[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZlA2-9D7q17zL2WvorX6ZpUxP5E0HXgr8EpVG3vHDNc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":123,"fingerprints":237},"wp-comment-notifier-for-all","WP Comment Notifier For All","2.4.1",".fay","https:\u002F\u002Fprofiles.wordpress.org\u002Ffay-1\u002F","\u003Cp>Notify all WordPress users (and not only the admin) on every comment approval. The notification is only sent once after the first comment post approving action (and not on possible status update).\u003C\u002Fp>\n","Notify all Wordpress users (and not only the admin) on every comment approval.",100,8235,0,"2016-05-24T19:31:00.000Z","4.5.33","3.0","",[19,20,21],"comment","notifier","notify","http:\u002F\u002Ffaycaltirich.blogspot.com\u002F1979\u002F01\u002Fwp-comment-notifier-for-all.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-comment-notifier-for-all.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"fay-1",5,380,88,30,86,"2026-04-05T09:15:11.636Z",[37,51,71,89,106],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":34,"num_ratings":45,"last_updated":46,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":49,"download_link":50,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-post-notifier-for-all","WP Post Notifier For All","2.7.1","\u003Cp>Notify all WordPress users (and not only the admin) on every post publishing. The notification is only sent on the first publishing action and not after every update.\u003C\u002Fp>\n","Notify all Wordpress users (and not only the admin) on every post publishing.",200,16860,4,"2016-05-24T19:30:00.000Z",[20,21,48],"post","http:\u002F\u002Ffaycaltirich.blogspot.com\u002F1979\u002F01\u002Fwp-post-notifier-for-all.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-notifier-for-all.zip",{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":11,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":16,"requires_php":17,"tags":64,"homepage":69,"download_link":70,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"comment-reply-by-admins-notifier","Comment Reply by Admins Notifier","2.0","Yakup Hoca","https:\u002F\u002Fprofiles.wordpress.org\u002Fyakuphoca\u002F","\u003Cp>The visitors send their questions in comments, then they leaves our web sites. When we reply their comment to answer their questions, this plugin sends an e-mail about this. So that, the visitor will learn this situation and return to our site to read our answer.\u003C\u002Fp>\n\u003Cp>For support: \u003Ca href=\"http:\u002F\u002Fwww.yakuphoca.com\u002Fcomment-reply-by-admins-notifier-plugin\u002F\" title=\"Support by Yakup Hoca\" rel=\"nofollow ugc\">Plugin URI\u003C\u002Fa>\u003C\u002Fp>\n","This plugin sends an e-mail notify when an admin or an editor of site reply a comment.",80,3532,1,"2013-07-26T09:29:00.000Z","3.5.2",[65,66,67,20,68],"admin","comment-reply","comments","reply","http:\u002F\u002Fwww.yakuphoca.com\u002Fcomment-reply-by-admins-notifier-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-reply-by-admins-notifier.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":59,"downloaded":79,"rating":34,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":17,"tags":84,"homepage":87,"download_link":88,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"disqus-notify-content-author","Disqus Notify Post\u002FPage Author","1.2.1","Janne Cederberg","https:\u002F\u002Fprofiles.wordpress.org\u002Fjcederberg\u002F","\u003Ch4>Purpose\u003C\u002Fh4>\n\u003Cp>This plugin notifies post\u002Fpage author by email of comments posted through the\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisqus-comment-system\u002F\" rel=\"ugc\">Disqus Comment System\u003C\u002Fa> plugin even if the author is not an admin of the Disqus account used for the site.\u003C\u002Fp>\n\u003Cp>In other words, this plugin implements the same notification functionality that WordPress ships with out of the box but which is disabled by using the Disqus Comment System.\u003C\u002Fp>\n\u003Cp>\u003Cem>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisqus-notify-content-author\u002Finstallation\u002F\" rel=\"ugc\">INSTALL THE PLUGIN\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Works with\u003C\u002Fh4>\n\u003Cp>Confirmed to work with (and to also be needed with) at least Disqus Comment System versions 2.74-2.84.\u003C\u002Fp>\n\u003Ch3>Related articles\u003C\u002Fh3>\n\u003Cp>These sites\u002Fblogs describe the same issue that this plugin solves. Using this plugin is simpler though and prevents you from shooting your own leg (by not doing custom hacks)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwpdailybits.com\u002Fblog\u002Fnotify-post-author-for-new-comment-disqus\u002F45\" rel=\"nofollow ugc\">WP Daily Bits\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.cornflowerdesign.co.uk\u002F2011\u002F11\u002Fdisqus-notify-post-author\u002F\" rel=\"nofollow ugc\">Cornflower Design\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributers\u003C\u002Fh3>\n\u003Cp>Contributers to the initial version of this plugin that was released in March 2014 on GitHub\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fhmemcpy\" rel=\"nofollow ugc\">hmemcpy\u003C\u002Fa> @ GitHub: Instructions for using .zip for installing into WP\u003C\u002Fli>\n\u003C\u002Ful>\n","If using Disqus, the authors of posts\u002Fpages do not get notified of comments if they're not Disqus moderators. This plugin fixes that.",9787,3,"2016-02-22T23:48:00.000Z","4.4.34","2.8",[19,67,85,86,21],"disqus","notification","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisqus-notify-content-author\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisqus-notify-content-author.1.2.1.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":11,"num_ratings":61,"last_updated":99,"tested_up_to":83,"requires_at_least":100,"requires_php":17,"tags":101,"homepage":104,"download_link":105,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"comment-approved-notifier","Comment Approved Notifier","2.2","yakuphan","https:\u002F\u002Fprofiles.wordpress.org\u002Fyakuphan\u002F","\u003Cp>Comment Approved Notifier sends an e-mail to your commenters when you approve their comments. It is a very simple plugin. There are no settings, options. It starts to work when you activate it.\u003C\u002Fp>\n\u003Ch4>Read Please\u003C\u002Fh4>\n\u003Cp>If you upgraded to WP 2.7 or WP 2.8, please, update v1.1 to v2.1\u003Cbr \u002F>\nIt requires at least 2.7. If you use WP 2.6.5, please use version 1.1\u003C\u002Fp>\n\u003Cp>Thanks!\u003C\u002Fp>\n","The plugin sends an e-mail to your commenters when you approve their comments.",60,8281,"2009-06-28T15:32:00.000Z","2.7",[102,19,67,20,103],"approve","posts","http:\u002F\u002Fwww.yakupgovler.com\u002F?p=291","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-approved-notifier.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":61,"last_updated":117,"tested_up_to":118,"requires_at_least":54,"requires_php":17,"tags":119,"homepage":121,"download_link":122,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"comment-reply-notifier","Comment Reply Notifier","1.0","leo108","https:\u002F\u002Fprofiles.wordpress.org\u002Fleo108\u002F","\u003Cp>When someone reply a comment, the person who receive this reply will receive a mail.\u003Cbr \u002F>\n当有人回复评论时，被回复的人会收到一封提醒邮件。\u003C\u002Fp>\n","When someone reply a comment,the person who receive the reply will receive a mail 有人回复评论时，被回复的人会收到一封提醒邮件",20,3793,40,"2012-06-18T13:05:00.000Z","3.4.2",[19,120,20,68],"mail","http:\u002F\u002Fleo108.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcomment-reply-notifier.1.0.zip",{"attackSurface":124,"codeSignals":150,"taintFlows":197,"riskAssessment":230,"analyzedAt":236},{"hooks":125,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":13,"unprotectedCount":13},[126,132,137,142],{"type":127,"name":128,"callback":129,"file":130,"line":131},"filter","wp_mail_charset","cnfa_get_mail_charset","wp-comment-notifier-for-all.php",165,{"type":133,"name":134,"callback":135,"file":130,"line":136},"action","admin_menu","cnfa_menu",423,{"type":133,"name":138,"callback":139,"priority":140,"file":130,"line":141},"wp_set_comment_status","cnfa_set_comment_status",10,424,{"type":133,"name":143,"callback":144,"file":130,"line":145},"comment_post","cnfa_comment_post",425,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":152,"outputEscaping":154,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":61,"bundledLibraries":196},[],{"prepared":13,"raw":13,"locations":153},[],{"escaped":13,"rawEcho":155,"locations":156},19,[157,160,162,164,166,168,170,172,174,176,178,180,182,184,186,188,190,192,194],{"file":130,"line":158,"context":159},212,"raw output",{"file":130,"line":161,"context":159},243,{"file":130,"line":163,"context":159},250,{"file":130,"line":165,"context":159},257,{"file":130,"line":167,"context":159},260,{"file":130,"line":169,"context":159},266,{"file":130,"line":171,"context":159},273,{"file":130,"line":173,"context":159},294,{"file":130,"line":175,"context":159},296,{"file":130,"line":177,"context":159},299,{"file":130,"line":179,"context":159},307,{"file":130,"line":181,"context":159},309,{"file":130,"line":183,"context":159},312,{"file":130,"line":185,"context":159},328,{"file":130,"line":187,"context":159},330,{"file":130,"line":189,"context":159},332,{"file":130,"line":191,"context":159},334,{"file":130,"line":193,"context":159},335,{"file":130,"line":195,"context":159},381,[],[198],{"entryPoint":199,"graph":200,"unsanitizedCount":13,"severity":229},"\u003Cwp-comment-notifier-for-all> (wp-comment-notifier-for-all.php:0)",{"nodes":201,"edges":224},[202,207,212,216,218,222],{"id":203,"type":204,"label":205,"file":130,"line":206},"n0","source","$_POST['cnfa_from']",52,{"id":208,"type":209,"label":210,"file":130,"line":206,"wp_function":211},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":213,"type":204,"label":214,"file":130,"line":215},"n2","$_POST['cnfa_subject']",53,{"id":217,"type":209,"label":210,"file":130,"line":215,"wp_function":211},"n3",{"id":219,"type":204,"label":220,"file":130,"line":221},"n4","$_POST['cnfa_body']",54,{"id":223,"type":209,"label":210,"file":130,"line":221,"wp_function":211},"n5",[225,227,228],{"from":203,"to":208,"sanitized":226},true,{"from":213,"to":217,"sanitized":226},{"from":219,"to":223,"sanitized":226},"low",{"summary":231,"deductions":232},"The wp-comment-notifier-for-all v2.4.1 plugin presents a mixed security profile. On the positive side, it demonstrates strong security practices by having zero known CVEs, no unpatched vulnerabilities, and a clean vulnerability history. The code analysis reveals no dangerous functions, no raw SQL queries, no file operations, and no external HTTP requests, all of which are excellent indicators of a secure implementation.\n\nHowever, a significant concern arises from the output escaping. The static analysis indicates that 100% of the 19 identified output points are not properly escaped. This is a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly reflected in the output without sanitization. While taint analysis didn't reveal specific unsanitized paths or critical\u002Fhigh severity flows, the lack of output escaping provides a clear vector for attack.\n\nIn conclusion, while the plugin excels in avoiding common vulnerability types and boasts a pristine history, the pervasive lack of output escaping is a serious security flaw. This oversight, combined with the absence of nonce checks and capability checks on any entry points (which are currently zero), leaves the plugin vulnerable to XSS attacks if user input is ever processed and displayed. Developers should prioritize addressing the output escaping issue immediately.",[233],{"reason":234,"points":235},"100% of outputs are not properly escaped",8,"2026-03-16T21:12:27.745Z",{"wat":238,"direct":243},{"assetPaths":239,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[],[],[],[],{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":248,"shortcodeOutput":249},[],[],[],[],[],[]]