[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fz7GZW57VfWN1cxH-qSfDbDNJ_EcsMJFJG2TUerb6phI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":101,"crawl_stats":37,"alternatives":109,"analysis":213,"fingerprints":557},"wp-email","WP-EMail","2.69.2","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>General Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Under E-Mail Settings, modify the setting Method Used To Send E-Mail accordingly. If the method is wrong, no email will get sent.\u003C\u002Fli>\n\u003Cli>You Need To Re-Generate The Permalink (WP-Admin -> Settings -> Permalinks -> Save Changes)\u003C\u002Fli>\n\u003Cli>Open \u003Ccode>wp-content\u002Fthemes\u002F\u003CYOUR THEME NAME>\u002Findex.php\u003C\u002Fcode> (You may place it in single.php, post.php, page.php, etc also)\n\u003Cul>\n\u003Cli>Find: \u003Ccode>\u003C?php while (have_posts()) : the_post(); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Simply add this code inside the loop where you want the email link to display: \u003Ccode>if(function_exists('email_link')) { email_link(); }\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you DO NOT want the email link to appear in every post\u002Fpage, DO NOT use the code above. Just use the shortcode by typing [email_link] into the selected post\u002Fpage content and it will embed the email link into that post\u002Fpage only.\u003C\u002Fp>\n\u003Ch3>Build Status\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Flesterchan\u002Fwp-email\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-email\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-email\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fyanlu.de\" rel=\"nofollow ugc\">Yannick\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Icons courtesy of \u003Ca href=\"http:\u002F\u002Fwww.famfamfam.com\u002F\" rel=\"nofollow ugc\">FamFamFam\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks as my school allowance, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n","Allows people to recommend\u002Fsend your WordPress blog's post\u002Fpage to a friend.",2000,514654,90,11,"2024-12-18T14:25:00.000Z","6.7.5","4.6","",[20,21,22,23,4],"e-mail","email","mail","recommend","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-email.2.69.3.zip",88,5,0,"2023-07-24 00:00:00","2026-03-15T15:16:48.613Z",[32,48,62,72,86],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-3721","wp-email-authenticated-admin-stored-cross-site-scripting","WP-EMail \u003C= 2.69.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The WP-EMail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.69.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C2.69.1","2.69.1","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7e8745da-fd3a-44b3-b288-9a2b83e8dcd8?source=api-prod",183,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":44,"references":59,"days_to_patch":61},"CVE-2022-1614","wp-email-spam-protection-bypass","WP-EMail \u003C= 2.68.2 - Spam Protection Bypass","The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions.","\u003C2.69.0","2.69.0",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Authorization Bypass Through User-Controlled Key","2022-05-30 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F89a02485-a2a5-467d-ad19-6b267059389d?source=api-prod",603,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":67,"cvss_vector":68,"vuln_type":69,"published_date":58,"updated_date":44,"references":70,"days_to_patch":61},"CVE-2022-1630","wp-email-cross-site-request-forgery-to-log-deletion","WP-EMail \u003C= 2.68.2 - Cross-Site Request Forgery to Log Deletion","The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8ba90d0f-5ef9-4931-85a9-edf08275510f?source=api-prod",{"id":73,"url_slug":74,"title":75,"description":76,"plugin_slug":4,"theme_slug":37,"affected_versions":77,"patched_in_version":78,"severity":79,"cvss_score":80,"cvss_vector":81,"vuln_type":43,"published_date":82,"updated_date":44,"references":83,"days_to_patch":85},"WF-4ebbe9a4-3769-4e05-9377-907b43e3fe10-wp-email","wp-email-unauthenticated-cross-site-scripting","WP-EMail \u003C= 2.67.2 - Unauthenticated Cross-Site Scripting","The WP-EMail plugin for WordPress is vulnerable to Cross-Site Scripting via several form fields in versions up to, and including, 2.67.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C=2.67.2","2.67.3","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2016-07-07 00:00:00",[84],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4ebbe9a4-3769-4e05-9377-907b43e3fe10?source=api-prod",2756,{"id":87,"url_slug":88,"title":89,"description":90,"plugin_slug":4,"theme_slug":37,"affected_versions":91,"patched_in_version":92,"severity":93,"cvss_score":94,"cvss_vector":95,"vuln_type":96,"published_date":97,"updated_date":44,"references":98,"days_to_patch":100},"WF-af90aef0-fd96-43ff-8400-09bd5cebed28-wp-email","wp-email-sql-injection","WP-EMail \u003C 2.67.2 - SQL Injection","The WP-EMail Plugin for WordPress is vulnerable to SQL Injection via the ‘last_emailed’ parameter in versions before 2.67.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C2.67.2","2.67.2","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2016-05-14 00:00:00",[99],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Faf90aef0-fd96-43ff-8400-09bd5cebed28?source=api-prod",2810,{"slug":102,"display_name":7,"profile_url":8,"plugin_count":103,"total_installs":104,"avg_security_score":105,"avg_patch_time_days":106,"trust_score":107,"computed_at":108},"gamerz",20,889190,89,1377,71,"2026-04-04T16:59:01.417Z",[110,128,148,169,193],{"slug":21,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":18,"download_link":126,"security_score":127,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"Email","1.1.1","Patrick Daly","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevelopdaly\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopdaly\u002FEmail\" rel=\"nofollow ugc\">\u003Cstrong>Contribute on Github\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdevelopdaly\u002FEmail\u002Fissues?labels=bug&milestone=&page=1&state=open\" rel=\"nofollow ugc\">\u003Cstrong>Report Bugs\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin allows you configure and reconfigure emails that are sent to specified users when certain things happen.\u003C\u002Fp>\n\u003Cp>Some examples (applies to custom post types as well):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>new post\u003C\u002Fli>\n\u003Cli>updated post\u003C\u002Fli>\n\u003Cli>deleted post\u003C\u002Fli>\n\u003Cli>(more coming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additionally, you control the email template users receive. Boilterplate templates are included to get you started.\u003C\u002Fp>\n","Email users with custom templates when certain actions happen, such as new posts or updated custom post types and keep a log of sent emails.",60,12531,66,4,"2015-01-22T02:22:00.000Z","3.6.1","3.5.2",[20,21,22,4,125],"wp_mail","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail.1.1.1.zip",85,{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":26,"num_ratings":138,"last_updated":139,"tested_up_to":16,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":18,"download_link":146,"security_score":147,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"cb-change-mail-sender","Change Mail Sender","1.3.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>\u003Cstrong>Do you want to change the WordPress default from email address and from name?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This is the plugin for you! It allows you to change the from email address and name for all emails sent from your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are your WordPress emails not being delivered?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have issues with email deliverability, then just changing the from email address and name will usually not resolve the issue.\u003C\u002Fp>\n\u003Cp>In order to fix your WordPress emails not reaching your inbox, we suggest installing the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mail-smtp\u002F\" rel=\"ugc\">WP Mail SMTP\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>WP Mail SMTP is trusted by more than 3 million websites. It will fix the deliverability problems with one of your favourite email providers: Gmail, Outlook, SendLayer, Mailgun, and many more.\u003C\u002Fp>\n","Easily change the default WordPress from email name and from email address.",20000,186985,18,"2025-04-02T06:24:00.000Z","5.2","5.6.20",[143,21,144,22,145],"change-mail-sender","from-email","name","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcb-change-mail-sender.1.3.0.zip",92,{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":158,"num_ratings":159,"last_updated":160,"tested_up_to":161,"requires_at_least":162,"requires_php":163,"tags":164,"homepage":166,"download_link":167,"security_score":147,"vuln_count":27,"unpatched_count":28,"last_vuln_date":168,"fetched_at":30},"postie","Postie","1.9.75","Wayne Allen","https:\u002F\u002Fprofiles.wordpress.org\u002Fwayneallen-1\u002F","\u003Cp>Postie offers many advanced features for creating posts by email, including the ability to assign categories by name, included pictures and videos, and automatically strip off signatures.\u003Cbr \u002F>\nPostie supports both IMAP and POP including SSL\u002FTLS.\u003Cbr \u002F>\nThere is also an extensive set of filters\u002Factions for developers to extend Postie’s functionality.\u003Cbr \u002F>\nFor usage notes, see the \u003Ca href=\"other_notes\" rel=\"nofollow ugc\">other notes\u003C\u002Fa> page.\u003C\u002Fp>\n\u003Cp>More info at http:\u002F\u002FPostiePlugin.com\u002F\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Supports IMAP or POP3 servers\u003C\u002Fli>\n\u003Cli>SSL and TLS supported\u003C\u002Fli>\n\u003Cli>Control who gets to post via email\u003C\u002Fli>\n\u003Cli>Set defaults for category, status, post format, post type and tags.\u003C\u002Fli>\n\u003Cli>Set title, category, status, post format, post type, date, comment control and tags in email to override defaults.\u003C\u002Fli>\n\u003Cli>Specify post excerpt (including excerpt only images).\u003C\u002Fli>\n\u003Cli>Use plain text or HTML version of email.\u003C\u002Fli>\n\u003Cli>Remove headers and footers from email (useful for posting from a mailing list).\u003C\u002Fli>\n\u003Cli>Optionally send emails on post success\u002Ffailure.\u003C\u002Fli>\n\u003Cli>Control the types of attachments that are allowed by file name (wildcards allowed) and MIME type.\u003C\u002Fli>\n\u003Cli>Optionally make the first image the featured image.\u003C\u002Fli>\n\u003Cli>Gallery support.\u003C\u002Fli>\n\u003Cli>Control image placement with plain text email.\u003C\u002Fli>\n\u003Cli>Templates for images so they look the way you want.\u003C\u002Fli>\n\u003Cli>Templates for videos.\u003C\u002Fli>\n\u003Cli>Templates for audio files.\u003C\u002Fli>\n\u003Cli>Templates for other attachments.\u003C\u002Fli>\n\u003Cli>Email replies become comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Several filter hooks available for custom processing of emails.\u003C\u002Fli>\n\u003Cli>More developer info at \u003Ca href=\"http:\u002F\u002Fpostieplugin.com\u002Fextending\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fpostieplugin.com\u002Fextending\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Please visit our site at \u003Ca href=\"http:\u002F\u002Fpostieplugin.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fpostieplugin.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n","Postie allows you to create posts via email, including many advanced features not found in WordPress's default Post by Email feature.",10000,1221090,94,139,"2026-01-29T16:48:00.000Z","6.9.4","5.6","7.0",[20,21,165],"post-by-email","http:\u002F\u002FPostiePlugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpostie.1.9.75.zip","2025-12-31 00:00:00",{"slug":170,"name":171,"version":172,"author":173,"author_profile":174,"description":175,"short_description":176,"active_installs":156,"downloaded":177,"rating":158,"num_ratings":178,"last_updated":179,"tested_up_to":161,"requires_at_least":180,"requires_php":181,"tags":182,"homepage":188,"download_link":189,"security_score":190,"vuln_count":191,"unpatched_count":28,"last_vuln_date":192,"fetched_at":30},"shopmagic-for-woocommerce","ShopMagic – email automation","4.8.1","wpdesk","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdesk\u002F","\u003Cp>ShopMagic – email automation is a WooCommerce extension that allows store owners to create automated emails and actions triggered by store and customer events.\u003C\u002Fp>\n\u003Cp>The ShopMagic – email automation plugin provides a system for building email automations using events, optional filters, and actions. It can be used to send follow-up emails, transactional notifications, reminders, and internal messages related to WooCommerce orders, customers, and site activity.\u003C\u002Fp>\n\u003Cp>ShopMagic – email automation runs entirely inside WordPress and WooCommerce. All data remains in the site database and is not sent to external services unless explicitly configured by the site administrator (for example, through integrations).\u003C\u002Fp>\n\u003Cp>The plugin is designed to be extensible and can be enhanced with add-ons or custom code to support additional events, filters, and actions.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI-powered interface\u003C\u002Fstrong> – Create email automations using prompts and reduce setup time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ready-to-use WooCommerce automation recipes\u003C\u002Fstrong> – Pre-built email workflows for common WooCommerce scenarios.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce follow-up emails\u003C\u002Fstrong> – Automatically send post-purchase emails such as review requests or product recommendations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email automation for WooCommerce order statuses\u003C\u002Fstrong> – Trigger emails based on order status changes, including links to products or external review platforms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom transactional emails for WooCommerce\u003C\u002Fstrong> – Create and send customized emails for all order statuses, including pending payment and cancelled orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support for custom WooCommerce order statuses\u003C\u002Fstrong> – Build automations and emails for custom statuses added by other plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Product-specific email content\u003C\u002Fstrong> – Create different email designs and messages depending on the purchased product.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Welcome emails\u003C\u002Fstrong> – Send automated welcome emails for new orders or newly created customer accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Internal emails and notifications\u003C\u002Fstrong> – Send emails to store staff or administrators about selected store events.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mailchimp integration\u003C\u002Fstrong> – Automatically add customers to Mailchimp lists during checkout.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer lists and segmentation\u003C\u002Fstrong> – Create and manage multiple lists for newsletters, promotions, or product announcements.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR-compliant email lists\u003C\u002Fstrong> – Support for opt-in and opt-out lists with unsubscribe links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced guest customer handling\u003C\u002Fstrong> – View and target customers who placed orders without creating an account.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email queue system\u003C\u002Fstrong> – Optimized email queue for reliable delivery and store performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email history and logs\u003C\u002Fstrong> – Full visibility into sent emails and executed actions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Abandoned cart recovery\u003C\u002Fstrong> – Free add-on to recover abandoned WooCommerce carts and lost revenue.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce SMS notifications\u003C\u002Fstrong> – Free Twilio integration add-on for sending SMS notifications.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cross-sell and related product emails\u003C\u002Fstrong> – Promote related or cross-sell products using automated emails.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>UTM parameter support\u003C\u002Fstrong> – Add tracking parameters to email links for Google Analytics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reliable email delivery\u003C\u002Fstrong> – Use ShopMagic as a WooCommerce email customizer when default emails are not sent correctly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Newsletter and reminder automation\u003C\u002Fstrong> – Send newsletters, pre- and post-purchase emails, and cart reminders from WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Extensible with add-ons\u003C\u002Fstrong> – Integrations with Twilio, Gravity Forms, Contact Form 7, Slack, WooCommerce Memberships, Bookings, Subscriptions, and Google Sheets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FotFW9egNI3U?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>Automations in ShopMagic – email automation are built using three components:\u003C\u002Fp>\n\u003Ch4>1. Event\u003C\u002Fh4>\n\u003Cp>Defines when the automation is triggered.\u003Cbr \u002F>\nExamples include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Order status change\u003C\u002Fli>\n\u003Cli>New order created\u003C\u002Fli>\n\u003Cli>Customer account creation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. Filter (optional)\u003C\u002Fh4>\n\u003Cp>Defines conditions that must be met for the automation to run.\u003Cbr \u002F>\nFilters can be used to limit automations to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Specific products or categories\u003C\u002Fli>\n\u003Cli>Selected order statuses\u003C\u002Fli>\n\u003Cli>Specific customer data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If no filter is added, the automation runs globally for the selected event.\u003C\u002Fp>\n\u003Ch4>3. Action\u003C\u002Fh4>\n\u003Cp>Defines what happens when the event occurs and conditions are met.\u003Cbr \u002F>\nActions can include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sending an email\u003C\u002Fli>\n\u003Cli>Adding a customer to a list\u003C\u002Fli>\n\u003Cli>Triggering an integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Emails in ShopMagic – email automation can be customized using placeholders that insert dynamic WooCommerce and customer data.\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Install and activate the ShopMagic plugin.\u003C\u002Fli>\n\u003Cli>Create a new automation in WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Automations.\u003C\u002Fli>\n\u003Cli>Choose an event and add an email action.\u003C\u002Fli>\n\u003Cli>Save the automation — emails will be sent automatically.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>A step-by-step guide is available in the documentation and video tutorial.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FUIBnaT_peHc?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>ShopMagic comes with an \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-docs\" rel=\"nofollow ugc\">extensive docs\u003C\u002Fa> for both store owners and staff as well as \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-dev-docs\" rel=\"nofollow ugc\">developer docs\u003C\u002Fa> aimed to help with extending ShopMagic with new features.\u003C\u002Fp>\n\u003Ch3>Help and support\u003C\u002Fh3>\n\u003Cp>ShopMagic is backed by a friendly and professional support team ready to answer your questions and help you along the way.\u003C\u002Fp>\n\u003Cp>We also have an \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-docs\" rel=\"nofollow ugc\">extensive documentation site\u003C\u002Fa> available. For support requests, please use the \u003Ca href=\"https:\u002F\u002Fwpdesk.link\u002Fshopmagic-for-woocommerce-readme-support\u002F\" rel=\"nofollow ugc\">official plugin forums\u003C\u002Fa> at WP.org.\u003C\u002Fp>\n\u003Cp>If you’re looking for faster support via email, we encourage you to \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-pro\" rel=\"nofollow ugc\">purchase ShopMagic PRO\u003C\u002Fa>, which comes with 1-on-1 priority email support.\u003C\u002Fp>\n\u003Ch3>Is there a PRO version?\u003C\u002Fh3>\n\u003Cp>Glad you asked.\u003C\u002Fp>\n\u003Cp>Core functionalities of ShopMagic are free forever. However, we developed some add-ons which you can use to enhance your eCommerce possibilities:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>These are paid add-ons for \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-home\" rel=\"nofollow ugc\">ShopMagic PRO\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-delayed\" rel=\"nofollow ugc\">\u003Cstrong>Delayed Actions\u003C\u002Fstrong>\u003C\u002Fa> – Create post-purchase emails, i.e. with a 1-week delay or anniversary email 365 days after the initial purchase. Delay WooCommerce emails by minutes, hours, days, or weeks.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-review-requests\" rel=\"nofollow ugc\">\u003Cstrong>Review Requests\u003C\u002Fstrong>\u003C\u002Fa> – Adds review requests with direct links to products purchased for customers to review.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-advanced-filters\" rel=\"nofollow ugc\">\u003Cstrong>Personalized Coupons\u003C\u002Fstrong>\u003C\u002Fa> – Adds the ability to create personalized coupon codes for customers and send them automatically.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-delayed-actions\" rel=\"nofollow ugc\">\u003Cstrong>Advanced Filters\u003C\u002Fstrong>\u003C\u002Fa> – Ability to segment your customers with advanced filters, for example, order total, product category, payment or shipping method, and more.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-manual-actions\" rel=\"nofollow ugc\">\u003Cstrong>Manual Actions\u003C\u002Fstrong>\u003C\u002Fa> – Manually trigger one-time emails. Suitable for newsletters, product announcements, or any emails you want to send manually.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-woocommerce-subscriptions\" rel=\"nofollow ugc\">\u003Cstrong>WooCommerce Subscriptions Integration\u003C\u002Fstrong>\u003C\u002Fa> – Allows creating automations based on subscription events, such as payments or status changes.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-woocommerce-memberships\" rel=\"nofollow ugc\">\u003Cstrong>WooCommerce Memberships Integration\u003C\u002Fstrong>\u003C\u002Fa> – Allows creating automations based on membership events, such as status changes or before expiry.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-woocommerce-bookings\" rel=\"nofollow ugc\">\u003Cstrong>WooCommerce Bookings Integration\u003C\u002Fstrong>\u003C\u002Fa> – Let you crate automation based on booking events like status changes or before expiry.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-woocommerce-gravity-forms\" rel=\"nofollow ugc\">\u003Cstrong>Gravity Forms\u003C\u002Fstrong>\u003C\u002Fa> – Let you create automation based on user or customer form submission. You may use the forms to gather feedback in WordPress or information from WooCommerce customers and send the data to \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-google-sheets\u002F\" rel=\"nofollow ugc\">Google Sheets\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-slack\" rel=\"nofollow ugc\">\u003Cstrong>Post to Slack\u003C\u002Fstrong>\u003C\u002Fa> – allows you and your team to stay up to date with what’s happening in your store right in Slack.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-webhooks\" rel=\"nofollow ugc\">\u003Cstrong>Webhooks\u003C\u002Fstrong>\u003C\u002Fa> – allows using WooCommerce webhooks to integrate ShopMagic automations with external services or systems via REST API.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-for-flexible-subscriptions\" rel=\"nofollow ugc\">\u003Cstrong>ShopMagic for Flexible Subscriptions\u003C\u002Fstrong>\u003C\u002Fa> – allows creating automations based on Flexible Subscriptions events, such as new subscriptions, status changes, upcoming renewals, trial ending, or subscription expiry, with advanced filters and subscription-specific placeholders.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Upgrade to ShopMagic PRO\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-readme-go-pro\" rel=\"nofollow ugc\">Upgrade to ShopMagic PRO now\u003C\u002Fa> to get all the add-ons with all PRO features in one affordable package and get the priority e-mail support!\u003C\u002Fp>\n\u003Ch3>Built with developers in mind\u003C\u002Fh3>\n\u003Cp>Extensible, adaptable, and open source. We made sure that ShopMagic is \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-dev-docs\" rel=\"nofollow ugc\">easy to extend and adapt\u003C\u002Fa> to the needs of your clients.\u003C\u002Fp>\n\u003Cp>The ShopMagic API makes it possible for developers to extend ShopMagic by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Creating custom events, filters, actions, and placeholders.\u003C\u002Fli>\n\u003Cli>Creating custom templates for sending emails.\u003C\u002Fli>\n\u003Cli>Integrating with other plugins and web applications.\u003C\u002Fli>\n\u003Cli>Overriding default plugin behavior.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>ShopMagic in a nutshell\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WooCommerce email automation plugin for WordPress\u003C\u002Fli>\n\u003Cli>Create automated follow-up and transactional emails\u003C\u002Fli>\n\u003Cli>Customize WooCommerce email templates and content\u003C\u002Fli>\n\u003Cli>Send product-specific and order-based emails\u003C\u002Fli>\n\u003Cli>Support for custom WooCommerce order statuses\u003C\u002Fli>\n\u003Cli>WooCommerce review request and reminder emails\u003C\u002Fli>\n\u003Cli>Cross-sell and related product emails\u003C\u002Fli>\n\u003Cli>Abandoned cart recovery with a free add-on\u003C\u002Fli>\n\u003Cli>Email queue, logs, and automation history\u003C\u002Fli>\n\u003Cli>AutomateWoo alternative for WooCommerce stores\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data use policy\u003C\u002Fh3>\n\u003Cp>Learn about \u003Ca href=\"https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-use-policy\" rel=\"nofollow ugc\">Use of Data Policy by WP Desk Plugins\u003C\u002Fa>\u003C\u002Fp>\n","Flexible email automation and workflows triggered by customer and site events.",735904,76,"2026-03-07T03:05:00.000Z","6.4","7.4",[183,184,185,186,187],"customize-woocommerce-emails","follow-up-emails","woocommerce-abandoned-cart","woocommerce-email-customizer","woocommerce-mailchimp","https:\u002F\u002Fshopmagic.app\u002Fsk\u002Fshopmagic-for-woocommerce-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshopmagic-for-woocommerce.4.8.1.zip",96,2,"2026-01-07 00:00:00",{"slug":194,"name":195,"version":196,"author":197,"author_profile":198,"description":199,"short_description":200,"active_installs":156,"downloaded":201,"rating":190,"num_ratings":202,"last_updated":203,"tested_up_to":204,"requires_at_least":205,"requires_php":206,"tags":207,"homepage":211,"download_link":212,"security_score":147,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-change-default-from-email","WP Change Default From Email","1.1.6","Subodh Ghulaxe","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubodhghulaxe\u002F","\u003Cp>This plugin lets you change the from email address and from email name that appear on emails sent from WordPress. By default the “From Name” on emails sent from WordPress has a name “WordPress” and “From Email” has “wordpress@your-domain.com”. You can change both “From Name” and “From Email” using this plugin very easily.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to use:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FzQebiMxY8pQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Customize From Email.\u003C\u002Fstrong> Change from email easily\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customize From Name.\u003C\u002Fstrong> Change from name easily\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Settings.\u003C\u002Fstrong> Easy to enable\u002Fdisable and change settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean & Well Commented Code.\u003C\u002Fstrong> Easy to enable\u002Fdisable and change settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Please support my other plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n    \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fchange-login-page-logo\u002F\" rel=\"ugc\">Change Login Page Logo\u003C\u002Fa>\n  \u003C\u002Fli>\n\u003Cli>\n    \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-admin-bar-for-user-roles\u002F\" rel=\"ugc\">Hide Admin Bar For User Roles\u003C\u002Fa>\n  \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Translations\u002FLanguages:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin is available in the following languages:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Deutsch\u002FDeutschland\u003C\u002Fli>\n\u003Cli>Español\u002FEspaña\u003C\u002Fli>\n\u003Cli>Français\u002FFrance\u003C\u002Fli>\n\u003Cli>Русский\u002FРоссия\u003C\u002Fli>\n\u003Cli>العربية\u002Fالسعودية\u003C\u002Fli>\n\u003C\u002Ful>\n","A simple and easy way to change the from email address and from email name that appear on emails sent from WordPress.",127925,21,"2024-06-23T09:13:00.000Z","6.5.8","2.7","5.2.4",[208,209,21,210,4],"change-default-from-email","change-from-email","wp-default-email","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-change-default-from-email\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-change-default-from-email.1.1.6.zip",{"attackSurface":214,"codeSignals":328,"taintFlows":494,"riskAssessment":543,"analyzedAt":556},{"hooks":215,"ajaxHandlers":299,"restRoutes":307,"shortcodes":308,"cronEvents":327,"entryPointCount":225,"unprotectedCount":28},[216,222,226,231,232,236,240,245,249,253,256,260,262,267,271,275,279,283,287,291,295],{"type":217,"name":218,"callback":219,"file":220,"line":221},"filter","wp_title","email_pagetitle","email-popup.php",6,{"type":217,"name":223,"callback":224,"file":220,"line":225},"the_title","email_title",7,{"type":227,"name":228,"callback":229,"file":230,"line":221},"action","wp_head","email_meta_nofollow","email-standalone.php",{"type":217,"name":218,"callback":219,"file":230,"line":225},{"type":227,"name":233,"callback":234,"file":230,"line":235},"loop_start","email_addfilters",8,{"type":217,"name":237,"callback":238,"file":230,"line":239},"comments_open","__return_false",9,{"type":227,"name":241,"callback":242,"file":243,"line":244},"admin_menu","email_menu","wp-email.php",42,{"type":227,"name":246,"callback":247,"file":243,"line":248},"init","wp_email_endpoint",51,{"type":217,"name":250,"callback":251,"file":243,"line":252},"query_vars","email_variables",59,{"type":227,"name":228,"callback":254,"file":243,"line":255},"email_javascripts_header",68,{"type":227,"name":257,"callback":258,"file":243,"line":259},"wp_enqueue_scripts","email_scripts",75,{"type":217,"name":223,"callback":224,"file":243,"line":261},264,{"type":217,"name":263,"callback":264,"priority":265,"file":243,"line":266},"the_content","email_form",10,265,{"type":217,"name":268,"callback":269,"file":243,"line":270},"email_form-fieldvalues","email_fill_fields",507,{"type":227,"name":272,"callback":273,"priority":27,"file":243,"line":274},"template_redirect","wp_email",727,{"type":227,"name":276,"callback":277,"file":243,"line":278},"plugins_loaded","email_wp_stats",1194,{"type":217,"name":280,"callback":281,"file":243,"line":282},"wp_stats_page_admin_plugins","email_page_admin_general_stats",1196,{"type":217,"name":284,"callback":285,"file":243,"line":286},"wp_stats_page_admin_most","email_page_admin_most_stats",1197,{"type":217,"name":288,"callback":289,"file":243,"line":290},"wp_stats_page_plugins","email_page_general_stats",1198,{"type":217,"name":292,"callback":293,"file":243,"line":294},"wp_stats_page_most","email_page_most_stats",1199,{"type":227,"name":296,"callback":297,"file":243,"line":298},"widgets_init","widget_email_init",1363,[300,305],{"action":21,"nopriv":301,"callback":302,"hasNonce":303,"hasCapCheck":301,"file":243,"line":304},false,"process_email_form",true,746,{"action":21,"nopriv":303,"callback":302,"hasNonce":303,"hasCapCheck":301,"file":243,"line":306},747,[],[309,313,317,321,324],{"tag":310,"callback":311,"file":243,"line":312},"email_link","email_link_shortcode",216,{"tag":314,"callback":315,"file":243,"line":316},"donotemail","email_donotemail_shortcode",230,{"tag":318,"callback":319,"file":243,"line":320},"donotprint","print_donotprint_shortcode2",396,{"tag":314,"callback":322,"file":243,"line":323},"email_donotemail_shortcode2",399,{"tag":310,"callback":325,"file":243,"line":326},"email_link_shortcode2",401,[],{"dangerousFunctions":329,"sqlUsage":330,"outputEscaping":353,"fileOperations":28,"externalRequests":28,"nonceChecks":120,"capabilityChecks":191,"bundledLibraries":493},[],{"prepared":235,"raw":235,"locations":331},[332,336,339,341,344,347,349,351],{"file":333,"line":334,"context":335},"email-manager.php",102,"$wpdb->query() with variable interpolation",{"file":333,"line":337,"context":338},113,"$wpdb->get_var() with variable interpolation",{"file":333,"line":340,"context":338},114,{"file":333,"line":342,"context":343},148,"$wpdb->get_results() with variable interpolation",{"file":345,"line":346,"context":335},"uninstall.php",64,{"file":243,"line":348,"context":338},620,{"file":243,"line":350,"context":343},698,{"file":243,"line":352,"context":343},1242,{"escaped":354,"rawEcho":355,"locations":356},47,77,[357,360,362,364,366,368,370,372,374,376,378,380,381,382,384,386,388,390,392,394,396,397,399,401,403,405,407,409,411,413,416,417,419,420,421,423,424,426,428,430,432,434,436,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,468,469,470,472,474,475,477,479,480,482,483,484,485,487,488,489,490,492],{"file":333,"line":358,"context":359},150,"raw output",{"file":333,"line":361,"context":359},173,{"file":333,"line":363,"context":359},201,{"file":333,"line":365,"context":359},202,{"file":333,"line":367,"context":359},203,{"file":333,"line":369,"context":359},204,{"file":333,"line":371,"context":359},205,{"file":333,"line":373,"context":359},206,{"file":333,"line":375,"context":359},208,{"file":333,"line":377,"context":359},210,{"file":333,"line":379,"context":359},211,{"file":333,"line":312,"context":359},{"file":333,"line":316,"context":359},{"file":333,"line":383,"context":359},239,{"file":333,"line":385,"context":359},251,{"file":333,"line":387,"context":359},254,{"file":333,"line":389,"context":359},259,{"file":333,"line":391,"context":359},261,{"file":333,"line":393,"context":359},266,{"file":333,"line":395,"context":359},269,{"file":333,"line":395,"context":359},{"file":333,"line":398,"context":359},280,{"file":333,"line":400,"context":359},285,{"file":333,"line":402,"context":359},310,{"file":333,"line":404,"context":359},312,{"file":333,"line":406,"context":359},332,{"file":333,"line":408,"context":359},336,{"file":333,"line":410,"context":359},340,{"file":333,"line":412,"context":359},351,{"file":414,"line":415,"context":359},"email-options.php",138,{"file":414,"line":159,"context":359},{"file":414,"line":418,"context":359},176,{"file":414,"line":371,"context":359},{"file":414,"line":377,"context":359},{"file":414,"line":422,"context":359},317,{"file":414,"line":406,"context":359},{"file":414,"line":425,"context":359},353,{"file":414,"line":427,"context":359},375,{"file":414,"line":429,"context":359},397,{"file":414,"line":431,"context":359},415,{"file":414,"line":433,"context":359},429,{"file":414,"line":435,"context":359},444,{"file":243,"line":375,"context":359},{"file":243,"line":438,"context":359},499,{"file":243,"line":440,"context":359},552,{"file":243,"line":442,"context":359},594,{"file":243,"line":444,"context":359},608,{"file":243,"line":446,"context":359},622,{"file":243,"line":448,"context":359},639,{"file":243,"line":450,"context":359},656,{"file":243,"line":452,"context":359},678,{"file":243,"line":454,"context":359},718,{"file":243,"line":456,"context":359},1034,{"file":243,"line":458,"context":359},1046,{"file":243,"line":460,"context":359},1149,{"file":243,"line":462,"context":359},1296,{"file":243,"line":464,"context":359},1304,{"file":243,"line":466,"context":359},1331,{"file":243,"line":466,"context":359},{"file":243,"line":466,"context":359},{"file":243,"line":466,"context":359},{"file":243,"line":471,"context":359},1334,{"file":243,"line":473,"context":359},1335,{"file":243,"line":473,"context":359},{"file":243,"line":476,"context":359},1341,{"file":243,"line":478,"context":359},1342,{"file":243,"line":478,"context":359},{"file":243,"line":481,"context":359},1350,{"file":243,"line":481,"context":359},{"file":243,"line":481,"context":359},{"file":243,"line":481,"context":359},{"file":243,"line":486,"context":359},1353,{"file":243,"line":486,"context":359},{"file":243,"line":486,"context":359},{"file":243,"line":486,"context":359},{"file":243,"line":491,"context":359},1356,{"file":243,"line":491,"context":359},[],[495,512,524,534],{"entryPoint":496,"graph":497,"unsanitizedCount":28,"severity":511},"\u003Cemail-manager> (email-manager.php:0)",{"nodes":498,"edges":509},[499,504],{"id":500,"type":501,"label":502,"file":333,"line":503},"n0","source","$_GET (x10)",15,{"id":505,"type":506,"label":507,"file":333,"line":316,"wp_function":508},"n1","sink","echo() [XSS]","echo",[510],{"from":500,"to":505,"sanitized":303},"low",{"entryPoint":513,"graph":514,"unsanitizedCount":28,"severity":511},"\u003Cemail-options> (email-options.php:0)",{"nodes":515,"edges":522},[516,519],{"id":500,"type":501,"label":517,"file":414,"line":518},"$_POST (x13)",30,{"id":505,"type":506,"label":520,"file":414,"line":354,"wp_function":521},"update_option() [Settings Manipulation]","update_option",[523],{"from":500,"to":505,"sanitized":303},{"entryPoint":525,"graph":526,"unsanitizedCount":28,"severity":511},"process_email_form (wp-email.php:748)",{"nodes":527,"edges":532},[528,531],{"id":500,"type":501,"label":529,"file":243,"line":530},"$_POST (x2)",767,{"id":505,"type":506,"label":507,"file":243,"line":456,"wp_function":508},[533],{"from":500,"to":505,"sanitized":303},{"entryPoint":535,"graph":536,"unsanitizedCount":28,"severity":511},"\u003Cwp-email> (wp-email.php:0)",{"nodes":537,"edges":541},[538,540],{"id":500,"type":501,"label":539,"file":243,"line":530},"$_POST (x3)",{"id":505,"type":506,"label":507,"file":243,"line":456,"wp_function":508},[542],{"from":500,"to":505,"sanitized":303},{"summary":544,"deductions":545},"The \"wp-email\" plugin version 2.69.2 exhibits a mixed security posture. On the positive side, static analysis reveals no direct critical or high severity taint flows, no dangerous functions, and no external HTTP requests.  The plugin also incorporates nonce and capability checks on some of its entry points. However, significant concerns arise from its past vulnerability history, which includes a critical and a high severity vulnerability, alongside several medium ones, pointing to recurring security weaknesses such as authorization bypass, CSRF, XSS, and SQL injection. The static analysis also flags a substantial number of SQL queries, with only 50% using prepared statements, indicating a potential for SQL injection if not handled meticulously across all queries.\n\nFurthermore, a notable weakness is the low percentage of properly escaped outputs (38%), suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. While the current version has no unpatched CVEs and a seemingly limited attack surface with no unprotected entry points detected in the static analysis, the historical prevalence of critical and high-severity flaws, coupled with the observed issues in SQL query preparation and output escaping, suggests that the plugin has a history of developing exploitable vulnerabilities. The conclusion is that while the plugin has made some improvements in its current version, the historical pattern and current code signals warrant significant caution due to the potential for new vulnerabilities to emerge.",[546,548,550,552,554],{"reason":547,"points":103},"History of critical and high severity vulnerabilities",{"reason":549,"points":103},"Low percentage of properly escaped outputs",{"reason":551,"points":503},"50% of SQL queries not using prepared statements",{"reason":553,"points":265},"Total of 5 known CVEs, indicating past significant issues",{"reason":555,"points":265},"Presence of authorization bypass, CSRF, XSS, SQLi history","2026-03-16T18:40:30.948Z",{"wat":558,"direct":569},{"assetPaths":559,"generatorPatterns":563,"scriptPaths":564,"versionParams":565},[560,561,562],"\u002Fwp-content\u002Fplugins\u002Fwp-email\u002Femail-css.css","\u002Fwp-content\u002Fplugins\u002Fwp-email\u002Femail-css-rtl.css","\u002Fwp-content\u002Fplugins\u002Fwp-email\u002Femail-js.js",[],[562],[566,567,568],"wp-email\u002Femail-css.css?ver=","wp-email\u002Femail-css-rtl.css?ver=","wp-email\u002Femail-js.js?ver=",{"cssClasses":570,"htmlComments":572,"htmlAttributes":573,"restEndpoints":575,"jsGlobals":576,"shortcodeOutput":578},[571],"WP-EmailIcon",[],[574],"email_popup(this.href)",[],[577],"emailL10n",[]]