[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZux5pEBHyywG2CxfkFsO0wn7BoZPF_le2r2gRkefb_k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":54,"analysis":55,"fingerprints":102},"wp-change-email-sender","WP Change Email Sender","3.2","Md Aminur Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Faminurislam01\u002F","\u003Cp>This plugin enable you to change mail sender name and email address from WordPress default mail sender name and email.\u003Cbr \u002F>\nAfter install go to Settings->General.\u003C\u002Fp>\n\u003Ch4>Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Change WordPress default mail sender name.\u003C\u002Fli>\n\u003Cli>Change WordPress default mail sender email address.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you find this plugin useful, consider supporting its development through a \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Faiarnob\" rel=\"nofollow ugc\">donation\u003C\u002Fa>.\u003C\u002Fp>\n","Easily change WordPress default mail sender name and email address",10000,53287,96,6,"2025-12-23T15:31:00.000Z","6.9.4","5.8","7.4",[20,21,4,22,23],"wordpress-default-email-sender-change","wp-change-default-email-sender","wp-default-email-change","wp-default-email-sender-name-change","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-change-email-sender\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-change-email-sender.3.2.zip",100,1,0,"2024-03-25 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-29815","wp-change-email-sender-authenticated-administrator-stored-cross-site-scripting","WP Change Email Sender \u003C= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting","The WP Change Email Sender plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0","2.0","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-04-01 16:21:26",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F88855d83-d182-4b10-b44f-cd0edec07db1?source=api-prod",8,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":52,"computed_at":53},"aminurislam01",4,16070,94,"2026-04-04T00:40:54.891Z",[],{"attackSurface":56,"codeSignals":81,"taintFlows":89,"riskAssessment":90,"analyzedAt":101},{"hooks":57,"ajaxHandlers":77,"restRoutes":78,"shortcodes":79,"cronEvents":80,"entryPointCount":28,"unprotectedCount":28},[58,64,68,73],{"type":59,"name":60,"callback":61,"file":62,"line":63},"action","init","wpces_email_sender_load_textdomain","wp-change-email-sender.php",33,{"type":59,"name":65,"callback":66,"file":62,"line":67},"admin_init","wpces_email_sender_register",71,{"type":69,"name":70,"callback":71,"file":62,"line":72},"filter","wp_mail_from","wpces_mail_sender_from_email",107,{"type":69,"name":74,"callback":75,"file":62,"line":76},"wp_mail_from_name","wpces_mail_sender_from_email_name",117,[],[],[],[],{"dangerousFunctions":82,"sqlUsage":83,"outputEscaping":85,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":88},[],{"prepared":28,"raw":28,"locations":84},[],{"escaped":86,"rawEcho":28,"locations":87},5,[],[],[],{"summary":91,"deductions":92},"The \"wp-change-email-sender\" v3.2 plugin exhibits a generally good static security posture. The absence of dangerous functions, the exclusive use of prepared statements for SQL queries, and the proper escaping of all output are commendable practices. Furthermore, the plugin demonstrates a clean bill of health with no identified unsanitized taint flows or critical\u002Fhigh severity vulnerabilities in its code signals. The limited attack surface with zero identified entry points further contributes to this positive assessment.\n\nHowever, the plugin's vulnerability history presents a significant concern. With a total of one known CVE, specifically related to Cross-Site Scripting (XSS), and this vulnerability being recently discovered (March 2024), it indicates a past susceptibility to insecure output handling or input sanitization. Although this particular CVE is currently patched, the historical pattern suggests a potential for developers to overlook certain security aspects. The complete lack of nonce and capability checks across all entry points, as well as the absence of any capability checks on identified AJAX handlers or REST API routes (though none were found), signifies a missed opportunity to implement fundamental WordPress security measures.\n\nIn conclusion, while the current code of \"wp-change-email-sender\" v3.2 appears robust against many common threats, the historical vulnerability and the absence of essential WordPress security checks like nonces and capability checks introduce a notable risk. The plugin's developers should prioritize implementing these standard security features to bolster its overall resilience and prevent future exploitable vulnerabilities.",[93,96,98],{"reason":94,"points":95},"Missing nonce checks on entry points",10,{"reason":97,"points":95},"Missing capability checks on entry points",{"reason":99,"points":100},"Recent medium severity vulnerability (XSS)",7,"2026-03-16T17:44:59.746Z",{"wat":103,"direct":108},{"assetPaths":104,"generatorPatterns":105,"scriptPaths":106,"versionParams":107},[],[],[],[],{"cssClasses":109,"htmlComments":110,"htmlAttributes":111,"restEndpoints":114,"jsGlobals":115,"shortcodeOutput":116},[],[],[112,113],"name=\"wpces_email_sender_name\"","name=\"wpces_sender_email_address\"",[],[],[]]