log retention, allowing you to easily track and review your email activity.\u003C\u002Fp>\n\u003Ch4>Compatibility with Popular Plugins\u003C\u002Fh4>\n\u003Cp>Site Mailer has been tested to be fully compatible with most popular WordPress plugins, including Elementor Pro, WooCommerce, Contact Form 7, WPForms and more.\u003C\u002Fp>\n\u003Ch4>Reputation Management\u003C\u002Fh4>\n\u003Cp>Safeguard your email sending reputation with intelligent features that enhance your sender score, ensuring consistent inbox placement and reducing the risk of emails being marked as spam.\u003C\u002Fp>\n\u003Ch4>Email Testing\u003C\u002Fh4>\n\u003Cp>Send a test email to confirm your site is properly configured for seamless transactional email delivery.\u003C\u002Fp>\n\u003Ch4>Resend Failed Emails\u003C\u002Fh4>\n\u003Cp>Did an email fail to deliver? Easily resend it with a single click to ensure your message reaches its intended recipient.\u003C\u002Fp>\n\u003Ch4>Suppression List\u003C\u002Fh4>\n\u003Cp>Enable easy unsubscribe options for your emails. Track and manage all unsubscribed recipients directly in the Suppressions tab.\u003C\u002Fp>\n\u003Ch3>Benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>No Integration Needed\u003C\u002Fstrong>: Use Site Mailer without the need for additional plugins or integrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>: Efficiently troubleshoot and resend emails when necessary.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spam Reduction\u003C\u002Fstrong>: Our plugin will keep your emails out of the spam folder, ensuring that your important messages reach their intended recipients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built by the Elementor team\u003C\u002Fstrong>: Leverage the trust and reliability of a solution developed by Elementor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Get Started Today\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Transform your website’s email management with Site Mailer!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>For more information about Site Mailer, visit our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-product-page\u002F\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003Cbr \u002F>\nIf you have any questions or need support, feel free to \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-contact-us\u002F\" rel=\"nofollow ugc\">contact us\u003C\u002Fa> or visit our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-help-center\u002F\" rel=\"nofollow ugc\">help center\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin requires a connection to an active Elementor account in order to identify the user and provide the user with the purchased service. This connection is triggered manually by the user via the plugin’s settings panel. Learn more our \u003Ca href=\"https:\u002F\u002Fgo.elementor.com\u002Fwp-repo-wp-dash-sm-term-and-conditions\u002F\" rel=\"nofollow ugc\">terms and conditions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin uses a 3rd party service operated by Elementor, which accepts Email information including but not limited to (from, to, cc,bcc addresses, email body, subject line and attachments). This flow is triggered automatically on every email sending process utilizing the native WordPress \u003Ccode>wp_mail\u003C\u002Fcode> function.\u003C\u002Fp>\n\u003Ch3>Related Plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-optimization\u002F\" rel=\"ugc\">Image Optimizer\u003C\u002Fa>: Superior image compression for faster, high-quality website performance.\u003C\u002Fp>\n","Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.",200000,1804250,40,13,"2026-02-17T13:35:00.000Z","6.9.4","6.6","7.4",[20,71,72,23,24],"email-api","email-log","https:\u002F\u002Felementor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-mailer.1.4.3.zip",98,"2025-02-27 23:34:36",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":67,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":93,"download_link":94,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"smtp-mailer","SMTP Mailer","1.1.25","Noor Alam","https:\u002F\u002Fprofiles.wordpress.org\u002Fnaa986\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482\" rel=\"nofollow ugc\">SMTP Mailer\u003C\u002Fa> plugin allows you to configure a mail server which handles all outgoing email from your website. It takes control of the wp_mail function and use SMTP instead.\u003C\u002Fp>\n\u003Ch3>SMTP Mailer Add-ons\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fhow-to-add-a-reply-to-address-in-the-smtp-mailer-wordpress-plugin-6997\" rel=\"nofollow ugc\">Reply-To\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-email-logger-7066\" rel=\"nofollow ugc\">Email Logger\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SMTP Mailer Settings\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMTP Host\u003C\u002Fstrong>: Your outgoing mail server (e.g. smtp.gmail.com).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Authentication\u003C\u002Fstrong>: Whether to use SMTP authentication when sending an email (True\u002FFalse). If you choose to authenticate you will also need to provide your username and password.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Username\u003C\u002Fstrong>: The username to connect to your SMTP server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Password\u003C\u002Fstrong>: The password to connect to your SMTP server.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Type of Encryption\u003C\u002Fstrong>: The encryption to be used when sending an email (TLS\u002FSSL\u002FNo Encryption. TLS is recommended).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SMTP Port\u003C\u002Fstrong>: The port to be used when sending an email (587\u002F465\u002F25). If you choose TLS the port should be set to 587. For SSL use port 465 instead.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Email Address\u003C\u002Fstrong>: The email address to be used as the From Email when sending a test email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>From Name\u003C\u002Fstrong>: The name to be used as the From Name when sending a test email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Name\u003C\u002Fstrong>: The From name in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Email\u003C\u002Fstrong>: The From email in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force From Address\u003C\u002Fstrong>: The From address in the settings is set for all outgoing email messages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disable SSL Certificate Verification\u003C\u002Fstrong>: As of PHP 5.6 a warning\u002Ferror is shown if the SSL certificate on the server is not properly configured. This option lets you disable that behaviour.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>SMTP Mailer Test Email\u003C\u002Fh3>\n\u003Cp>Once you have configured the settings you can send a test email to check the functionality of the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>To\u003C\u002Fstrong>: Email address of the recipient.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Subject\u003C\u002Fstrong>: Subject of the email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Message\u003C\u002Fstrong>: Email body.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Known Compatibility\u003C\u002Fh3>\n\u003Cp>SMTP Mailer should work with any plugin that uses the WordPress Mail function. However, It has been tested with the following form and contact form plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>Jetpack Contact Form\u003C\u002Fli>\n\u003Cli>Visual Form Builder\u003C\u002Fli>\n\u003Cli>Fast Secure Contact Form\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Contact Form by BestWebSoft\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For detailed setup instructions please visit the \u003Ca href=\"https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482\" rel=\"nofollow ugc\">SMTP Mailer\u003C\u002Fa> plugin page.\u003C\u002Fp>\n","Configure a SMTP server to send email from your WordPress site. Configure the wp_mail() function to use SMTP instead of the PHP mail() function.",70000,1380971,90,65,"2026-02-16T23:09:00.000Z","6.9",[20,92,22,24],"mail","https:\u002F\u002Fwphowto.net\u002Fsmtp-mailer-plugin-for-wordpress-1482","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmtp-mailer.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":105,"num_ratings":106,"last_updated":107,"tested_up_to":67,"requires_at_least":108,"requires_php":69,"tags":109,"homepage":113,"download_link":114,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"stop-wp-emails-going-to-spam","Stop WP Emails Going to Spam","2.2.1","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Emails generated from within WordPress often end up in your spam or junk folder, This plugin helps you sort that out. The default settings of this plugin can often be enough to solve your problem.\u003C\u002Fp>\n\u003Cp>When using the default PHP mailer in WordPress, especially on shared servers, emails will often be set to spam or junk by receiving email systems. This can be very frustrating and important notifications can be missed by you or your clients.\u003C\u002Fp>\n\u003Cp>Why does this happen? One problem is the “envelope sender” not being set, and many hosts will recommend that you install a plugin to set the “envelope sender”, this is the main purpose of this plugin.\u003C\u002Fp>\n\u003Cp>Along with setting the “envelope sender” this plugin also displays your Sender Permitted From (SPF) and checks your server IP is in the SPF record, if there is one.\u003C\u002Fp>\n\u003Cp>Optionally this plugin allows you to change the name and email address of the default WordPress notification email easily.\u003C\u002Fp>\n\u003Cp>If you use an SMTP email plugin or use an API based transactional email plugin, this plugin will add no value; it is built to support the default PHP mailer only.\u003C\u002Fp>\n\u003Ch4>PHP 8.0 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Checks email SPF health\u003C\u002Fli>\n\u003Cli>Checks if your IP is blacklisted\u003C\u002Fli>\n\u003Cli>Set envelope sender when missing\u003C\u002Fli>\n\u003Cli>Allows you to change the default WordPress sending email\u003C\u002Fli>\n\u003Cli>Allows you to change the default WordPress sending email name\u003C\u002Fli>\n\u003Cli>Allows you to set the sending email domain\u003C\u002Fli>\n\u003C\u002Ful>\n","Fixes WordPress emails going to spam\u002Fjunk folders. The default settings often resolve the issue.",10000,165353,96,51,"2025-12-15T13:14:00.000Z","4.8.1",[20,110,111,22,112],"envelope-sender","phpmail","spam","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-wp-emails-going-to-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-wp-emails-going-to-spam.2.2.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":103,"downloaded":123,"rating":75,"num_ratings":124,"last_updated":125,"tested_up_to":67,"requires_at_least":126,"requires_php":69,"tags":127,"homepage":130,"download_link":131,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":132,"fetched_at":31},"wpo365-msgraphmailer","WPO365 | MICROSOFT 365 GRAPH MAILER","4.2","Marco van Wieren","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpo365\u002F","\u003Cp>\u003Cstrong>WPO365 | MS GRAPH MAILER\u003C\u002Fstrong> provides you with a modern, reliable and efficient way to send WordPress transactional emails from one of your Microsoft 365 \u002F Exchange Online \u002F Mail enabled accounts.\u003C\u002Fp>\n\u003Cp>The plugin re-configures your WordPress website to send emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> instead of – for example – SMTP. Sending WordPress emails using the \u003Cstrong>Microsoft Graph API\u003C\u002Fstrong> has become the only available alternative after Microsoft has disabled basic authentication (username and password) over the SMTP protocol.\u003C\u002Fp>\n\u003Ch4>DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send WordPress transactional emails from one of your \u003Cstrong>Microsoft 365 Exchange Online \u002F Mail enabled accounts\u003C\u002Fstrong> using Microsoft Graph instead of – for example – SMTP.\u003C\u002Fli>\n\u003Cli>Choose between delegated (send mail as a user) and application-level (send mail as any user) type permissions.\u003C\u002Fli>\n\u003Cli>Or: Select either a Microsoft 365 account or a personal Microsoft account, like Hotmail.com or Outlook.com, to send WordPress emails.\u003C\u002Fli>\n\u003Cli>Or: Configure \u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002FExchange\u002Fpermissions-exo\u002Fapplication-rbac\" rel=\"nofollow ugc\">RBAC for Exchange Online\u003C\u002Fa> and authorize as an application but with a limited scope e.g. one specific mailbox.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS HTML\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails formatted as \u003Cstrong>HTML\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SAVE TO SENT ITEMS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Emails sent will be saved in the account’s mailbox in the \u003Cstrong>Sent Items\u003C\u002Fstrong> folder, further helping to track (successful) mail delivery.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send files from your WordPress website as \u003Cem>attachments\u003C\u002Fem>. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>See what matters, when it happens\u003C\u002Fstrong> Track key WPO365 events like sent emails with WPO365 Insights \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>CONFIGURATION \u002F TEST EMAIL DELIVERY\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy configuration with detailed step-by-step \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F141-send-email-using-microsoft-graph-mailer\" rel=\"nofollow ugc\">Getting started\u003C\u002Fa> guide and video.\u003C\u002Fli>\n\u003Cli>Send \u003Cem>test email\u003C\u002Fem> to recipients incl. CC, BCC and attachment.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1CK7Fl8f8iA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ADD FUNCTIONALITY WITH PREMIUM EXTENSIONS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The following features can be unlocked with the \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fdownloads\u002Fwpo365-mail\u002F\" rel=\"nofollow ugc\">WPO365 | MAIL\u003C\u002Fa> extension.\u003C\u002Fp>\n\u003Ch4>WPO365 INSIGHTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Get \u003Cstrong>WPO35 Alerts\u003C\u002Fstrong> in your inbox when email delivery is failing \u003Ca href=\"https:\u002F\u002Fdocs.wpo365.com\u002Farticle\u002F210-wpo365-insights\" rel=\"nofollow ugc\">more\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Auto-Retry\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Log every email\u003C\u002Fstrong> sent from your WordPress website, review errors and (automatically) try to send unsuccessfully \u003Cstrong>sent mails again\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>LARGE ATTACHMENTS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add support to send WordPress emails with \u003Cstrong>attachments larger than 3 MB\u003C\u002Fstrong> using Microsoft Graph.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS \u002F SEND ON BEHALF OF\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email \u003Cstrong>as \u002F on behalf of\u003C\u002Fstrong> another user or distribution list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SHARED MAILBOX\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send email from \u003Cstrong>Microsoft 365 Shared Mailbox\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>STAGING MODE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mail Staging Mode\u003C\u002Fstrong> is useful for debugging and staging environments. WordPress emails will be logged and saved in the database instead of being sent.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>DYNAMIC SEND-FROM\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Allow forms to \u003Cstrong>override “From”\u003C\u002Fstrong> address e.g allow Contact Form 7 to dynamically configure the account used to send the email from (requires application-level Mail.Send permissions).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>MAIL THROTTLE\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Throttle\u003C\u002Fstrong> the number of emails sent from your website per minute.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WP-CONFIG FOR AAD SECRETS\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Further improve overall security by choosing to store Azure Active Directory secrets in your WordPress WP-Config.php (on disk) and have those secrets removed from the database.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>SEND AS BCC\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Send emails \u003Cstrong>as BCC\u003C\u002Fstrong> instead and prevent reply-to-all mail pollution.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REPLY-TO\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configure a \u003Cstrong>default reply-to\u003C\u002Fstrong> mail address if this should differ from the account’s mail address that is used to send WordPress transactional emails from.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Prerequisites\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>We have tested our plugin with WordPress >= 5.0 and PHP >= 5.6.40.\u003C\u002Fli>\n\u003Cli>You need to be an Entra ID Tenant Administrator to configure both Azure Active Directory and the plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We will go to great length trying to support you if the plugin doesn’t work as expected. Go to our \u003Ca href=\"https:\u002F\u002Fwww.wpo365.com\u002Fhow-to-get-support\u002F\" rel=\"nofollow ugc\">Support Page\u003C\u002Fa> to get in touch with us. We haven’t been able to test our plugin in all endless possible WordPress configurations and versions so we are keen to hear from you and happy to learn!\u003C\u002Fp>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>We are keen to hear from you so share your feedback with us on \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fdownloads-by-van-wieren\" rel=\"nofollow ugc\">LinkedIn\u003C\u002Fa> and help us get better!\u003C\u002Fp>\n\u003Ch3>Open Source\u003C\u002Fh3>\n\u003Cp>When you’re a developer and interested in the code you should have a look at our repo over at \u003Ca href=\"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fwpo365-msgraphmailer\u002F\" rel=\"nofollow ugc\">WordPress\u003C\u002Fa>.\u003C\u002Fp>\n","Send WordPress emails from a M365 \u002F Exchange Online Mailbox using Microsoft Graph, leveraging OAuth for authentication which is more secure than SMTP",180605,37,"2025-12-07T21:56:00.000Z","5.0",[20,128,22,24,129],"microsoft","wp_mail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpo365-msgraphmailer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpo365-msgraphmailer.4.2.zip","2025-02-23 22:53:02",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":141,"downloaded":142,"rating":75,"num_ratings":143,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":18,"tags":147,"homepage":150,"download_link":151,"security_score":152,"vuln_count":28,"unpatched_count":29,"last_vuln_date":153,"fetched_at":31},"configure-smtp","Configure SMTP","3.5","Scott Reilly","https:\u002F\u002Fprofiles.wordpress.org\u002Fcoffee2code\u002F","\u003Cp>Configure SMTP mailing in WordPress, including support for sending email via SSL\u002FTLS (such as Gmail).\u003C\u002Fp>\n\u003Cp>This plugin is the official successor to the original SMTP plugin for WordPress (wpPHPMailer).\u003C\u002Fp>\n\u003Cp>Use this plugin to customize the SMTP mailing system used by default by WordPress to handle \u003Cem>outgoing\u003C\u002Fem> emails. It offers you the ability to specify:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>SMTP host name\u003C\u002Fli>\n\u003Cli>SMTP port number\u003C\u002Fli>\n\u003Cli>If SMTPAuth (authentication) should be used\u003C\u002Fli>\n\u003Cli>SMTP username\u003C\u002Fli>\n\u003Cli>SMTP password\u003C\u002Fli>\n\u003Cli>If the SMTP connection needs to occur over ssl or tls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, you can instead indicate that you wish to use Gmail to handle outgoing email, in which case the above settings are automatically configured to values appropriate for Gmail, though you’ll need to specify your Gmail email address (including the “@gmail.com”) and password.\u003C\u002Fp>\n\u003Cp>Regardless of whether SMTP is enabled, the plugin provides you the ability to define the name and email of the ‘From:’ field for all outgoing emails.\u003C\u002Fp>\n\u003Cp>A simple test button is also available that allows you to send a test email to yourself to check if sending email has been properly configured for your site.\u003C\u002Fp>\n\u003Cp>Links: \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fconfigure-smtp\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fconfigure-smtp\u002F\" rel=\"ugc\">Plugin Directory Page\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcoffee2code\u002Fconfigure-smtp\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fcoffee2code.com\" rel=\"nofollow ugc\">Author Homepage\u003C\u002Fa>\u003C\u002Fp>\n","Configure SMTP mailing in WordPress, including support for sending email via SSL\u002FTLS (such as Gmail).",7000,369145,45,"2024-07-22T22:30:00.000Z","6.5.8","5.5",[148,20,149,22,24],"coffee2code","gmail","https:\u002F\u002Fcoffee2code.com\u002Fwp-plugins\u002Fconfigure-smtp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconfigure-smtp.3.5.zip",92,"2024-02-26 00:00:00",{"attackSurface":155,"codeSignals":193,"taintFlows":234,"riskAssessment":288,"analyzedAt":299},{"hooks":156,"ajaxHandlers":189,"restRoutes":190,"shortcodes":191,"cronEvents":192,"entryPointCount":29,"unprotectedCount":29},[157,163,166,170,173,176,180,185],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_notices","maybe_show_normalized_notice","send-from.php",261,{"type":158,"name":164,"callback":160,"file":161,"line":165},"network_admin_notices",263,{"type":158,"name":167,"callback":168,"file":161,"line":169},"network_admin_menu","add_menu",267,{"type":158,"name":171,"callback":171,"file":161,"line":172},"admin_init",271,{"type":158,"name":174,"callback":168,"file":161,"line":175},"admin_menu",272,{"type":158,"name":177,"callback":178,"file":161,"line":179},"init","load_textdomain",275,{"type":181,"name":182,"callback":183,"file":161,"line":184},"filter","wp_mail_from","get_mail_from_address",282,{"type":181,"name":186,"callback":187,"file":161,"line":188},"wp_mail_from_name","get_mail_from_name",283,[],[],[],[],{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":197,"fileOperations":29,"externalRequests":29,"nonceChecks":231,"capabilityChecks":232,"bundledLibraries":233},[],{"prepared":29,"raw":29,"locations":196},[],{"escaped":198,"rawEcho":198,"locations":199},15,[200,203,205,207,209,211,213,215,217,219,221,223,225,227,229],{"file":161,"line":201,"context":202},348,"raw output",{"file":161,"line":204,"context":202},359,{"file":161,"line":206,"context":202},369,{"file":161,"line":208,"context":202},470,{"file":161,"line":210,"context":202},477,{"file":161,"line":212,"context":202},544,{"file":161,"line":214,"context":202},553,{"file":161,"line":216,"context":202},586,{"file":161,"line":218,"context":202},596,{"file":161,"line":220,"context":202},602,{"file":161,"line":222,"context":202},619,{"file":161,"line":224,"context":202},745,{"file":161,"line":226,"context":202},759,{"file":161,"line":228,"context":202},767,{"file":161,"line":230,"context":202},769,3,4,[],[235,254,273],{"entryPoint":236,"graph":237,"unsanitizedCount":29,"severity":253},"render_site_settings_screen (send-from.php:538)",{"nodes":238,"edges":250},[239,244],{"id":240,"type":241,"label":242,"file":161,"line":243},"n0","source","$_GET",565,{"id":245,"type":246,"label":247,"file":161,"line":248,"wp_function":249},"n1","sink","echo() [XSS]",566,"echo",[251],{"from":240,"to":245,"sanitized":252},true,"low",{"entryPoint":255,"graph":256,"unsanitizedCount":28,"severity":253},"handle_network_options_update (send-from.php:658)",{"nodes":257,"edges":269},[258,261,264],{"id":240,"type":241,"label":259,"file":161,"line":260},"$_POST",680,{"id":245,"type":262,"label":263,"file":161,"line":260},"transform","→ update_storage_option()",{"id":265,"type":246,"label":266,"file":161,"line":267,"wp_function":268},"n2","update_option() [Settings Manipulation]",129,"update_option",[270,272],{"from":240,"to":245,"sanitized":271},false,{"from":245,"to":265,"sanitized":271},{"entryPoint":274,"graph":275,"unsanitizedCount":28,"severity":253},"\u003Csend-from> (send-from.php:0)",{"nodes":276,"edges":284},[277,278,279,280,282],{"id":240,"type":241,"label":242,"file":161,"line":243},{"id":245,"type":246,"label":247,"file":161,"line":248,"wp_function":249},{"id":265,"type":241,"label":259,"file":161,"line":260},{"id":281,"type":262,"label":263,"file":161,"line":260},"n3",{"id":283,"type":246,"label":266,"file":161,"line":267,"wp_function":268},"n4",[285,286,287],{"from":240,"to":245,"sanitized":252},{"from":265,"to":281,"sanitized":271},{"from":281,"to":283,"sanitized":271},{"summary":289,"deductions":290},"The 'send-from' v2.5 plugin demonstrates a generally good security posture with several positive indicators. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant strength, suggesting a limited attack surface. The code also shows a strong commitment to secure database interactions, with 100% of SQL queries using prepared statements. Furthermore, the presence of nonce and capability checks indicates an awareness of WordPress security best practices for authentication and authorization.  However, the static analysis reveals a concerning area: 50% of output is not properly escaped. This, combined with taint analysis showing two flows with unsanitized paths, presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities, even if no critical or high severity taint flows were identified in this specific scan.\n\nThe plugin's vulnerability history, while showing no currently unpatched CVEs, includes one past vulnerability related to Cross-Site Scripting. The fact that the last vulnerability was recent (April 2025) and was an XSS issue, aligns with the concerns raised by the static analysis regarding unescaped output. This pattern suggests a recurring weakness in handling user-supplied data that could be rendered in the frontend.\n\nIn conclusion, 'send-from' v2.5 has a strong foundation in terms of attack surface management and secure database operations. The primary weakness lies in the incomplete output escaping, which, despite the absence of critical taint flows in this analysis, remains a notable risk due to the historical XSS vulnerability and the current static analysis findings. Addressing the unescaped outputs is crucial to mitigating potential XSS attacks.",[291,293,296],{"reason":292,"points":14},"Unescaped output found",{"reason":294,"points":295},"Unsanitized paths in taint flows",7,{"reason":297,"points":298},"Past XSS vulnerability",10,"2026-03-16T19:31:11.069Z",{"wat":301,"direct":310},{"assetPaths":302,"generatorPatterns":305,"scriptPaths":306,"versionParams":307},[303,304],"\u002Fwp-content\u002Fplugins\u002Fsend-from\u002Fcss\u002Fsend-from-admin.css","\u002Fwp-content\u002Fplugins\u002Fsend-from\u002Fjs\u002Fsend-from-admin.js",[],[304],[308,309],"send-from\u002Fcss\u002Fsend-from-admin.css?ver=","send-from\u002Fjs\u002Fsend-from-admin.js?ver=",{"cssClasses":311,"htmlComments":312,"htmlAttributes":313,"restEndpoints":314,"jsGlobals":315,"shortcodeOutput":317},[],[],[],[],[316],"send_from_admin_options",[]]