[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSgSPByFTXFWSJ1NIRORkjo7V8m1mG3HSZMwEFgcn4iI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":278},"send-link-to-friend","Send link to friend","12.4","gopiplus","https:\u002F\u002Fprofiles.wordpress.org\u002Fgopiplus\u002F","\u003Cp>If user thought the content is useful to their friend, they can use this form to send the URL instead of copy and paste the URL into email.\u003C\u002Fp>\n\u003Cp>Check official website for live demo \u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F\" rel=\"nofollow ugc\">Live demo\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F\" rel=\"nofollow ugc\">More Description\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F\" rel=\"nofollow ugc\">Suggenstion\u002Fcomments\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Send link to friend WordPress plugin will create a simple form in the website to send the URL. If user thought the content is useful to their friend, they can use this form to send the URL instead of copy and paste the URL into email. This form have the option to enter the email address and small description text box. the URL of the page automatically added into the email. also we have captcha option in the form to protect the spam mails. there are three ways to implement the form into the website.\u003C\u002Fp>\n\u003Ch4>Feature of the plugin\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Simple.  \u003C\u002Fli>\n\u003Cli>Admin can choose which page this plugin should display.  \u003C\u002Fli>\n\u003Cli>Easy style-override.\u003C\u002Fli>\n\u003Cli>Widgets, so you can add pretty much anything.\u003C\u002Fli>\n\u003Cli>Easy installation.\u003C\u002Fli>\n\u003Cli>Ajax, Thus no page refresh.\u003C\u002Fli>\n\u003Cli>reCaptcha option.\u003C\u002Fli>\n\u003Cli>Option to add the form into pages\u002Fposts\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (en_EN) – \u003Ca href=\"http:\u002F\u002Fwww.gopiplus.com\u002F\" rel=\"nofollow ugc\">Gopi Ramasamy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Polish (pl_PL) – \u003Ca href=\"https:\u002F\u002Fwww.couponmachine.in\u002F\" rel=\"nofollow ugc\">Abdul Sattar\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","If user think the content is useful to their friend, they can use this form to send the URL instead of copy and paste the URL into email.",400,43269,0,"2022-12-01T16:24:00.000Z","6.1.10","3.4","",[19,4,20],"email-to-friend","send-to-friend","http:\u002F\u002Fwww.gopiplus.com\u002Fwork\u002F2010\u002F07\u002F18\u002Fsend-link-to-friend\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsend-link-to-friend.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},52,19110,83,70,76,"2026-04-05T04:34:36.670Z",[],{"attackSurface":36,"codeSignals":74,"taintFlows":153,"riskAssessment":265,"analyzedAt":277},{"hooks":37,"ajaxHandlers":57,"restRoutes":66,"shortcodes":67,"cronEvents":71,"entryPointCount":72,"unprotectedCount":73},[38,44,48,52],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_menu","gSendtofriend_add_to_menu","send-link-to-friend.php",727,{"type":39,"name":45,"callback":46,"file":42,"line":47},"widgets_init","gSendtofriend_widget_loading",728,{"type":39,"name":49,"callback":50,"file":42,"line":51},"wp_enqueue_scripts","gSendtofriend_load_scripts_front",733,{"type":53,"name":54,"callback":55,"file":42,"line":56},"filter","wp_head","gSendtofriend_load_style_front",734,[58,63],{"action":59,"nopriv":60,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":42,"line":62},"send_link_to_friend",false,"gSendtofriend_process_send",736,{"action":59,"nopriv":64,"callback":61,"hasNonce":60,"hasCapCheck":60,"file":42,"line":65},true,737,[],[68],{"tag":4,"callback":69,"file":42,"line":70},"gSendtofriend_shortcode",725,[],3,2,{"dangerousFunctions":75,"sqlUsage":76,"outputEscaping":78,"fileOperations":150,"externalRequests":13,"nonceChecks":151,"capabilityChecks":13,"bundledLibraries":152},[],{"prepared":13,"raw":13,"locations":77},[],{"escaped":79,"rawEcho":80,"locations":81},9,37,[82,85,87,89,91,93,95,97,99,101,103,105,107,108,109,111,113,114,115,117,119,120,122,124,125,127,129,130,132,134,136,138,140,142,144,146,148],{"file":42,"line":83,"context":84},112,"raw output",{"file":42,"line":86,"context":84},113,{"file":42,"line":88,"context":84},123,{"file":42,"line":90,"context":84},133,{"file":42,"line":92,"context":84},252,{"file":42,"line":94,"context":84},261,{"file":42,"line":96,"context":84},290,{"file":42,"line":98,"context":84},340,{"file":42,"line":100,"context":84},343,{"file":42,"line":102,"context":84},356,{"file":42,"line":104,"context":84},387,{"file":42,"line":106,"context":84},388,{"file":42,"line":106,"context":84},{"file":42,"line":106,"context":84},{"file":42,"line":110,"context":84},391,{"file":42,"line":112,"context":84},392,{"file":42,"line":112,"context":84},{"file":42,"line":112,"context":84},{"file":42,"line":116,"context":84},395,{"file":42,"line":118,"context":84},396,{"file":42,"line":118,"context":84},{"file":42,"line":121,"context":84},402,{"file":42,"line":123,"context":84},403,{"file":42,"line":123,"context":84},{"file":42,"line":126,"context":84},409,{"file":42,"line":128,"context":84},410,{"file":42,"line":128,"context":84},{"file":42,"line":131,"context":84},533,{"file":42,"line":133,"context":84},535,{"file":42,"line":135,"context":84},536,{"file":42,"line":137,"context":84},545,{"file":42,"line":139,"context":84},546,{"file":42,"line":141,"context":84},548,{"file":42,"line":143,"context":84},550,{"file":42,"line":145,"context":84},551,{"file":42,"line":147,"context":84},553,{"file":42,"line":149,"context":84},703,1,4,[],[154,171,183,202,213,228,242],{"entryPoint":155,"graph":156,"unsanitizedCount":150,"severity":170},"gSendtofriend_form (send-link-to-friend.php:498)",{"nodes":157,"edges":168},[158,163],{"id":159,"type":160,"label":161,"file":42,"line":162},"n0","source","$_SERVER",518,{"id":164,"type":165,"label":166,"file":42,"line":143,"wp_function":167},"n1","sink","echo() [XSS]","echo",[169],{"from":159,"to":164,"sanitized":60},"medium",{"entryPoint":172,"graph":173,"unsanitizedCount":150,"severity":170},"gSendtofriend_process_send (send-link-to-friend.php:583)",{"nodes":174,"edges":181},[175,178],{"id":159,"type":160,"label":176,"file":42,"line":177},"$_POST['sltf_g-recaptcha-response']",590,{"id":164,"type":165,"label":179,"file":42,"line":177,"wp_function":180},"file_get_contents() [SSRF\u002FLFI]","file_get_contents",[182],{"from":159,"to":164,"sanitized":60},{"entryPoint":184,"graph":185,"unsanitizedCount":13,"severity":201},"gSendtofriend_mail_setting (send-link-to-friend.php:86)",{"nodes":186,"edges":198},[187,190,194,196],{"id":159,"type":160,"label":188,"file":42,"line":189},"$_POST (x4)",96,{"id":164,"type":165,"label":191,"file":42,"line":192,"wp_function":193},"update_option() [Settings Manipulation]",101,"update_option",{"id":195,"type":160,"label":188,"file":42,"line":189},"n2",{"id":197,"type":165,"label":166,"file":42,"line":83,"wp_function":167},"n3",[199,200],{"from":159,"to":164,"sanitized":64},{"from":195,"to":197,"sanitized":64},"low",{"entryPoint":203,"graph":204,"unsanitizedCount":13,"severity":201},"gSendtofriend_display_setting (send-link-to-friend.php:141)",{"nodes":205,"edges":211},[206,209],{"id":159,"type":160,"label":207,"file":42,"line":208},"$_POST (x3)",150,{"id":164,"type":165,"label":191,"file":42,"line":210,"wp_function":193},158,[212],{"from":159,"to":164,"sanitized":64},{"entryPoint":214,"graph":215,"unsanitizedCount":13,"severity":201},"gSendtofriend_recaptcha_setting (send-link-to-friend.php:202)",{"nodes":216,"edges":225},[217,219,221,224],{"id":159,"type":160,"label":207,"file":42,"line":218},222,{"id":164,"type":165,"label":191,"file":42,"line":220,"wp_function":193},226,{"id":195,"type":160,"label":222,"file":42,"line":223},"$_POST (x2)",223,{"id":197,"type":165,"label":166,"file":42,"line":92,"wp_function":167},[226,227],{"from":159,"to":164,"sanitized":64},{"from":195,"to":197,"sanitized":64},{"entryPoint":229,"graph":230,"unsanitizedCount":13,"severity":201},"gSendtofriend_message_setting (send-link-to-friend.php:268)",{"nodes":231,"edges":239},[232,235,237,238],{"id":159,"type":160,"label":233,"file":42,"line":234},"$_POST",278,{"id":164,"type":165,"label":191,"file":42,"line":236,"wp_function":193},279,{"id":195,"type":160,"label":233,"file":42,"line":234},{"id":197,"type":165,"label":166,"file":42,"line":96,"wp_function":167},[240,241],{"from":159,"to":164,"sanitized":64},{"from":195,"to":197,"sanitized":64},{"entryPoint":243,"graph":244,"unsanitizedCount":13,"severity":201},"\u003Csend-link-to-friend> (send-link-to-friend.php:0)",{"nodes":245,"edges":260},[246,248,249,251,252,254,256,258],{"id":159,"type":160,"label":247,"file":42,"line":189},"$_POST (x11)",{"id":164,"type":165,"label":191,"file":42,"line":192,"wp_function":193},{"id":195,"type":160,"label":250,"file":42,"line":189},"$_POST (x7)",{"id":197,"type":165,"label":166,"file":42,"line":83,"wp_function":167},{"id":253,"type":160,"label":161,"file":42,"line":162},"n4",{"id":255,"type":165,"label":166,"file":42,"line":143,"wp_function":167},"n5",{"id":257,"type":160,"label":176,"file":42,"line":177},"n6",{"id":259,"type":165,"label":179,"file":42,"line":177,"wp_function":180},"n7",[261,262,263,264],{"from":159,"to":164,"sanitized":64},{"from":195,"to":197,"sanitized":64},{"from":253,"to":255,"sanitized":64},{"from":257,"to":259,"sanitized":64},{"summary":266,"deductions":267},"The 'send-link-to-friend' plugin version 12.4 exhibits a mixed security posture. While it demonstrates good practices like using prepared statements for all SQL queries and having no recorded vulnerability history, there are significant concerns regarding its attack surface and output escaping. The presence of two AJAX handlers without authentication checks presents a direct entry point for potential attacks, especially if these handlers perform sensitive operations. Furthermore, the low percentage of properly escaped output (20%) suggests a high risk of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the site. The taint analysis, while not revealing critical or high severity issues, did identify unsanitized paths, which warrants attention. In conclusion, the plugin's lack of historical vulnerabilities is a positive sign, but the identified code weaknesses in handling AJAX requests and output escaping create notable security risks that should be addressed.",[268,271,274],{"reason":269,"points":270},"AJAX handlers without auth checks",10,{"reason":272,"points":273},"Low percentage of properly escaped output",8,{"reason":275,"points":276},"Flows with unsanitized paths",5,"2026-03-16T19:42:59.210Z",{"wat":279,"direct":288},{"assetPaths":280,"generatorPatterns":283,"scriptPaths":284,"versionParams":285},[281,282],"\u002Fwp-content\u002Fplugins\u002Fsend-link-to-friend\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fsend-link-to-friend\u002Fjs\u002Fsend-link-to-friend.js",[],[282],[286,287],"send-link-to-friend\u002Fcss\u002Fstyle.css?ver=","send-link-to-friend\u002Fjs\u002Fsend-link-to-friend.js?ver=",{"cssClasses":289,"htmlComments":291,"htmlAttributes":292,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":311},[290],"gSendtofriend",[],[293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308],"gSendtofriend_form_submit","gSendtofriend_submit","gSendtofriend_fromname","gSendtofriend_fromemail","gSendtofriend_mailcontent","gSendtofriend_subject","gSendtofriend_On_Homepage","gSendtofriend_On_Posts","gSendtofriend_On_Pages","gSendtofriend_recaptcha_publickey","gSendtofriend_recaptcha_privatekey","gSendtofriend_recaptcha_display","gSendtofriend_success_message","gSendtofriend_error_message","gSendtofriend_mail_fail_message","gSendtofriend_mail_success_message",[],[],[]]