[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fATOl3ZgsKI9-FFdCbsmfQQ1C7v_phRFPoVjnWerN8_I":3,"$f3FQRneZUHuOFeHTGk1yPM0fi_twKKAAc4tj13_GX9_Q":173,"$fNhk1Fldlvldu-FdAenL4Sc9S7lhQd7qEW-xLOyz6uYE":178},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":129,"fingerprints":160},"upgrade-notification-by-email","Upgrade Notification by Email","0.4","kkarpieszuk","https:\u002F\u002Fprofiles.wordpress.org\u002Fkkarpieszuk\u002F","\u003Cp>This plugin is for you if you don’t look inside of your Admin Panel every day (for example you have tens of wordpress installations) but still want to have wordpress up to date. After installation plugin will check every day if newer version of wordpress is available and if yes, will send email to blog’s admin with notification.\u003C\u002Fp>\n","Sends daily notofication at admins' email if installation of Wordpress is out of date",10,3974,0,"2010-06-21T13:29:00.000Z","3.0.5","2.0.2","",[19,20,21,22],"mail","notification","security","upgrade","http:\u002F\u002Fwww.muzungu.pl\u002Fmoje-pluginy-do-wordpressa\u002Fupgrade-notification-by-email\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupgrade-notification-by-email.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":31,"trust_score":34,"computed_at":35},5,4030,88,92,"2026-05-20T04:13:20.572Z",[37,55,76,97,113],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":15,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":54},"update-notifier","Update Notifier","1.4.1","Jon Cave","https:\u002F\u002Fprofiles.wordpress.org\u002Fduck_\u002F","\u003Cp>If you don’t check your admin panel on your WordPress install very often (maybe because you prefer to use remote publishing) or you want to make sure\u003Cbr \u002F>\nthat your clients’ WordPress installations are updated, then this is the plugin for you. You don’t have to login to your admin panel regularly,\u003Cbr \u002F>\nsuscribe to an RSS feed, or do anything apart from installing this plugin to be notified when an update to WordPress is released.\u003C\u002Fp>\n\u003Cp>All you have to do is install Update Notifier and forget it until you receive an email telling you to update.\u003C\u002Fp>\n\u003Cp>To change Update Notifier’s options, go to Update Notifier under the main Settings menu. From there you can add a secondary email address\u003Cbr \u002F>\nwhich will also receive update notifications and you can activate update notifications for themes and plugins.\u003C\u002Fp>\n","Sends email notifications if a new version of WordPress available. Notifications about updates for plugins and themes can also be sent.",700,18185,"2010-09-20T12:13:00.000Z","3.0",[50,51,20,21,22],"admin","email","http:\u002F\u002Flionsgoroar.co.uk\u002Fwordpress\u002Fupdate-notifier\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notifier.1.4.1.zip","2026-04-16T10:56:18.058Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":65,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":54},"host-header-injection-fix","Host Header Injection Fix","3.5","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cp>👉 Enables custom headers for WP email notifications\u003C\u002Fp>\n\u003Cp>👉 Also provides a “set it and forget it” security fix for WP \u003C 5.5\u003C\u002Fp>\n\u003Cp>👉 Uses only 50KB of code, so super lightweight, fast, and effective\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As of WordPress 5.5, this plugin no longer is necessary to fix the \u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">host-header security issue\u003C\u002Fa> reported in \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">Ticket #25239\u003C\u002Fa> \u003Cstrong>finally\u003C\u002Fstrong> is fixed, and mentioned in this post \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fnews\u002F2020\u002F07\u002Fwordpress-5-5-beta-4\u002F\" rel=\"ugc\">WordPress 5.5 Beta 4\u003C\u002Fa>. Thank You WordPress devs!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is this plugin still useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Yes, it enables you to choose the “From”, “Name”, and “Return-Path” headers for all WP notification emails. And for versions of WordPress less than 5.5, this plugin continues to fix the host-header injection security issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This simple plugin does three things:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Sets custom From, Name, and Return-Path for WP notifications\u003C\u002Fli>\n\u003Cli>Fixes a security vulnerability in WordPress versions \u003C 5.5\u003C\u002Fli>\n\u003Cli>Fixes a bug where invalid email addresses may be generated (in WordPress versions \u003C 5.5)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Choose from the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use WordPress defaults (insecure for WP \u003C 5.5)\u003C\u002Fli>\n\u003Cli>Use “Email Address” from WP General Settings\u003C\u002Fli>\n\u003Cli>Use a custom name and address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Plus there is an option to use the specified From address as the Return-Path header.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The security issue fixed by this plugin has been known about since way back in WordPress version 2.3. There has been some talk about fixing, but nothing has been implemented. While the issue does not affect all sites, it does affect a good percentage of them, including some of my own projects. So, not wanting to get hacked, I decided to write my own solution. Hopefully this issue gets fixed in a future version of WordPress, and this plugin will become unnecessary.\u003C\u002Fp>\n\u003Cp>As a bonus, setting an explicit From address resolves a long-standing bug whereby an invalid email address is generated under the following conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A “From” address is not set, \u003C\u002Fli>\n\u003Cli>And the \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> is empty\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>So by explicitly setting a “From” address, we prevent this bug from happening.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Issue\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>What is the security issue addressed by this plugin? Follows is a quick summary. To learn more in-depth, check out the resources linked in the next section.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP uses \u003Ccode>$_SERVER['SERVER_NAME']\u003C\u002Fcode> to set the “From” header in email notifications\u003C\u002Fli>\n\u003Cli>This includes sensitive email notifications like password resets and user registration\u003C\u002Fli>\n\u003Cli>In some cases, an attacker could modify the “From” header and intercept the email\u003C\u002Fli>\n\u003Cli>Using the intercepted email, an attacker could gain access to your site and wreak havoc\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Infos\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This security vulnerability is well-known and has been around for a looong time. To learn more, check out these articles:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F25239\" rel=\"nofollow ugc\">WP Core Trac Ticket\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fexploitbox.io\u002Fvuln\u002FWordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html\" rel=\"nofollow ugc\">Exploit Box Info\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.exploit-db.com\u002Fexploits\u002F41963\" rel=\"nofollow ugc\">Exploit Database\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin does not collect or store any user data. It does not set any cookies, and it does not connect to any third-party locations. Thus, this plugin does not affect user privacy in any way.\u003C\u002Fp>\n\u003Cp>Host Header Injection Fix is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Sets custom headers for WP notification emails. Also fixes a security issue with WP versions \u003C 5.5.",500,25533,100,6,"2026-03-27T17:15:00.000Z","7.0","4.7","5.6.20",[51,72,73,20,21],"headers","injection","https:\u002F\u002Fperishablepress.com\u002Fhost-header-injection-fix\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-header-injection-fix.3.5.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":13,"num_ratings":13,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":94,"download_link":95,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":96},"enroll-via-ipn","Enroll via IPN Plugin","1.0.0.3","julius.uhrik","https:\u002F\u002Fprofiles.wordpress.org\u002Fjuliusuhrik\u002F","\u003Cp>This is the Enroll via IPN plugin. With this plugin you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Register sold products via PayPal IPN\u003C\u002Fli>\n\u003Cli>Create purchase followup email (with the download link for digital products)\u003C\u002Fli>\n\u003Cli>Allow the customers who purchased goods to opt-in for a product specific customer newsletter\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You DO NOT need a third party paid service or license to use this plugin.\u003C\u002Fp>\n","With Enroll via IPN you can send a follow up email to your paypal customer and let them opt-in into a product specific customer newsletter.",2116,"2012-05-03T19:11:00.000Z","3.3.2","3.3.1",[89,90,91,92,93],"customer-list","customer-newsletter","follow-up-email","paypal-ipn","upgrade-notification","http:\u002F\u002FEVI.brickmiracles.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenroll-via-ipn.zip","2026-03-15T15:16:48.613Z",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":13,"num_ratings":13,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":17,"tags":109,"homepage":111,"download_link":112,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":54},"second-factor","Second Factor","1.0","apokalyptik","https:\u002F\u002Fprofiles.wordpress.org\u002Fapokalyptik\u002F","\u003Cp>This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication.  The process goes like this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>A user logs into your blog.\n\u003Cul>\n\u003Cli>Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>The user gets the email with the code.\u003C\u002Fli>\n\u003Cli>The user then enters the code at the page which is now presented to them when they are trying to access your blog\n\u003Cul>\n\u003Cli>Behind the scenes the token is checked for validity, and a cookie is added to the users session.  They are now allowed access to your blog.  If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Require secondary authentication for registered user access",2030,"2010-11-18T22:29:00.000Z","3.1.4","3.0.1",[110],"authentication-security-email-login-notification-factor","http:\u002F\u002Fwordpress.org\u002F#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecond-factor.1.0.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":65,"num_ratings":122,"last_updated":123,"tested_up_to":124,"requires_at_least":48,"requires_php":125,"tags":126,"homepage":17,"download_link":128,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"update-notifier-telegram","Update Notifier Telegram","1.1.0","AleksHr","https:\u002F\u002Fprofiles.wordpress.org\u002Falekshr\u002F","\u003Cp>If you don’t check your admin panel very often when installing WordPress (perhaps because you prefer to use remote publishing) or want to make sure\u003Cbr \u002F>\nthat your clients ‘ WordPress installations are updated, then this plugin is for you. You don’t need to regularly log in to your admin panel,\u003Cbr \u002F>\nsubscribe to an RSS feed, or do anything other than install this plugin to receive notifications when WordPress updates, plugins, and themes are released to Telegram messenger.\u003C\u002Fp>\n\u003Cp>All you have to do is install the telegram Update Notifier and forget about it until you get a message about the required updates.\u003C\u002Fp>\n\u003Cp>To change the Update Notifier Telegram settings, go to the Update Notifier Telegram section in the main settings menu. From there, you can add a unique telegram ID\u003Cbr \u002F>\nthat you need to get by writing to the Telegram bot (https:\u002F\u002Ft.me\u002Fupdate_notifier_telegram_bot) . You can also activate update notifications for themes and plugins.\u003C\u002Fp>\n","Sends notifications to the administrator in Telegram if a new version of WordPress is available. You can also send notifications about available plugi &hellip;",1169,1,"2022-06-22T18:46:00.000Z","6.0.11","5.3",[50,20,21,127,22],"update","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupdate-notifier-telegram.zip",{"attackSurface":130,"codeSignals":144,"taintFlows":151,"riskAssessment":152,"analyzedAt":159},{"hooks":131,"ajaxHandlers":138,"restRoutes":139,"shortcodes":140,"cronEvents":141,"entryPointCount":13,"unprotectedCount":13},[132],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","wpu_my_daily_event","wpu_do_this_daily","upgrade-notification-by-email.php",35,[],[],[],[142],{"hook":134,"callback":134,"file":136,"line":143},31,{"dangerousFunctions":145,"sqlUsage":146,"outputEscaping":148,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":150},[],{"prepared":13,"raw":13,"locations":147},[],{"escaped":13,"rawEcho":13,"locations":149},[],[],[],{"summary":153,"deductions":154},"The \"upgrade-notification-by-email\" v0.4 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries without prepared statements, and unescaped output are all positive indicators. The plugin also shows no file operations or external HTTP requests, further reducing its attack surface. Importantly, there are no recorded vulnerabilities (CVEs) for this plugin, suggesting a history of stable and secure development.\n\nThe static analysis reveals a minimal attack surface with no unprotected entry points. The lack of AJAX handlers, REST API routes, or shortcodes that lack authentication or permission checks is a significant strength. The presence of a single cron event is noted, but without further information on its execution context, its security impact is difficult to assess definitively. Similarly, the absence of nonce and capability checks on the identified entry points is a potential area for concern, although with zero unprotected entry points, this might be a consequence of the limited attack surface rather than an oversight.\n\nOverall, the plugin appears to be well-coded from a security perspective, with a clear emphasis on secure coding practices and a clean vulnerability history. The primary areas for attention, albeit minor given the current analysis, would be to ensure robust security for the cron event and to verify the necessity and implementation of any potential nonce or capability checks if the attack surface were to expand in future versions. The current version, v0.4, seems secure.",[155,157],{"reason":156,"points":31},"No nonce checks",{"reason":158,"points":31},"No capability checks","2026-03-16T23:55:39.985Z",{"wat":161,"direct":166},{"assetPaths":162,"generatorPatterns":163,"scriptPaths":164,"versionParams":165},[],[],[],[],{"cssClasses":167,"htmlComments":168,"htmlAttributes":169,"restEndpoints":170,"jsGlobals":171,"shortcodeOutput":172},[],[],[],[],[],[],{"error":174,"url":175,"statusCode":176,"statusMessage":177,"message":177},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fupgrade-notification-by-email\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":122,"versions":179},[180],{"version":181,"download_url":182,"svn_tag_url":183,"released_at":26,"has_diff":184,"diff_files_changed":185,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":186,"is_current":184},"0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fupgrade-notification-by-email.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fupgrade-notification-by-email\u002Ftags\u002F0.2\u002F",false,[],[]]