[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fy660-74kZPHq73eVakTeTdAyjrOwhLYuRrqL0JbE_Eo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":16,"tags":18,"homepage":16,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":47,"crawl_stats":36,"alternatives":51,"analysis":154,"fingerprints":241},"user-domain-whitelist","User Domain Whitelist","v1.5.1","Warren Harrison","https:\u002F\u002Fprofiles.wordpress.org\u002Fhungrymedia\u002F","\u003Cp>The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list below OR prevents registrants with an email address from the domain black list below from registering. For example, \u003Cem>hortense@example.com\u003C\u002Fem> would only be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain white list. Conversely,  \u003Cem>hortense@example.com\u003C\u002Fem> would \u003Cstrong>not\u003C\u002Fstrong> be allowed to register if \u003Cem>example.com\u003C\u002Fem> appeared in the domain black list. Anyone attempting to register using an email address outside the white list or inside te black list will receive the error message below.Anyone attempting to register using an email address outside the white list will receive an error message. Both the domain whitelist and the error message can be modified via the plugin options page (available under the Settings menu).\u003C\u002Fp>\n","The User Domain Whitelist\u002FBlacklist plugin limits user registration to only registrants with an email address from the domain white list provided by t …",300,13738,82,9,"2017-12-25T21:53:00.000Z","","2.8.2",[19,20,21,22,23],"blacklist","domain","email-address","registration","whitelist","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-domain-whitelist.zip",84,1,0,"2014-02-22 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2014-10381","user-domain-whitelist-cross-site-request-forgery","User Domain Whitelist \u003C= 1.4 - Cross-Site Request Forgery","The User Domain Whitelist plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,  1.4. This is due to missing or incorrect nonce validation on the displayAdminPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C1.5","1.5","high",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F82df7569-919a-4f95-b0e2-f866133771eb?source=api-prod",3622,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":46,"trust_score":49,"computed_at":50},"hungrymedia",68,"2026-04-05T03:02:51.583Z",[52,71,90,110,134],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":16,"tags":67,"homepage":16,"download_link":69,"security_score":70,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"blacklist-whitelist-domains","Blacklist & Whitelist Domains for Registration","1.0","codicone","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodicone\u002F","\u003Cp>The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access to your site but also creates a log. The log helps to create new blacklist entries. The increase in your blacklist entries means a decrease in spam and security threats. So it is a great safety measure to start with.\u003C\u002Fp>\n\u003Cp>It is a very handy plugin that you can add to your WordPress site for added security. It helps you to tailor your preferences about which email addresses you want to allow for registration on your site.\u003C\u002Fp>\n\u003Cp>You can create a list of all email addresses or email domains that you wish to receive registrations. On the other hand, you can add a list for blacklist domains to not allow any registration from specific domains. Blacklisting is time-saving because most of the time you have already figured where the spam comes from. So you close those doors already. It is relatively safe also because you are not risking anything prospective.\u003C\u002Fp>\n\u003Ch4>Compatible With\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WooCommerce\u003C\u002Fli>\n\u003Cli>bbpress\u003C\u002Fli>\n\u003Cli>buddypress\u003C\u002Fli>\n\u003Cli>Profile Builder\u003C\u002Fli>\n\u003Cli>WP User Frontend\u003C\u002Fli>\n\u003Cli>User Registration\u003C\u002Fli>\n\u003Cli>Ultimate member\u003C\u002Fli>\n\u003C\u002Ful>\n","The whitelist\u002Fblacklist plugin gives you a strong layer of security for your website because not only does the plugin limits unauthorized user access  …",40,1681,60,2,"2021-12-15T18:33:00.000Z","5.8.13","4.0",[19,20,68,22,23],"email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-whitelist-domains.1.0.zip",85,{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":27,"downloaded":79,"rating":80,"num_ratings":26,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":16,"tags":84,"homepage":16,"download_link":89,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"restusre-restrict-users-registration","Restrict Users Registration by EmailVerifierPro.app","1.0.1","Tuhin Bhuiyan","https:\u002F\u002Fprofiles.wordpress.org\u002Ftuhinbhuiyan\u002F","\u003Cp>\u003Cstrong>Restrict Users Registration by EmailVerifierPro.app\u003C\u002Fstrong> is a powerful plugin to help you control who can register on your WordPress site. Block disposable, blacklisted, or suspicious emails and domains, prevent duplicate IP signups, and connect to Third Party API for real-time email validation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Email Blacklist: Block specific email addresses from registering.\u003C\u002Fli>\n\u003Cli>Domain Blacklist: Block entire email domains (e.g., @tempmail.com).\u003C\u002Fli>\n\u003Cli>API Integration: Connect to your own EmailVerifierPro.app \u002F VerifyEmail.app instance for advanced email validation.\u003C\u002Fli>\n\u003Cli>Prevent Duplicate IP Signups: Block multiple registrations from the same IP.\u003C\u002Fli>\n\u003Cli>Invalid Email Retry Limit: Automatically blacklist emails after repeated invalid attempts.\u003C\u002Fli>\n\u003Cli>Debug Logging: Enable for troubleshooting (not recommended in production).\u003C\u002Fli>\n\u003Cli>Delete All Data on Deactivation: Optionally remove all plugin data when deactivating.\u003C\u002Fli>\n\u003Cli>Admin Activity Log: View recent signup attempts and actions.\u003C\u002Fli>\n\u003Cli>AJAX-powered admin interface for fast, modern management.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support or questions, contact:\u003Cbr \u002F>\n– info@emailverifierpro.app\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Tuhin Bhuiyan (https:\u002F\u002Ftuhin.dev)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software, released under the GPLv2 or later.\u003C\u002Fp>\n","Easily control who can register. Block bad emails\u002Fdomains, prevent duplicate IPs, and real-time email validation during signup.",322,100,"2026-02-24T04:15:00.000Z","6.8.5","5.0",[85,86,87,22,88],"domain-blacklist","email-blacklist","email-verification","spam-prevention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestusre-restrict-users-registration.1.0.1.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":27,"downloaded":98,"rating":80,"num_ratings":63,"last_updated":99,"tested_up_to":100,"requires_at_least":83,"requires_php":101,"tags":102,"homepage":107,"download_link":108,"security_score":109,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"secure-signups","Secure Signups","1.0.3","daffodilweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaffodilweb\u002F","\u003Cp>\u003Cstrong>Secure Signups: Strengthen Your WordPress User Registration with Domain Whitelisting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Secure Signups is a powerful WordPress plugin designed to enhance your site’s security by restricting user registrations to approved domain emails. Perfect for preventing spam, this plugin allows administrators to easily manage a whitelist of domains directly from the admin panel. Effortlessly add, update, and toggle domain statuses to control who can sign up.\u003C\u002Fp>\n\u003Cp>With Secure Signups, you can customize messages displayed during registration, ensuring clear communication with prospective users. The plugin also offers straightforward activation and deactivation, giving you seamless control over its functionality at any time.\u003C\u002Fp>\n\u003Cp>Protect your WordPress site from unwanted registrations by whitelisting trusted domains with Secure Signups. Say goodbye to spam and enjoy a more secure user registration process.\u003C\u002Fp>\n\u003Ch3>Secure Signups\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Domain-Based Registration: Enable registration solely for email addresses associated with specified domains.\u003C\u002Fli>\n\u003Cli>Admin Panel Management: Easily add, update, and toggle the status (active\u002Finactive) of approved domain lists.\u003C\u002Fli>\n\u003Cli>Customizable Messages: Configure personalized messages to be displayed during the registration process.\u003C\u002Fli>\n\u003Cli>Plugin Control: Manage plugin functionality directly from the Plugins settings.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Option: Control the operational status of the plugin with a simple toggle while installed on your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure Signups helps to filter user registrations based on email domain, enabling a secure and controlled signup process.",1536,"2024-06-20T05:16:00.000Z","6.5.8","7.3",[103,104,91,105,106],"anti-spam","domain-whitelisting","user-registration","wordpress-security","https:\u002F\u002Fdaffodilweb.com\u002Fsecure-signups.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-signups.1.0.3.zip",92,{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":120,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":132,"download_link":133,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"customer-email-verification-for-woocommerce","Customer Email Verification for WooCommerce","2.6.9","Zorem","https:\u002F\u002Fprofiles.wordpress.org\u002Fzorem\u002F","\u003Cp>Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🔑 OTP-Based Email Verification:\u003C\u002Fstrong> Customers must verify their email with an OTP before completing registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📩 Email Verification Popup:\u003C\u002Fstrong> The verification popup appears instantly after entering an email address and clicking the verify button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>❌ No Account Creation Without Verification:\u003C\u002Fstrong> Users cannot create an account unless they verify their email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Verification Popup:\u003C\u002Fstrong> Modify the popup’s design and messages to match your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✉️ Customizable Verification Email:\u003C\u002Fstrong> Customize the OTP email template, subject, and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Resend OTP Option:\u003C\u002Fstrong> Customers can resend the OTP if they didn’t receive the initial email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Admin Verification Control:\u003C\u002Fstrong> View and manage email verification statuses from the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔓 Role-Based Verification Skipping:\u003C\u002Fstrong> Skip email verification for selected user roles. Redirect users to any page after successful email verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Customer Email Verification for WooCommerce is built to integrate smoothly with plugins that follow WooCommerce’s standard registration and checkout templates. It also works with various social media login plugins, providing flexibility and convenience for users.\u003C\u002Fp>\n\u003Cp>The following plugins have been tested and confirmed to be fully compatible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout WC\u003C\u002Fli>\n\u003Cli>WooCommerce Social Login\u003C\u002Fli>\n\u003Cli>Nextend Social Login and Register\u003C\u002Fli>\n\u003Cli>WooCommerce Memberships\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Funnel Builder by CartFlows\u003C\u002Fli>\n\u003Cli>Affiliate For WooCommerce\u003C\u002Fli>\n\u003Cli>Smart Manager\u003C\u002Fli>\n\u003Cli>Cashier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a complete list of compatible plugins and more details, please visit our \u003Ca href=\"https:\u002F\u002Fdocs.zorem.com\u002Fdocs\u002Fcustomer-email-verification-pro\u002Fcompatibility\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We also offer a Pro version!\u003C\u002Fh3>\n\u003Ch3>Customer Email Verification PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>📦 OTP Verification for Checkout:\u003C\u002Fstrong> Enforce email verification for guest users before completing a purchase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛍️ Enable Checkout Verification:\u003C\u002Fstrong> Choose to verify emails on the cart page or only for free orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔢 OTP Length Customization:\u003C\u002Fstrong> Select between 4-digit or 6-digit OTP codes for verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⏳ OTP Expiration Control:\u003C\u002Fstrong> Set expiration time for OTPs (e.g., 72 hours) to enhance security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Verification Email Resend Limit:\u003C\u002Fstrong> Restrict the number of OTP resend attempts to prevent abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Login Authentication Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Notify users when they log in from a new device or browser.\u003C\u002Fli>\n\u003Cli>Require OTP verification for logins from an unrecognized device, location, or after a set period.\u003C\u002Fli>\n\u003Cli>Define specific conditions for unrecognized logins, such as logging in from a new device or a location not used before.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Advanced Customization:\u003C\u002Fstrong> More control over email templates and verification popups.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fcustomer-email-verification\u002F\" rel=\"nofollow ugc\">Get CEV PRO >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other Plugins by zorem\u003C\u002Fh3>\n\u003Cp>Optimize your WooCommerce store with our plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fwoocommerce-advanced-shipment-tracking\u002F\" rel=\"nofollow ugc\">Advanced Shipment Tracking Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-local-pickup-pro\u002F\" rel=\"nofollow ugc\">Zorem Local Pickup Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsms-for-woocommerce\u002F\" rel=\"nofollow ugc\">SMS for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fcountry-based-restriction-for-woocommerce\u002F\" rel=\"nofollow ugc\">Country Based Restriction for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsales-by-country-for-woocommerce\u002F\" rel=\"nofollow ugc\">Sales By Country for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-returns\u002F\" rel=\"nofollow ugc\">Zorem Returns\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Femail-reports-for-woocommerce\u002F\" rel=\"nofollow ugc\">Email Reports for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fview-as-customer-for-woocommerce\u002F\" rel=\"nofollow ugc\">View as Customer for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore more at \u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002F\" rel=\"nofollow ugc\">zorem.com\u003C\u002Fa>\u003C\u002Fp>\n","Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.",2000,62784,88,19,"2026-02-17T05:37:00.000Z","6.9.4","5.3","7.2",[127,128,129,130,131],"customer-verification","email-address-verification","registration-verification","woocommerce","woocommerce-signup-spam","https:\u002F\u002Fwww.zorem.com\u002Fproducts\u002Fcustomer-email-verification-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-email-verification-for-woocommerce.2.6.9.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":13,"num_ratings":14,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":16,"tags":147,"homepage":152,"download_link":153,"security_score":109,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"gf-block-email-domains","Gravity Forms Block Email Domains","1.0.2","GravityKit","https:\u002F\u002Fprofiles.wordpress.org\u002Fgravityview\u002F","\u003Cp>Gravity Forms Block Email Domains is an add-on plugin for Gravity Forms that allows you to define a comma separated list of email domains to block on each email field. Custom validation messages can be set as well. Blocked email domains will prevent the form from being submitted and prompt the user to enter a non-blocked email address.\u003C\u002Fp>\n","Easily set a list of email domains to block on email fields in Gravity Forms.",1000,10966,"2024-11-05T03:30:00.000Z","6.7.5","5.0.0",[19,148,149,150,151],"block-domain","block-email","blocklist","gravity-forms","http:\u002F\u002Froadwarriorcreative.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgf-block-email-domains.1.0.2.zip",{"attackSurface":155,"codeSignals":184,"taintFlows":206,"riskAssessment":232,"analyzedAt":240},{"hooks":156,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":183,"entryPointCount":27,"unprotectedCount":27},[157,163,167,171,176],{"type":158,"name":159,"callback":160,"file":161,"line":162},"action","admin_menu","HMUserDomainWhitelist_op","user-domain-whitelist.php",179,{"type":158,"name":164,"callback":165,"file":161,"line":166},"admin_init","register_hmUDWsettings",181,{"type":158,"name":168,"callback":169,"file":161,"line":170},"user-domain-whitelist\u002Fuser-domain-whitelist.php","init",188,{"type":158,"name":172,"callback":173,"priority":174,"file":161,"line":175},"register_post","validateEmailAddress",10,189,{"type":158,"name":177,"callback":178,"file":161,"line":179},"plugins_loaded","admin_menu_hmUDW",190,[],[],[],[],{"dangerousFunctions":185,"sqlUsage":186,"outputEscaping":188,"fileOperations":27,"externalRequests":27,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":205},[],{"prepared":27,"raw":27,"locations":187},[],{"escaped":27,"rawEcho":189,"locations":190},7,[191,193,195,197,199,201,203],{"file":161,"line":13,"context":192},"raw output",{"file":161,"line":194,"context":192},94,{"file":161,"line":196,"context":192},95,{"file":161,"line":198,"context":192},97,{"file":161,"line":200,"context":192},99,{"file":161,"line":202,"context":192},101,{"file":161,"line":204,"context":192},103,[],[207,224],{"entryPoint":208,"graph":209,"unsanitizedCount":27,"severity":223},"displayAdminPage (user-domain-whitelist.php:48)",{"nodes":210,"edges":220},[211,215],{"id":212,"type":213,"label":214,"file":161,"line":13},"n0","source","$_SERVER['REQUEST_URI']",{"id":216,"type":217,"label":218,"file":161,"line":13,"wp_function":219},"n1","sink","echo() [XSS]","echo",[221],{"from":212,"to":216,"sanitized":222},true,"low",{"entryPoint":225,"graph":226,"unsanitizedCount":27,"severity":223},"\u003Cuser-domain-whitelist> (user-domain-whitelist.php:0)",{"nodes":227,"edges":230},[228,229],{"id":212,"type":213,"label":214,"file":161,"line":13},{"id":216,"type":217,"label":218,"file":161,"line":13,"wp_function":219},[231],{"from":212,"to":216,"sanitized":222},{"summary":233,"deductions":234},"The 'user-domain-whitelist' plugin version 1.5.1 exhibits a generally positive security posture based on static analysis, with no identified dangerous functions, SQL injection vulnerabilities, or unsanitized taint flows. The plugin also demonstrates good practices by utilizing prepared statements for all SQL queries and incorporating nonce and capability checks. The attack surface appears to be minimal, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.\n\nHowever, a significant concern arises from the output escaping analysis, where 100% of the identified outputs are not properly escaped. This lack of escaping could lead to Cross-Site Scripting (XSS) vulnerabilities if any user-controlled data is displayed directly in the output without sanitization. The vulnerability history, while showing no currently unpatched CVEs, indicates a past high-severity vulnerability, specifically a Cross-Site Request Forgery (CSRF), in 2014. While this vulnerability is old and likely patched in the analyzed version, it suggests a potential for past security oversights and highlights the importance of continuous security review and updates.\n\nIn conclusion, the plugin has strengths in its controlled attack surface and secure data handling for SQL. The primary weakness is the complete lack of output escaping, posing an XSS risk. The historical CSRF vulnerability, though dated, serves as a reminder that even seemingly secure plugins can have exploitable flaws. Further investigation into how outputs are generated and if user input is involved is crucial.",[235,238],{"reason":236,"points":237},"0% of outputs properly escaped",8,{"reason":239,"points":174},"Past high severity CVE (CSRF)","2026-03-16T19:59:48.517Z",{"wat":242,"direct":248},{"assetPaths":243,"generatorPatterns":245,"scriptPaths":246,"versionParams":247},[244],"\u002Fwp-content\u002Fplugins\u002Fuser-domain-whitelist\u002Fuser-domain-whitelist.php",[],[],[],{"cssClasses":249,"htmlComments":251,"htmlAttributes":252,"restEndpoints":257,"jsGlobals":258,"shortcodeOutput":259},[250],"domain-list",[],[253,254,255,256],"name=\"domain_whitelist\"","name=\"domain_blacklist\"","name=\"bad_domain_message\"","name=\"update_HMUserDomainWhitelist\"",[],[],[]]