[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7SYQpHYlkvZC5t5drTKHJPTxUli0F3kWs0Bayzh7VjY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":60,"crawl_stats":38,"alternatives":67,"analysis":179,"fingerprints":403},"wp-mailto-links","WP Mailto Links – Protect Email Addresses","3.1.4","Online Optimisation","https:\u002F\u002Fprofiles.wordpress.org\u002Fonlineoptimisation\u002F","\u003Cp>Protect and encode email addresses safely from spambots, spamming and other robots. Easy to use out-of-the-box without any configuration.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Full page protection for emails\u003C\u002Fli>\n\u003Cli>Instant results (No confiruation needed)\u003C\u002Fli>\n\u003Cli>Protects mailto links, plain emails, email input fields, RSS feeds and much more\u003C\u002Fli>\n\u003Cli>Autmoatic protection technique detection (Our plugin chooses automatically the best protection technique for each email)\u003C\u002Fli>\n\u003Cli>Exclude posts and pages from protection\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to mailto-links\u003C\u002Fli>\n\u003Cli>Automatically convert plain emails to png images\u003C\u002Fli>\n\u003Cli>Supports rot13 encoing, escape encoding, CSS directions, entity encoding and much more\u003C\u002Fli>\n\u003Cli>Deactivate CSS directions manually for backwards compatibility\u003C\u002Fli>\n\u003Cli>Shortcode support: \u003Ccode>[wpml_mailto]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Template tag support: \u003Ccode>wpml_mailto()\u003C\u002Fcode> and \u003Ccode>wpml_filter()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin combines the best email protection methods (CSS, PHP and JavaScript techniques).\u003C\u002Fp>\n\u003Ch4>Free Website Check\u003C\u002Fh4>\n\u003Cp>We offer you a free tool to test if your website contains unprotected emails. You can use our website checker by \u003Ca href=\"https:\u002F\u002Fironikus.com\u002Femail-checker\u002F\" rel=\"nofollow ugc\">clicking here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. After activating the plugin, all options are already set for protecting your emails and mailto links.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>The plugin works out-of-the-box to protect your email addresses. All settings are default set to protect your email addresses automatically with the best method available.\u003Cbr \u002F>\nIf you want to manually create protected mailto links, just use the shortcode (\u003Ccode>[wpml_mailto]\u003C\u002Fcode>) within your posts or use the template tags (\u003Ccode>wpml_mailto()\u003C\u002Fcode> or \u003Ccode>wpml_filter()\u003C\u002Fcode>) in your theme files.\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpml_mailto email=”…”]…[\u002Fwpml_mailto]`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your posts:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Cp>It’s also possible to add attributes to the mailto link, like a target:\u003Cbr \u002F>\n    [wpml_mailto email=”info@myemail.com” target=”_blank”]My Email[\u002Fwpml_mailto]\u003C\u002Fp>\n\u003Ch4>Shortcode `[wpmt_protect]…[\u002Fwpmt_protect]`\u003C\u002Fh4>\n\u003Cp>Protect content using our plugin that is not encodedby default (E.g. some ajax loaded values):\u003Cbr \u002F>\n    [wpmt_protect]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Cp>It’s also possible to customize the encoding type using “protect_using”. Possible values: char_encode, strong_method, without_javascript, with_javascript:\u003Cbr \u002F>\n    [wpmt_protect protect_using=”…”]YOUR CONTENT YOU WANT TO CHECK FOR EMAILS[\u002Fwpmt_protect]\u003C\u002Fp>\n\u003Ch4>Template tag `wpml_mailto( $email [, $display] [, $attrs] )`\u003C\u002Fh4>\n\u003Cp>Create a protected mailto link in your template like:\n    \u003C\u002Fp>\n\u003Ch4>Template tag `wpml_filter( $content )`\u003C\u002Fh4>\n\u003Cp>Filter given content to protect mailto links, shortcodes and plain emails (according to the settings in admin):\n    \u003C\u002Fp>\n","Protect & encode email addresses safely from spambots & spamming. Easy to use - encodes emails out-of-the-box.",9000,186787,92,33,"2023-09-22T16:55:00.000Z","6.2.9","4.7","5.3.2",[20,21,22,23,24],"antispam","email","email-address","hide","mailto","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-mailto-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mailto-links.3.1.4.zip",62,2,1,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[33,47],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-53464","wp-mailto-links-authenticated-administrator-stored-cross-site-scripting","WP Mailto Links \u003C= 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting","The WP Mailto Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.1.4","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 14:00:51",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3a6eb99c-bc5e-4b8d-8e4f-496e0b1f44d4?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":52,"patched_in_version":6,"severity":40,"cvss_score":53,"cvss_vector":54,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2023-5109","wp-mailto-links-protect-email-addresses-authenticated-contributor-stored-cross-site-scripting-via-shortcode","WP Mailto Links – Protect Email Addresses \u003C= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode","The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.","\u003C=3.1.3",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2023-09-22 00:00:00","2024-01-22 19:56:02",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fec882062-0059-47ca-a007-3347e7adb70b?source=api-prod",123,{"slug":61,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":62,"avg_security_score":63,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},"onlineoptimisation",99000,80,572,65,"2026-04-03T20:25:23.911Z",[68,88,113,136,158],{"slug":69,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":85,"download_link":86,"security_score":87,"vuln_count":77,"unpatched_count":77,"last_vuln_date":38,"fetched_at":31},"wk-email-antibot","1.0","maxemil","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaxemil\u002F","\u003Cp>Simply enables WordPress shortcode for easily letting you camouflage an email address, hiding it from crawling spiders and bots.\u003C\u002Fp>\n","Simply enables WordPress shortcode for easily letting you camouflage an email address, hiding it from crawling spiders and bots.",40,2446,0,"2011-01-30T13:17:00.000Z","3.04","2.0.2","",[83,20,84,21,24],"antibot","antispambot","http:\u002F\u002Fwww.oneconsult.dk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwk-email-antibot.zip",85,{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":98,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":109,"download_link":110,"security_score":111,"vuln_count":29,"unpatched_count":77,"last_vuln_date":112,"fetched_at":31},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,280578,88,19,"2025-12-18T08:01:00.000Z","6.9.4","6.7","8.3",[20,105,106,107,108],"email-encryption","mail","privacy","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip",99,"2025-12-04 20:35:36",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":101,"requires_at_least":126,"requires_php":81,"tags":127,"homepage":133,"download_link":134,"security_score":98,"vuln_count":28,"unpatched_count":77,"last_vuln_date":135,"fetched_at":31},"user-verification","User Verification by PickPlugins","2.0.46","PickPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpickplugins\u002F","\u003Cp>User Verification – Complete WordPress User Authentication & Security Plugin\u003C\u002Fp>\n\u003Ch3>User Verification by \u003Ca href=\"http:\u002F\u002Fwww.pickplugins.com\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.pickplugins.com\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fitem\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.pickplugins.com\u002Fsupport\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpickplugins.com\u002Fdocumentation\u002Fuser-verification\u002F?ref=wordpress.org\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Secure Your WordPress Site with Advanced User Verification & Authentication\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>User Verification\u003C\u002Fstrong> is a comprehensive WordPress security plugin that provides multiple layers of user authentication and spam protection to safeguard your website from unauthorized access and malicious registrations.\u003C\u002Fp>\n\u003Ch3>🔐 Key Features\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>Email Verification System\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mandatory Email Verification\u003C\u002Fstrong>: Ensure all new users verify their email addresses before accessing your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Verification Pages\u003C\u002Fstrong>: Choose custom redirect pages for successful and failed verifications  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Login\u003C\u002Fstrong>: Seamlessly log users in after successful email verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Control\u003C\u002Fstrong>: Exclude specific user roles (like Administrators) from verification requirements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Enable\u002Fdisable email verification with simple toggle controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Magic Login (Passwordless Authentication)\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>🆕 NEW Feature\u003C\u002Fstrong>: Enable secure passwordless login for enhanced user experience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email-Based Authentication\u003C\u002Fstrong>: Users receive login links directly in their inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Key Length\u003C\u002Fstrong>: Set secure authentication key length (default: 6 characters)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attempt Limits\u003C\u002Fstrong>: Configure maximum login attempts for security (default: 3 attempts)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Redirect Pages\u003C\u002Fstrong>: Set specific pages for successful logins, failures, and magic login forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Verification Integration\u003C\u002Fstrong>: Require verified emails for magic login access\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Implementation\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_magic_login_form]\u003C\u002Fcode> for frontend display\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>OTP (One-Time Password) Login\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>SMS\u002FEmail OTP\u003C\u002Fstrong>: Secure one-time password authentication system\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable OTP Length\u003C\u002Fstrong>: Customize OTP length (default: 6 digits)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Character Flexibility\u003C\u002Fstrong>: Support for numbers, uppercase, lowercase, and special characters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Success\u002FError Messages\u003C\u002Fstrong>: Personalized user feedback for OTP processes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post-Login Redirects\u003C\u002Fstrong>: Direct users to specific pages after successful authentication\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Integration\u003C\u002Fstrong>: Simple shortcode \u003Ccode>[user_verification_otp_login_form]\u003C\u002Fcode> implementation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Advanced Spam Protection\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Domain Blocking\u003C\u002Fstrong>: Block registrations from specific email domains\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Domain Allowlist\u003C\u002Fstrong>: Allow only approved email domains for registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username Protection\u003C\u002Fstrong>: Block specific usernames from registration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Domain Management\u003C\u002Fstrong>: Easy-to-use interface for managing blocked\u002Fallowed domains\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>reCAPTCHA Integration\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Google reCAPTCHA v2\u003C\u002Fstrong>: Complete bot protection with checkbox verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Implementation Points\u003C\u002Fstrong>: Add reCAPTCHA to login, registration, password reset, and comment forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong>: Simple setup with site key and secret key\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>User Management Tools\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unverified User Cleanup\u003C\u002Fstrong>: Automatically delete unverified user accounts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Existing User Verification\u003C\u002Fstrong>: Mark existing users as verified with customizable intervals\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Status Monitoring\u003C\u002Fstrong>: Track verification status across your user base\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>Email Customization\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Email Templates\u003C\u002Fstrong>: Personalize verification and notification emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPAutoP Support\u003C\u002Fstrong>: Enable\u002Fdisable automatic paragraph formatting in emails\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Communications\u003C\u002Fstrong>: Add your logo and customize email appearance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Email Types\u003C\u002Fstrong>: Templates for registration, verification, OTP, magic login, and activation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Cstrong>WooCommerce Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>E-commerce Ready\u003C\u002Fstrong>: Full integration with WooCommerce login, registration, and password reset forms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer Protection\u003C\u002Fstrong>: Prevent fake customer registrations and protect customer data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Experience\u003C\u002Fstrong>: Maintain smooth checkout process while ensuring security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong>: Protect exclusive content with verified users only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce Stores\u003C\u002Fstrong>: Prevent fake customer accounts and fraudulent orders  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Corporate Websites\u003C\u002Fstrong>: Ensure legitimate user registrations for business platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Community Forums\u003C\u002Fstrong>: Maintain quality user base with verified members\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Educational Platforms\u003C\u002Fstrong>: Secure student and instructor account creation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Any WordPress Site\u003C\u002Fstrong>: Enhance security for blogs, portfolios, and business websites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚡ Easy Setup & Management\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>: Intuitive admin dashboard for all configurations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Ready\u003C\u002Fstrong>: Simple shortcodes for frontend form implementation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Configuration\u003C\u002Fstrong>: Enable\u002Fdisable features with simple toggle switches\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Documentation\u003C\u002Fstrong>: Detailed setup guides and troubleshooting support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 Technical Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Compatibility\u003C\u002Fstrong>: Works with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP 7.4+ Support\u003C\u002Fstrong>: Modern PHP compatibility for optimal performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Mobile Responsive\u003C\u002Fstrong>: All forms and interfaces work perfectly on mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong>: Multi-language support for global websites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>: Clean code structure with hooks and filters for customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Default Email Configuration\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Professional Setup\u003C\u002Fstrong>: Comes with pre-configured professional email settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom From Address\u003C\u002Fstrong>: Set your preferred sender email (e.g., public.nurhasan@gmail.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Branded Sender Name\u003C\u002Fstrong>: Customize sender name (default: wordpress)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Variety\u003C\u002Fstrong>: Multiple email templates for different verification scenarios\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 Why Choose User Verification?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Complete Security Solution\u003C\u002Fstrong>: Multiple authentication methods in one plugin\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero Spam Guarantee\u003C\u002Fstrong>: Advanced filtering eliminates fake registrations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Experience Focused\u003C\u002Fstrong>: Smooth verification process that doesn’t frustrate legitimate users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highly Customizable\u003C\u002Fstrong>: Adapt every aspect to match your site’s needs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Regular Updates\u003C\u002Fstrong>: Continuously updated with new features and security improvements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Professional Support\u003C\u002Fstrong>: Dedicated support for setup and troubleshooting\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Installation & Usage\u003C\u002Fh3>\n\u003Cp>Simply install the plugin, configure your preferred verification methods, and add the provided shortcodes to your pages. The plugin integrates seamlessly with WordPress default forms and popular plugins like WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Transform your WordPress site security today with User Verification – the most comprehensive user authentication plugin available.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Ch3>Spam Protection by [https:\u002F\u002Fisspammy.com](http:\u002F\u002Fisspammy.com)\u003C\u002Fh3>\n\u003Cp>isspammy.com is owned by PickPlugins and it’s used to protect spam users from login in, registering, commenting, posting reviews and etc. Once you mark a comment as spam it will send a request to isspammy.com and it will create a record for this mail and marked as spam, so later when the same email is used to post a comment it will block them as a spammer. isspammy.com is commited to keep user email private and only accessible when requested.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002Fprivacy-policy\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fisspammy.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">isspammy.com\u002FAbout Us\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Email verification for user registration to protect spam.",5000,330832,90,63,"2026-02-14T03:45:00.000Z","4.1",[128,129,130,131,132],"email-otp","email-validation","email-verification","hide-login","passwordless-login","http:\u002F\u002Fpickplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-verification.zip","2025-12-04 17:39:15",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":146,"num_ratings":28,"last_updated":147,"tested_up_to":101,"requires_at_least":148,"requires_php":149,"tags":150,"homepage":156,"download_link":157,"security_score":146,"vuln_count":77,"unpatched_count":77,"last_vuln_date":38,"fetched_at":31},"disable-email-notification-for-auto-updates","Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes","1.0.5","ideasToCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fideastocode\u002F","\u003Cp>Key Features:\u003Cbr \u002F>\n– Disable Email Notifications for Auto-Updates\u003Cbr \u002F>\n– Block\u002Fhide Specific Plugin Updates: You can choose plugins to block\u002Fhide (plugin’s list)\u003Cbr \u002F>\n– Block WordPress Core and Theme Updates\u003Cbr \u002F>\n– Remove Update Buttons from Admin Panel (under Dashboard menu)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Another Plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F\" rel=\"ugc\">Improve Website Security\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F\" rel=\"ugc\">Enable SVG, WebP, and ICO Upload\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable Email Notifications for Auto-Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nWith the introduction of WordPress 5.5, the auto-update feature was enabled, and email notifications started being sent for every update made. By simply installing this plugin, you can stop receiving these annoying notifications for every auto-update made to plugins, themes, or even the WordPress core. Please note that this plugin will not affect the auto-update feature of WordPress if it is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Specific Plugin Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn the “Block Plugin Updates” tab, the plugin will list all installed plugins on your website. If there are specific plugins you do not want to update, you can disable updates for those particular plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block WordPress Core and Theme Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou also have the option to block updates for the WordPress core and themes. However, this is not recommended for security reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Update Buttons from Admin Panel:\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you do not want to see the “Updates” menu under the Dashboard, you can easily hide it from the admin panel menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Default Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\nBy default, only the email notification feature is turned on; other settings must be configured manually.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tutorial video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3U4QM7UZ6D8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>If you want to learn more and see how this plugin works – please check our\u003Ca href=\"https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F\" rel=\"nofollow ugc\"> website – ideastocode.com.\u003C\u002Fa>\u003C\u002Fp>\n","This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.",3000,15949,100,"2025-12-04T21:10:00.000Z","5.5","7.0",[151,152,153,154,155],"block-specific-plugin-updates","block-themes-updates","block-wordpress-core-updates","disable-update-notification-emails","hide-updates-from-dashboard","https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-email-notification-for-auto-updates.1.0.5.zip",{"slug":159,"name":160,"version":161,"author":162,"author_profile":163,"description":164,"short_description":165,"active_installs":166,"downloaded":167,"rating":98,"num_ratings":99,"last_updated":168,"tested_up_to":101,"requires_at_least":169,"requires_php":170,"tags":171,"homepage":177,"download_link":178,"security_score":146,"vuln_count":77,"unpatched_count":77,"last_vuln_date":38,"fetched_at":31},"customer-email-verification-for-woocommerce","Customer Email Verification for WooCommerce","2.6.9","Zorem","https:\u002F\u002Fprofiles.wordpress.org\u002Fzorem\u002F","\u003Cp>Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🔑 OTP-Based Email Verification:\u003C\u002Fstrong> Customers must verify their email with an OTP before completing registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📩 Email Verification Popup:\u003C\u002Fstrong> The verification popup appears instantly after entering an email address and clicking the verify button.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>❌ No Account Creation Without Verification:\u003C\u002Fstrong> Users cannot create an account unless they verify their email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Customizable Verification Popup:\u003C\u002Fstrong> Modify the popup’s design and messages to match your brand.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>✉️ Customizable Verification Email:\u003C\u002Fstrong> Customize the OTP email template, subject, and message.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Resend OTP Option:\u003C\u002Fstrong> Customers can resend the OTP if they didn’t receive the initial email.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Admin Verification Control:\u003C\u002Fstrong> View and manage email verification statuses from the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔓 Role-Based Verification Skipping:\u003C\u002Fstrong> Skip email verification for selected user roles. Redirect users to any page after successful email verification.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>Customer Email Verification for WooCommerce is built to integrate smoothly with plugins that follow WooCommerce’s standard registration and checkout templates. It also works with various social media login plugins, providing flexibility and convenience for users.\u003C\u002Fp>\n\u003Cp>The following plugins have been tested and confirmed to be fully compatible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checkout WC\u003C\u002Fli>\n\u003Cli>WooCommerce Social Login\u003C\u002Fli>\n\u003Cli>Nextend Social Login and Register\u003C\u002Fli>\n\u003Cli>WooCommerce Memberships\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Funnel Builder by CartFlows\u003C\u002Fli>\n\u003Cli>Affiliate For WooCommerce\u003C\u002Fli>\n\u003Cli>Smart Manager\u003C\u002Fli>\n\u003Cli>Cashier\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For a complete list of compatible plugins and more details, please visit our \u003Ca href=\"https:\u002F\u002Fdocs.zorem.com\u002Fdocs\u002Fcustomer-email-verification-pro\u002Fcompatibility\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>We also offer a Pro version!\u003C\u002Fh3>\n\u003Ch3>Customer Email Verification PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>📦 OTP Verification for Checkout:\u003C\u002Fstrong> Enforce email verification for guest users before completing a purchase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛍️ Enable Checkout Verification:\u003C\u002Fstrong> Choose to verify emails on the cart page or only for free orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔢 OTP Length Customization:\u003C\u002Fstrong> Select between 4-digit or 6-digit OTP codes for verification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⏳ OTP Expiration Control:\u003C\u002Fstrong> Set expiration time for OTPs (e.g., 72 hours) to enhance security.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Verification Email Resend Limit:\u003C\u002Fstrong> Restrict the number of OTP resend attempts to prevent abuse.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Login Authentication Options:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Notify users when they log in from a new device or browser.\u003C\u002Fli>\n\u003Cli>Require OTP verification for logins from an unrecognized device, location, or after a set period.\u003C\u002Fli>\n\u003Cli>Define specific conditions for unrecognized logins, such as logging in from a new device or a location not used before.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🛠 Advanced Customization:\u003C\u002Fstrong> More control over email templates and verification popups.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fcustomer-email-verification\u002F\" rel=\"nofollow ugc\">Get CEV PRO >\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Other Plugins by zorem\u003C\u002Fh3>\n\u003Cp>Optimize your WooCommerce store with our plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002Fproduct\u002Fwoocommerce-advanced-shipment-tracking\u002F\" rel=\"nofollow ugc\">Advanced Shipment Tracking Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-local-pickup-pro\u002F\" rel=\"nofollow ugc\">Zorem Local Pickup Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsms-for-woocommerce\u002F\" rel=\"nofollow ugc\">SMS for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fcountry-based-restriction-for-woocommerce\u002F\" rel=\"nofollow ugc\">Country Based Restriction for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fsales-by-country-for-woocommerce\u002F\" rel=\"nofollow ugc\">Sales By Country for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fzorem-returns\u002F\" rel=\"nofollow ugc\">Zorem Returns\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Femail-reports-for-woocommerce\u002F\" rel=\"nofollow ugc\">Email Reports for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzorem.com\u002Fplugins\u002Fview-as-customer-for-woocommerce\u002F\" rel=\"nofollow ugc\">View as Customer for WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Explore more at \u003Ca href=\"https:\u002F\u002Fwww.zorem.com\u002F\" rel=\"nofollow ugc\">zorem.com\u003C\u002Fa>\u003C\u002Fp>\n","Secure WooCommerce registrations with OTP-based email verification, reducing spam and ensuring only valid email addresses are used.",2000,62784,"2026-02-17T05:37:00.000Z","5.3","7.2",[172,173,174,175,176],"customer-verification","email-address-verification","registration-verification","woocommerce","woocommerce-signup-spam","https:\u002F\u002Fwww.zorem.com\u002Fproducts\u002Fcustomer-email-verification-for-woocommerce\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustomer-email-verification-for-woocommerce.2.6.9.zip",{"attackSurface":180,"codeSignals":254,"taintFlows":350,"riskAssessment":389,"analyzedAt":402},{"hooks":181,"ajaxHandlers":243,"restRoutes":244,"shortcodes":245,"cronEvents":253,"entryPointCount":28,"unprotectedCount":77},[182,188,193,198,203,207,210,213,218,222,226,229,235,239,241],{"type":183,"name":184,"callback":185,"file":186,"line":187},"action","plugins_loaded","load_textdomain","core\\class-wp-mailto-links.php",132,{"type":183,"name":189,"callback":190,"file":191,"line":192},"admin_enqueue_scripts","enqueue_scripts_and_styles","core\\includes\\classes\\class-wp-mailto-links-run-admin.php",56,{"type":183,"name":194,"callback":195,"priority":196,"file":191,"line":197},"admin_menu","add_user_submenu",150,57,{"type":183,"name":199,"callback":200,"file":201,"line":202},"wp","display_email_image","core\\includes\\classes\\class-wp-mailto-links-run.php",53,{"type":183,"name":204,"callback":205,"file":201,"line":206},"init","buffer_final_output",54,{"type":183,"name":204,"callback":208,"file":201,"line":209},"add_custom_template_tags",55,{"type":183,"name":211,"callback":212,"file":201,"line":197},"wp_enqueue_scripts","load_frontend_header_styling",{"type":214,"name":215,"callback":216,"file":201,"line":217},"filter","dynamic_sidebar_params","wpmt_dynamic_sidebar_params",58,{"type":214,"name":219,"callback":220,"file":201,"line":221},"do_shortcode_tag","filter_content",276,{"type":183,"name":204,"callback":223,"file":224,"line":225},"first_version_init","core\\includes\\classes\\class-wp-mailto-links-settings.php",439,{"type":183,"name":204,"callback":227,"file":224,"line":228},"version_update",446,{"type":214,"name":230,"callback":231,"priority":232,"file":233,"line":234},"wpmt\u002Fsettings\u002Ffields","deactivate_logic",10,"core\\includes\\integrations\\classes\\divi_theme.php",49,{"type":183,"name":204,"callback":236,"priority":237,"file":233,"line":238},"reload_settings_before_divi_builder",5,50,{"type":214,"name":230,"callback":231,"priority":232,"file":240,"line":234},"core\\includes\\integrations\\classes\\oxygen_builder.php",{"type":183,"name":204,"callback":242,"priority":237,"file":240,"line":238},"reload_settings_before_oxygen_builder",[],[],[246,250],{"tag":247,"callback":248,"file":201,"line":249},"wpml_mailto","mailto_shortcode",61,{"tag":251,"callback":252,"file":201,"line":27},"wpmt_protect","protect_content_shortcode",[],{"dangerousFunctions":255,"sqlUsage":256,"outputEscaping":258,"fileOperations":77,"externalRequests":77,"nonceChecks":29,"capabilityChecks":293,"bundledLibraries":349},[],{"prepared":77,"raw":77,"locations":257},[],{"escaped":259,"rawEcho":206,"locations":260},12,[261,265,266,268,270,272,274,275,277,279,280,282,284,286,288,290,292,294,296,298,300,301,302,303,306,308,309,310,311,312,313,314,315,317,318,320,322,324,325,326,327,328,329,330,332,333,335,337,339,341,344,346,347,348],{"file":262,"line":263,"context":264},"core\\includes\\classes\\class-wp-mailto-links-helpers.php",136,"raw output",{"file":262,"line":263,"context":264},{"file":262,"line":267,"context":264},137,{"file":201,"line":269,"context":264},149,{"file":201,"line":271,"context":264},416,{"file":273,"line":28,"context":264},"core\\includes\\partials\\help-tabs\\general.php",{"file":273,"line":28,"context":264},{"file":273,"line":276,"context":264},4,{"file":273,"line":278,"context":264},7,{"file":273,"line":232,"context":264},{"file":273,"line":281,"context":264},13,{"file":273,"line":283,"context":264},21,{"file":273,"line":285,"context":264},24,{"file":273,"line":287,"context":264},28,{"file":289,"line":29,"context":264},"core\\includes\\partials\\help-tabs\\shortcodes.php",{"file":289,"line":291,"context":264},3,{"file":289,"line":293,"context":264},6,{"file":289,"line":295,"context":264},11,{"file":289,"line":297,"context":264},14,{"file":299,"line":29,"context":264},"core\\includes\\partials\\help-tabs\\template-tags.php",{"file":299,"line":276,"context":264},{"file":299,"line":232,"context":264},{"file":299,"line":281,"context":264},{"file":304,"line":305,"context":264},"core\\includes\\partials\\widgets\\main.php",29,{"file":304,"line":307,"context":264},31,{"file":304,"line":27,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":124,"context":264},{"file":304,"line":316,"context":264},64,{"file":304,"line":65,"context":264},{"file":304,"line":319,"context":264},69,{"file":304,"line":321,"context":264},73,{"file":304,"line":323,"context":264},78,{"file":304,"line":323,"context":264},{"file":304,"line":323,"context":264},{"file":304,"line":323,"context":264},{"file":304,"line":323,"context":264},{"file":304,"line":323,"context":264},{"file":304,"line":63,"context":264},{"file":304,"line":331,"context":264},81,{"file":304,"line":98,"context":264},{"file":334,"line":14,"context":264},"core\\includes\\partials\\widgets\\sidebar.php",{"file":334,"line":336,"context":264},35,{"file":334,"line":338,"context":264},39,{"file":334,"line":340,"context":264},41,{"file":342,"line":343,"context":264},"core\\includes\\partials\\wpmt-page-display.php",37,{"file":342,"line":345,"context":264},42,{"file":342,"line":238,"context":264},{"file":342,"line":238,"context":264},{"file":342,"line":202,"context":264},[],[351,368,377],{"entryPoint":352,"graph":353,"unsanitizedCount":29,"severity":40},"display_email_image (core\\includes\\classes\\class-wp-mailto-links-run.php:390)",{"nodes":354,"edges":365},[355,360],{"id":356,"type":357,"label":358,"file":201,"line":359},"n0","source","$_GET",396,{"id":361,"type":362,"label":363,"file":201,"line":271,"wp_function":364},"n1","sink","echo() [XSS]","echo",[366],{"from":356,"to":361,"sanitized":367},false,{"entryPoint":369,"graph":370,"unsanitizedCount":29,"severity":376},"\u003Cclass-wp-mailto-links-run> (core\\includes\\classes\\class-wp-mailto-links-run.php:0)",{"nodes":371,"edges":374},[372,373],{"id":356,"type":357,"label":358,"file":201,"line":359},{"id":361,"type":362,"label":363,"file":201,"line":271,"wp_function":364},[375],{"from":356,"to":361,"sanitized":367},"low",{"entryPoint":378,"graph":379,"unsanitizedCount":77,"severity":376},"\u003Cwpmt-page-display> (core\\includes\\partials\\wpmt-page-display.php:0)",{"nodes":380,"edges":386},[381,383],{"id":356,"type":357,"label":382,"file":342,"line":283},"$_POST[?]",{"id":361,"type":362,"label":384,"file":342,"line":283,"wp_function":385},"update_option() [Settings Manipulation]","update_option",[387],{"from":356,"to":361,"sanitized":388},true,{"summary":390,"deductions":391},"The wp-mailto-links plugin, version 3.1.4, presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and includes nonce and capability checks for its entry points. The attack surface appears limited with no unprotected AJAX handlers or REST API routes.\n\nHowever, several concerns warrant attention. The low percentage of properly escaped output (18%) is a significant red flag, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities, a pattern supported by its vulnerability history. While the static analysis found no immediate critical or high severity issues, the taint analysis reveals flows with unsanitized paths, suggesting potential weaknesses that could be exploited, especially in conjunction with improper output escaping.\n\nThe plugin has a history of two medium severity CVEs, with one currently unpatched, both related to XSS. This history, coupled with the low output escaping percentage, strongly suggests a recurring problem with handling user-supplied data securely, potentially leading to further exploitable vulnerabilities.",[392,395,398,400],{"reason":393,"points":394},"Unpatched CVE",18,{"reason":396,"points":397},"Low output escaping percentage (18%)",15,{"reason":399,"points":259},"Taint flows with unsanitized paths",{"reason":401,"points":232},"History of XSS vulnerabilities","2026-03-16T17:54:07.328Z",{"wat":404,"direct":413},{"assetPaths":405,"generatorPatterns":408,"scriptPaths":409,"versionParams":410},[406,407],"\u002Fwp-content\u002Fplugins\u002Fwp-mailto-links\u002Fcore\u002Fincludes\u002Fassets\u002Fjs\u002Fcustom-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-mailto-links\u002Fcore\u002Fincludes\u002Fassets\u002Fcss\u002Fstyle-admin.css",[],[406],[411,412],"wp-mailto-links\u002Fcore\u002Fincludes\u002Fassets\u002Fjs\u002Fcustom-admin.js?ver=","wp-mailto-links\u002Fcore\u002Fincludes\u002Fassets\u002Fcss\u002Fstyle-admin.css?ver=",{"cssClasses":414,"htmlComments":415,"htmlAttributes":416,"restEndpoints":417,"jsGlobals":418,"shortcodeOutput":419},[],[],[],[],[],[]]