[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWcIQfFL918zxc57M7Qbwn6ye6TMEy7t3jYrIllBUvUM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":39,"analysis":150,"fingerprints":331},"wl-email-encrypter","wL Email Encrypter","1.0.5","Art4","https:\u002F\u002Fprofiles.wordpress.org\u002Fwlabs\u002F","\u003Cp>wL Email Encrypter scans pages, articles, comments or RSS feeds for email addresses and encrypts them using JavaScript or replacing the \u003Ccode>@\u003C\u002Fcode> signs with your own text like \u003Ccode>[at]\u003C\u002Fcode>. This allows bots and other email-collectors do not recognize and save the emails.\u003C\u002Fp>\n\u003Cp>A visitor who has not activated JavaScript, gets displayed a userdefined message about it.\u003C\u002Fp>\n\u003Cp>If an user is logged in, the emails won’t be encrypted.\u003C\u002Fp>\n\u003Cp>The protect method can be set separately for posts, comments and rss feeds. For example, RSS Feeds should not include JavaScript, so there should prefer the \u003Ccode>@\u003C\u002Fcode> sign to be replaced.\u003C\u002Fp>\n\u003Cp>wL Email Encrypter also recognizes with \u003Ccode>mailto:\u003C\u002Fcode> email addresses linked with subject information and others, and protect this information also.\u003C\u002Fp>\n\u003Cp>There is a meta box for page-specific settings in the administration, in which a specific protection can be selected or disabled.\u003C\u002Fp>\n\u003Cp>Take a look at the screenshots to find out more.\u003C\u002Fp>\n","This plugin encrypted e-mail addresses to protect and hide them from bots and harvesters.",90,11287,0,"2011-03-28T23:45:00.000Z","4.6.30","2.9","",[19,20,21,22,23],"email","encrypt","hide","protect","spam","http:\u002F\u002Fwww.wlabs.de\u002Fplugins\u002Fwl-email-encrypter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwl-email-encrypter.1.0.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":32,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"wlabs","brewlabs",5,2210,73,1682,60,"2026-04-04T10:29:09.938Z",[40,64,89,107,125],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":13,"last_vuln_date":63,"fetched_at":28},"email-encoder-bundle","Email Encoder – Protect Email Addresses and Phone Numbers","2.4.4","Online Optimisation","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineoptimisation\u002F","\u003Cp>Full site protection for your email addresses from spam-bots, email harvesters and other robots. No configuration needed.\u003Cbr \u002F>\nIt also protects phone numbers or any other text using our integrated \u003Ccode>[eeb_protect_content]\u003C\u002Fcode> shortcode or href attribute encoding.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full page protection for all of your emails\u003C\u002Fli>\n\u003Cli>Instant results (No confiruation needed)\u003C\u002Fli>\n\u003Cli>Protects mailto links, plain emails, email input fields, RSS feeds and much more\u003C\u002Fli>\n\u003Cli>Protect phone number links, ftp, skype, file and other custom link attributes\u003C\u002Fli>\n\u003Cli>Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)\u003C\u002Fli>\n\u003Cli>Exclude posts and pages from protection\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to mailto-links\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to png images\u003C\u002Fli>\n\u003Cli>Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more\u003C\u002Fli>\n\u003Cli>Deactivate CSS directions manually for browser backwards compatibility\u003C\u002Fli>\n\u003Cli>Shortcode support: \u003Ccode>[eeb_protect_emails]\u003C\u002Fcode>, \u003Ccode>[eeb_protect_content]\u003C\u002Fcode>, \u003Ccode>[eeb_mailto]\u003C\u002Fcode>, \u003Ccode>[eeb_form]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Template tag support: \u003Ccode>eeb_protect_emails()\u003C\u002Fcode>, \u003Ccode>eeb_protect_content()\u003C\u002Fcode>, \u003Ccode>eeb_mailto()\u003C\u002Fcode>, \u003Ccode>eeb_form()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Protect phone numbers (or any text or html)\u003C\u002Fli>\n\u003Cli>Also supports special chars, like Ã©, Ã¢, Ã¶, Chinese characters etcetera\u003C\u002Fli>\n\u003Cli>Use the Encoder Form to manually create encoded scripts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibilities\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin works with mostly any theme and plugin. Some special ones need special treatment. Down below you can learn more about that.\u003C\u002Fli>\n\u003Cli>Compatible with the Maintenance plugin from WP Maintenance\u003C\u002Fli>\n\u003Cli>Divi Theme is fully integrated as well\u003C\u002Fli>\n\u003Cli>Jetpack Image carousel is compatible as well\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Free Website Check\u003C\u002Fh4>\n\u003Cp>We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by \u003Ca href=\"https:\u002F\u002Fwpemailencoder.com\u002Femail-protection-checker\u002F\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>After activating the plugin all email addresses on your website will be protected out-of-the-box.\u003Cbr \u002F>\nWe also offer custom shortcodes and template functions to protect phone numbers or other text.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Documentation – After plugin activation, check the help tab on the plugin options page\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpemailencoder.com\u002F\" rel=\"nofollow ugc\">Documentation on wpemailencoder.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Femail-encoder-bundle\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Like this plugin?\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Femail-encoder-bundle\" rel=\"ugc\">Please Review it\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblueberryware.net\" rel=\"nofollow ugc\">Adam Hunter\u003C\u002Fa> for the encode method ‘JavaScript Escape’ which is taken from his plugin \u003Ca href=\"http:\u002F\u002Fblueberryware.net\u002F2008\u002F09\u002F14\u002Femail-spam-protection\u002F\" rel=\"nofollow ugc\">Email Spam Protection\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Frumkin.com\" rel=\"nofollow ugc\">Tyler Akins\u003C\u002Fa> for the encode method ‘JavaScript ASCII Mixer’\u003C\u002Fli>\n\u003Cli>Title icon on Admin Options Page was made by \u003Ca href=\"http:\u002F\u002Fwww.doublejdesign.co.uk\u002F\" rel=\"nofollow ugc\">Jack Cai\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect email addresses and phone numbers on your site and hide them from spambots. Easy to use & flexible.",90000,1753752,98,88,"2026-02-16T05:52:00.000Z","6.9.4","4.7","7.4",[57,58,20,21,22],"anti-spam","encode","https:\u002F\u002Fwpemailencoder.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-encoder-bundle.2.4.4.zip",97,7,"2024-07-08 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":51,"num_ratings":74,"last_updated":75,"tested_up_to":53,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":84,"download_link":85,"security_score":86,"vuln_count":87,"unpatched_count":13,"last_vuln_date":88,"fetched_at":28},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,280578,19,"2025-12-18T08:01:00.000Z","6.7","8.3",[79,80,81,82,83],"antispam","email-encryption","mail","privacy","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip",99,1,"2025-12-04 20:35:36",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":99,"num_ratings":87,"last_updated":100,"tested_up_to":53,"requires_at_least":101,"requires_php":55,"tags":102,"homepage":17,"download_link":106,"security_score":99,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"email-no-bot","Email No Bot – Prevent bots from detecting emails","0.0.3","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>With Email No Bot humans will see the emails that you write using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FShortcode\" rel=\"nofollow ugc\">shortcode\u003C\u002Fa> [hide_email email=”example@mail.com”], but robots will not.\u003C\u002Fp>\n\u003Cp>The user will not be able to copy the email in the clipboard. If you think this is a problem, this plugin is not for you.\u003C\u002Fp>\n\u003Cp>Looking at the screen you can see the email, but if you inspect elements, instead of the email you will see something strange, and not predictable. That’s what a bot will also see.\u003C\u002Fp>\n\u003Cp>The output is something very random for the bot, and even if the code of this plugin is open source, no bot will be able to decrypt the email.\u003C\u002Fp>\n\u003Cp>There are amazing plugins for contact forms, but sometimes what you really need is just an email that people can use to contact you.\u003Cbr \u002F>\nContact forms are so popular because a bot will not be able to get your email, but if you have a way to prevent bots from getting your email, you can simply add it to your page without the need of a contact form. Your page will be lighter and simple.\u003C\u002Fp>\n\u003Cp>Email No Bot has no settings page, it doesn’t write anything in the database, and it doesn’t load any asset on frontend, it just provides a shortcode, that’s it.\u003C\u002Fp>\n\u003Ch3>How to encrypt an email with Email No Bot\u003C\u002Fh3>\n\u003Cp>To encrypt an email use the shortcode \u003Cstrong>[hide_email email=”example@mail.com”]\u003C\u002Fstrong>.\u003Cbr \u002F>\nOf course, replace example@mail.com with the email that you want to display.\u003Cbr \u002F>\nYou can see an example and see how it works on the blog post \u003Ca href=\"https:\u002F\u002Fjosemortellaro.com\u002Fprevent-bots-from-getting-emails-from-your-website\u002F\" rel=\"nofollow ugc\">Prevent bots from getting emais from your website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Main features of Email No Bot\u003C\u002Fh3>\n\u003Cp>It obfuscate emails with 52 lines of code! The entire zip is less than 3 kB. No complicated settings, no database queries, no assets, nothing else than a shortcode. You will have no spam at zero cost in terms of performance. The weight of this plugin similar to the weight of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhello-dolly\u002F\" rel=\"ugc\">Hello Dolly\u003C\u002Fa>.\u003Cbr \u002F>\nYou can see here the \u003Ca href=\"https:\u002F\u002Fplugintests.com\u002Fplugins\u002Fwporg\u002Femail-no-bot\u002Flatest\" rel=\"nofollow ugc\">consumption of Email No Bot\u003C\u002Fa>. As you will see it’s not measurable.\u003C\u002Fp>\n\u003Ch3>Limitations of Email No Bot\u003C\u002Fh3>\n\u003Cp>The user will not be able to copy the email in the clipboard. But this is also what makes this plugin so powerful against spam bots.\u003C\u002Fp>\n\u003Ch3>Similar plugin to hide links\u003C\u002Fh3>\n\u003Cp>If you need something similar to hide links, you can try \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-link\u002F\" rel=\"ugc\">Hide Link\u003C\u002Fa>\u003C\u002Fp>\n","Humans will see the email address on your page, but robots will not.",200,6485,100,"2025-12-05T09:20:00.000Z","4.6",[80,103,104,105,83],"email-obfuscation","no-bot","spam-email","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-no-bot.0.0.3.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":123,"download_link":124,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"emailscrambler","EmailScrambler","1.4","Daschmi","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaschmi\u002F","\u003Cp>A lightweight plugin to protect email addresses from email-harvesting. Replace all @ in content with (at) and protect the E-Mail adress with javascript. Inspired by TYPO3.\u003C\u002Fp>\n","A lightweight plugin to protect email addresses from email-harvesting",40,2174,"2021-07-16T09:22:00.000Z","5.7.15","3.0.1","7.1",[79,19,20,122,23],"protection","https:\u002F\u002Fdaschmi.de\u002Fwpes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femailscrambler.1.4.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":135,"num_ratings":136,"last_updated":137,"tested_up_to":138,"requires_at_least":139,"requires_php":140,"tags":141,"homepage":145,"download_link":146,"security_score":147,"vuln_count":148,"unpatched_count":13,"last_vuln_date":149,"fetched_at":28},"email-address-encoder","Email Address Encoder","1.0.24","Till Krüss","https:\u002F\u002Fprofiles.wordpress.org\u002Ftillkruess\u002F","\u003Cp>A lightweight plugin that protects plain email addresses and mailto links from email-harvesting robots, by encoding them into decimal and hexadecimal entities. Has an effect on the posts, pages, comments, excerpts, text widgets and other filtered content. Works without JavaScript — just simple spam protection.\u003C\u002Fp>\n\u003Cp>To see whether all your email addresses are properly protected, use the free \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fscanner?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">page scanner\u003C\u002Fa> tool.\u003C\u002Fp>\n\u003Cp>Other content (like phone numbers) can be protected using \u003Ccode>[encode]\u003C\u002Fcode> shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[encode]+1 (555) 123-4567[\u002Fencode]\n[encode link=\"tel:+15551234567\"]+1 (555) 123-4567[\u002Fencode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-page protection\u003C\u002Fstrong> that catches all email addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardened protection\u003C\u002Fstrong> using JavaScript and CSS techniques\u003C\u002Fli>\n\u003Cli>Improved \u003Cstrong>phone number\u003C\u002Fstrong> protection\u003C\u002Fli>\n\u003Cli>Built-in plugin support for \u003Cstrong>ACF\u003C\u002Fstrong>, \u003Cstrong>Jetpack\u003C\u002Fstrong>, \u003Cstrong>WooCommerce\u003C\u002Fstrong> and many others\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fdownload?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> version of Email Address Encoder.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcoderisk.com\u002Fwp\u002Fplugin\u002Femail-address-encoder\u002FRIPS-r0bJqKvBws\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin that protects email addresses from email-harvesting robots, by encoding them into decimal and hexadecimal entities.",100000,1552799,84,160,"2025-01-20T21:35:00.000Z","6.7.5","2.0","5.3",[142,143,144,122,23],"block","crawler","encryption","https:\u002F\u002Fencoder.till.im\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-encoder.1.0.24.zip",91,2,"2024-08-26 00:00:00",{"attackSurface":151,"codeSignals":217,"taintFlows":293,"riskAssessment":320,"analyzedAt":330},{"hooks":152,"ajaxHandlers":209,"restRoutes":210,"shortcodes":211,"cronEvents":216,"entryPointCount":87,"unprotectedCount":13},[153,159,165,169,173,176,180,183,188,191,195,199,202,206],{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","admin_menu","add_pages","includes\\wlee_class.php",13,{"type":160,"name":161,"callback":162,"priority":163,"file":157,"line":164},"filter","plugin_row_meta","update_plugin_row",10,25,{"type":154,"name":166,"callback":167,"file":157,"line":168},"init","include_script",34,{"type":154,"name":170,"callback":171,"file":157,"line":172},"wp","add_filters",39,{"type":154,"name":155,"callback":174,"file":157,"line":175},"add_option_box",41,{"type":154,"name":177,"callback":178,"file":157,"line":179},"wp_insert_post","save_post_options",42,{"type":154,"name":181,"callback":178,"file":157,"line":182},"wp_update_post",43,{"type":160,"name":184,"callback":185,"priority":186,"file":157,"line":187},"the_content","check_posts",1000,63,{"type":160,"name":189,"callback":185,"priority":186,"file":157,"line":190},"the_excerpt",64,{"type":160,"name":192,"callback":193,"priority":186,"file":157,"line":194},"comment_text","check_comments",69,{"type":160,"name":196,"callback":197,"priority":186,"file":157,"line":198},"widget_text","check_widgets",76,{"type":160,"name":200,"callback":197,"priority":186,"file":157,"line":201},"widget_content",80,{"type":160,"name":203,"callback":204,"priority":186,"file":157,"line":205},"the_content_feed","check_rss",86,{"type":160,"name":207,"callback":204,"priority":186,"file":157,"line":208},"the_excerpt_rss",87,[],[],[212],{"tag":213,"callback":214,"file":157,"line":215},"wlee_options","special_options",29,[],{"dangerousFunctions":218,"sqlUsage":223,"outputEscaping":225,"fileOperations":13,"externalRequests":13,"nonceChecks":87,"capabilityChecks":13,"bundledLibraries":292},[219],{"fn":220,"file":157,"line":221,"context":222},"unserialize",580,"$this->options = unserialize($this->options);",{"prepared":13,"raw":13,"locations":224},[],{"escaped":13,"rawEcho":168,"locations":226},[227,230,232,233,235,236,238,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,282,284,286,288,290],{"file":157,"line":228,"context":229},706,"raw output",{"file":157,"line":231,"context":229},810,{"file":157,"line":231,"context":229},{"file":157,"line":234,"context":229},811,{"file":157,"line":234,"context":229},{"file":157,"line":237,"context":229},812,{"file":157,"line":237,"context":229},{"file":157,"line":240,"context":229},814,{"file":157,"line":242,"context":229},822,{"file":157,"line":244,"context":229},823,{"file":157,"line":246,"context":229},824,{"file":157,"line":248,"context":229},825,{"file":157,"line":250,"context":229},832,{"file":157,"line":252,"context":229},833,{"file":157,"line":254,"context":229},834,{"file":157,"line":256,"context":229},835,{"file":157,"line":258,"context":229},843,{"file":157,"line":260,"context":229},844,{"file":157,"line":262,"context":229},845,{"file":157,"line":264,"context":229},846,{"file":157,"line":266,"context":229},853,{"file":157,"line":268,"context":229},854,{"file":157,"line":270,"context":229},855,{"file":157,"line":272,"context":229},856,{"file":157,"line":274,"context":229},866,{"file":157,"line":276,"context":229},867,{"file":157,"line":278,"context":229},872,{"file":157,"line":280,"context":229},878,{"file":157,"line":280,"context":229},{"file":157,"line":283,"context":229},884,{"file":157,"line":285,"context":229},891,{"file":157,"line":287,"context":229},900,{"file":157,"line":289,"context":229},907,{"file":157,"line":291,"context":229},933,[],[294,312],{"entryPoint":295,"graph":296,"unsanitizedCount":13,"severity":311},"options_page (includes\\wlee_class.php:648)",{"nodes":297,"edges":308},[298,303],{"id":299,"type":300,"label":301,"file":157,"line":302},"n0","source","$_SERVER",791,{"id":304,"type":305,"label":306,"file":157,"line":240,"wp_function":307},"n1","sink","echo() [XSS]","echo",[309],{"from":299,"to":304,"sanitized":310},true,"low",{"entryPoint":313,"graph":314,"unsanitizedCount":13,"severity":311},"\u003Cwlee_class> (includes\\wlee_class.php:0)",{"nodes":315,"edges":318},[316,317],{"id":299,"type":300,"label":301,"file":157,"line":302},{"id":304,"type":305,"label":306,"file":157,"line":240,"wp_function":307},[319],{"from":299,"to":304,"sanitized":310},{"summary":321,"deductions":322},"The wl-email-encrypter plugin v1.0.5 exhibits a mixed security posture, with some positive indicators but notable concerns regarding output escaping and the use of a dangerous function.  While the plugin has no recorded vulnerability history, this could be due to limited discovery rather than inherent security. The static analysis reveals a small attack surface with no unprotected entry points, and SQL queries are securely handled with prepared statements. Nonce checks are present. However, a significant weakness is the complete lack of output escaping, meaning any dynamic data displayed could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, the presence of the `unserialize` function is a red flag, as it can be a vector for remote code execution (RCE) if an attacker can control the data being unserialized.",[323,326,328],{"reason":324,"points":325},"All output is unescaped",20,{"reason":327,"points":163},"Uses dangerous function unserialize",{"reason":329,"points":33},"Missing capability checks","2026-03-16T21:20:00.369Z",{"wat":332,"direct":339},{"assetPaths":333,"generatorPatterns":335,"scriptPaths":336,"versionParams":337},[334],"\u002Fwp-content\u002Fplugins\u002Fwl-email-encrypter\u002Fjs\u002Fwlee.js",[],[334],[338],"wl-email-encrypter\u002Fjs\u002Fwlee.js?ver=",{"cssClasses":340,"htmlComments":341,"htmlAttributes":342,"restEndpoints":343,"jsGlobals":344,"shortcodeOutput":345},[],[],[],[],[],[346],"\u003Cinput type=\"radio\" name=\"wlee_post_encrypt_method\" value=\"default\""]